Home > Storage > Unity XT > Storage Admin > Dell Unity: NAS Capabilities > FTP and SFTP
Dell Unity NAS servers and file systems also support access for FTP and/or SFTP (SSH File Transfer Protocol). SFTP is more secure since, unlike FTP, it does not transmit usernames and passwords in clear text. FTP and SFTP access are enabled or disabled individually at the NAS server level. Administrators can control the types of user accounts that can access files over FTP or SFTP, such as SMB, UNIX, and/or anonymous users. A home directory restriction option restricts access only to users who have existing home directories on the file system, however a default home directory can also be configured to allow all other users access to the file system when this restriction is applied. FTP and SFTP tracks and records connections and file access for the NAS server. The audit logging settings also allow administrators to define the audit log file directory and the maximum size of audit log files.
For more granular control over access, FTP-enabled NAS servers support defining access control lists in the NAS server Properties page. Access can either be allowed or denied for a user-defined list of users, groups, and hosts to restrict FTP or SFTP access to only the necessary users. However, users, groups, or hosts with restricted access to FTP or SFTP will still be able to access the NAS server and file systems over SMB or NFS as allowed by the ACLs or host access configurations for those protocols. The table below provides a list of FTP and SFTP protocol options.
Protocol options | Default |
Enable FTP | Disabled |
Enable SFTP | Disabled |
Allow SMB Users Access to the FTP/SFTP server | Enabled |
Allow UNIX Users Access to the FTP/SFTP server | Enabled |
Allow anonymous Users Access to the FTP server | Enabled |
Home Directory Restriction | Disabled |
Default Home Directory | / |
Enable FTP/SFTP Auditing | Disabled |
Directory of Audit Files | /.etc/log |
Maximum Size of Audit Files | 512 KB |
FTP access can be authenticated using the same methods as NFS or SMB. Once authentication is complete, access is then considered to be the same as SMB or NFS for security and permissions purposes. The method of authentication that is used depends on the format that is used for the username. If domain@user or domain\user is used, SMB authentication is used. For any other single username format, NFS authentication is used. SMB authentication uses the Windows domain controller while NFS authentication LDAP, NIS, or Local Files.
To use Local Files for FTP access, the passwd file must include an encrypted password for the users. This password is only used for FTP access. The Dell Unity passwd file uses the same format and syntax as a standard UNIX system so that can be leveraged to generate the passwd file. On a UNIX system, use useradd <user> to add a new user and passwd <user> to set the password for that user. Then, copy the hashed password from the /etc/shadow file, add it to the second field in the /etc/passwd file, and upload it to the NAS server.