Add new attachment

Only authorized users are allowed to upload new attachments.

This page (revision-18) was last changed on 04-Nov-2024 10:14 by Ben Spink

This page was created on 05-Dec-2023 05:32 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 removed 2 lines
Requires CrushFTP version 9.3.1+
At line 5 changed one line
In this limited mode, the TempAccounts and Preview folders need to be moved from the default CrushFTP folder location to a location within the user data root. Then correct the path settings on Preferences->Preview page "Previews Path", respectively on Server Admin->Shares page, "General Settings" menu "Location of temp account file system" field. Otherwise image/document preview thumbnails or shared files can not be retrived. If also the "server.file.strict" flag is set to "true", the CrushFTP service won't even start up for it's in violation of it's own access rules.\\
In this limited mode, the __TempAccounts__ and __Preview__ folders need to be moved from the default CrushFTP folder location to a location within the user data root. Then correct the path settings on Preferences->Preview page "Previews Path", respectively on Server Admin->Shares page, "General Settings" menu "Location of temp account file system" field. Otherwise image/document preview thumbnails or shared files can not be retrieved. If also the __"server.file.strict"__ flag is set to __"true"__, the CrushFTP service won't even start up for it's in violation of it's own access rules.\\
At line 8 changed one line
The server install could be: /C:/CrushFTP9/ , in UNIX-style path notation, regardless of operating system family \\
The server install could be: /C:/CrushFTP11/ , in __UNIX-style__ path notation, regardless of operating system family \\
At line 15 changed 4 lines
file.warn = log an error about the violation, mainly useful for debugging why something got blocked (default=true)\\
file.log = if a separate audit log should be kept with all the error info (default=false)\\
file.strict = if its true, the action is blocked. Otherwise its allowed and just the error info is logged (default=false)\\
security.exec = controls if external processes can be launched from the Preview config or not (default=true)\\
__file.warn__ = log an error about the violation, mainly useful for debugging why something got blocked (default=true)\\
__file.log__ = if a separate audit log should be kept with all the error info (default=false)\\
__file.strict__ = if its true, the action is blocked. Otherwise its allowed and just the error info is logged (default=false)\\
__security.exec__ = controls if external processes can be launched from the Preview config, Execute task, etc (default=true)\\
__security.classloader__ = controls if DB drivers and other classes can be loaded on the fly and not part of the classpath (default=false)\\
__security.stop_start__ = controls if server process can be restarted or stopped (default=true)\\
__security.tunnels_allowed__ = controls if the server allows users configured with a tunnel to utilize them (default=true)\\
At line 22 changed one line
vmarg.2=-Dcrushftp.server.root=C:/CrushFTP9/
vmarg.2=-Dcrushftp.server.root=C:/CrushFTP11/
At line 25 changed 3 lines
vmarg.5=-Dcrushftp.server.file.log=false
vmarg.6=-Dcrushftp.security.exec=true
vmarg.7=-Dcrushftp.server.file.strict=true
vmarg.5=-Dcrushftp.server.file.log=true
vmarg.6=-Dcrushftp.security.exec=false
vmarg.7=-Dcrushftp.security.classloader=false
vmarg.8=-Dcrushftp.security.stop_start=false
vmarg.9=-Dcrushftp.server.file.strict=true
vmarg.10=-Dcrushftp.server.tunnels_allowed=false
At line 30 changed one line
Edit the startup launcher (OSX=CrushFTP.command file in the CrushFTP folder, CrushFTP9.app/Contents/MacOS/CrushFTP.command) (Linux=/var/opt/CrushFTP9/crushftp_init.sh)\\
Edit the startup launcher (OSX=CrushFTP.command file in the CrushFTP folder) (Linux=/var/opt/CrushFTP11/crushftp_init.sh)\\
At line 34 changed one line
-Dcrushftp.server.root=/var/opt/CrushFTP9/ -Dcrushftp.user.root=/home/UserData/ -Dcrushftp.server.file.warn=true -Dcrushftp.server.file.log=false -Dcrushftp.server.file.strict=true -Dcrushftp.security.exec=true -Xmx.........
-Dcrushftp.server.root=/var/opt/CrushFTP11/ -Dcrushftp.user.root=/home/UserData/ -Dcrushftp.server.file.warn=true -Dcrushftp.server.file.log=false -Dcrushftp.server.file.strict=true -Dcrushftp.security.exec=true -Dcrushftp.security.classloader=false -Dcrushftp.security.stop_start=true -Dcrushftp.server.tunnels_allowed=false -Xmx.........
At line 37 changed one line
''In all cases, matching case is important even if the OS filesystem is not case sensitive.''
''Path arguments are __case sensitive__ even if the OS/filesystem is not.''
Applying the crushftp.server.root and crushftp.user.root JVM runtime parameters at least , will have the equivalent results of UNIX chrooting.
\\
!IMPORTANT\\
Before applying the restrictive run time arguments, the __TempAccounts__ and __Preview__ folders need to be moved under the path set for user root. The server __SSL keystore__ file to be moved under the server root. Then the settings updated accordingly.\\
Especially in case of setting the __Dcrushftp.server.file.strict__ flag to __true__, for in case of any kind of misconfiguration in this area, the server process will not start.\\
Version Date Modified Size Author Changes ... Change note
18 04-Nov-2024 10:14 4.284 kB Ben Spink to previous
17 04-Nov-2024 09:43 4.244 kB Ben Spink to previous | to last
16 09-May-2024 01:12 4.068 kB Ben Spink to previous | to last
15 05-Dec-2023 05:32 4.113 kB Ben Spink to previous | to last
14 05-Dec-2023 05:32 3.735 kB Ada Csaba to previous | to last
13 05-Dec-2023 05:32 3.627 kB Ada Csaba to previous | to last
12 05-Dec-2023 05:32 3.548 kB Ada Csaba to previous | to last
11 05-Dec-2023 05:32 3.278 kB Ada Csaba to previous | to last
10 05-Dec-2023 05:32 3.305 kB Ada Csaba to previous | to last
9 05-Dec-2023 05:32 3.3 kB Ada Csaba to previous | to last
8 05-Dec-2023 05:32 3.154 kB Ada Csaba to previous | to last
7 05-Dec-2023 05:32 3.105 kB Ada Csaba to previous | to last
6 05-Dec-2023 05:32 2.699 kB Ben Spink to previous | to last
5 05-Dec-2023 05:32 2.5 kB Ben Spink to previous | to last
4 05-Dec-2023 05:32 2.501 kB Ben Spink to previous | to last
3 05-Dec-2023 05:32 2.252 kB Ben Spink to previous | to last
2 05-Dec-2023 05:32 2.25 kB Ben Spink to previous | to last
1 05-Dec-2023 05:32 1.608 kB Ben Spink to last
« This page (revision-18) was last changed on 04-Nov-2024 10:14 by Ben Spink
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
CrushFTP8New

JSPWiki