Home > Storage > PowerStore > Storage Admin > Dell PowerStore: File Capabilities > FTP and SFTP
NAS servers and file systems also support access for FTP and SFTP. SFTP is more secure since, unlike FTP, it does not transmit usernames and passwords in clear text. FTP and SFTP access can be enabled or disabled individually at the NAS server level. Only active mode FTP and SFTP connections are supported.
Administrators can control the types of user accounts that can access files over FTP and SFTP, such as SMB, UNIX, or anonymous users. A home directory restriction option limits access to only the user home directory on the file system. If this option is disabled, a default home directory can be specified. Users that have a home directory that is not defined or accessible are placed in the default home directory instead.
FTP and SFTP can track and record connections and access for the NAS server. The audit logging settings also allow administrators to define the audit log file directory and the maximum size of audit log files.
A welcome message and a message of the day can be displayed when users connect to the FTP or SFTP server. The welcome message is displayed before the client authenticates. The message of the day is only displayed after a client authenticates successfully.
For more granular control over access, FTP and SFTP support defining access control lists. Access can either be allowed or denied for a user-defined list of users, groups, and hosts to restrict FTP or SFTP access to only the necessary users. However, users, groups, or hosts with restricted access to FTP or SFTP can still access the NAS server and file systems over SMB or NFS as allowed by the ACLs or host access configurations for those protocols. Table 5 provides a list of FTP and SFTP protocol options.
Protocol option | Default |
Enable FTP | Disabled |
Enable SFTP | Disabled |
Allow SMB Users Access to the FTP/SFTP server | Enabled |
Allow UNIX Users Access to the FTP/SFTP server | Enabled |
Allow anonymous Users Access to the FTP server | Disabled |
Home Directory Restriction | Enabled |
Default Home Directory | / |
Enable FTP/SFTP Auditing | Disabled |
Directory of Audit Files | /.etc/log |
Maximum Size of Audit Files | 512 KB |
Welcome Message and Message of the Day | Empty |
Access Control List | Empty |
FTP and SFTP access can be authenticated using the same methods as NFS or SMB. Once authentication is complete, access is then considered to be the same as SMB or NFS for security and permissions purposes. The method of authentication that is used depends on the format that is used for the username. If domain@user or domain\user is used, SMB authentication is used. For any other single username format, NFS authentication is used. SMB authentication uses the Windows domain controller while NFS authentication uses the UDS or local files.
To use local files for FTP and SFTP access, the passwd file must include an encrypted password for the user. This password is only used for FTP and SFTP access. The local passwd file uses the same format and syntax as a standard UNIX system, and it can be used to generate the passwd file. On a UNIX system, use useradd <user> to add a new user and passwd <user> to set the password for that user. Then, copy the hashed password from the /etc/shadow file, add it to the second field in the /etc/passwd file, and upload it to the NAS server.