TWiki> Webmin Web>FileManager (09 Apr 2007, JamieCameron)EditAttach

Webmin's File Manager

On this page the File Manager module is documented, and its features such as copying and pasting, ACL and EXT attribute editing, and file sharing are explained.

The File Manager module

Under the Others category in Webmin is a module that is quite different from any of the others. Instead of configuring some server or service, it allows the user to view and manipulate files on the server through a Java applet file manager. The user interface is similar to the old Windows explorer - on the left is a tree of directories, and on the right is a list of files in the current directory. At the top is a row of buttons on a toolbar that are used for carrying out various operations on selected files. This screenshot shows an example :


The File Manager module

Unlike other modules, this one only has a single page which is taken up entirely with the Java applet. To return to Webmin's main menu, you have to click on the Index arrow in the top-left corner. Naturally, if your browser does not support Java then the applet cannot be used.

The File Manager module's user interface is almost exactly the same on all versions of Unix. The only differences are that some of the EXT, ACL and Attr buttons (described in the*Editing attributed and ACLs* section) may not exist on some operating systems. This is because the filesystems on those Unix variants do not support the extended attributes that the buttons allow you to configure.

Navigating directories and viewing files

When you first load the file manager, the right-hand pane will display the contents of the root directory on your system. To enter another directory, just double-click on it in the list. To go back up a directory, double-click the .. link at the top the current directory's listing.

You can also view the contents of a directory by clicking on it in the tree in the left-hand pane. Double-clicking will open the directory in the tree, causing any subdirectories under it to appear. Double-clicking again will close it. Whenever you enter a directory using the right-hand pane, it will be opened in the tree on the left as well. Similarly, when the .. link is double-clicked to go back to the parent, the old directory will be closed in the tree.

It is also possible to jump to any directory on your system by entering its path into the text field above the right-hand directory listing. Assuming that it actually exists, Webmin will open all parent directories in the tree and displays its contents in the list on the right.

To speed up the user interface, the file manager caches the contents of all directories that you view using it. This means that if a file is created, modified or deleted on the server, it will not be reflected in the directory listing until you click the Refresh button on the toolbar.

The contents of any file on your system can be displayed by double-clicking on it in the list in the right-hand pane. A separate browser window will be opened, and the contents of the file displayed within by your browser. Thus, any file type that the browser supports can be viewed using the file manager.

If you want to download a file from your Webmin system to the host that your browser is running on, hold down shift while double-clicking on it instead. The browser should prompt you to save the file instead of opening a window to display its contents. You can also force a download by selecting a file from the right-hand pane and clicking the Save button on the toolbar at the top of the file manager window.

Manipulating files

The File Manager module allows you to rename, move and copy files in the just the same way that any other file manager would. To select the file that you want to manipulate, just click on it in the right-hand pane. To select multiple files, hold down the control key while clicking, or hold down shift to select an entire range.

To move files to a different directory, select one or more and click the Cut button on the toolbar. Then navigate to the destination and click the Paste button. If a file with the same name already exists, Webmin will prompt you to rename the pasted file to avoid the clash. If you choose not to rename, the file in the destination directory with the same name will be overwritten.

To copy files, select them in the right-hand pane and click the Copy button. Then go to the directory that you want them to be copied to, and click Paste. As when moving files, you will be prompted to rename any that clash with files that already existing in the destination directory. Multiple copies of a file can be made by pasting in different directories. To create a copy of a file in the same directory, just select it and hit Copy and Paste, and enter a new filename.

You can delete one or more files and directories by selecting them and clicking the Delete button on the toolbar. Before they are actually removed, a confirmation window listing all chosen files will be displayed. When the Delete button in the window is clicked, all chosen files, directories and their contents will be permanently deleted.

A single file can be renamed by selecting it in the right-hand pane and clicking the Rename button on the toolbar. This will bring up a window containing the current filename and a text box for entering a new name. If the new name is the same as an existing file in the same directory, it will be overwritten when the Rename button in the window is hit.

Creating and editing files

The File Manager module offers two methods for creating new files - you can either create a text file from scratch, or upload data from the host that your web browser is running on. To create a new empty text file, click on the New document button on the toolbar to the right of the Delete button. This will bring up a window in which you can enter the full path to the file and its contents. When you are done editing, click the Save button at the bottom of the file creation window.

To upload a file from the PC your browser is running on, click the Upload button on the toolbar. This will open a small browser window with two fields. The File to upload field is for selecting a file on your PC, while the Upload to directory field is for entering the directory that the file will be uploaded to. When both fields have been filled in, click the Upload button to have the file sent to your Webmin server. Once the upload is complete, the directory list will be updated to show the new file.

Because many people run their web browsers on the Windows operating system which uses a different text file format to Unix, there is an option in the upload window to convert the uploaded file to the correct format. This Convert DOS newlines? Field should only be set to when uploading Yes a text file from a Windows system. Enabling it when uploading binary files will cause them to be corrupted.

The file manager can also be used to edit existing text files on your system. To do this, select a file in the right-hand pane and click the Edit button on the toolbar. A window showing its current contents will be displayed, allowing you to edit the file as you wish. When done, click the Save button to have it written back to the server. Do not attempt to edit and save non-text files, as their contents will be corrupted.

Any existing file can be renamed simply by selecting it in the right-hand pane and clicking the Rename button on the toolbar. This will bring up a window displaying the current filename and prompting for a new one. Click the Rename button in the window after entering a new name to have it changed.

Editing file permissions

Each file or directory on a Unix filesystems is owned by a single user and group, and have a set of permissions that determines who can access it. Normally these are changed by the chown and chmod commands, but you can edit them in the file manager as well. To do this, select a single file from the right-hand pane and click the Info button on the toolbar. This will bring up the permissions window shown below :


The file permissions window

The File section of the window displays its full path, size, type and last modification date. The Permissions section contains checkboxes that control which users can read, write and execute the file. These are the same permissions that you can change at the command line with the chmod command. As they are selected and de-selected, the octal permissions that would normally be used with chmod are shown in the Octal field below.

To change the file's owners, enter new user and group names or IDs into the User and Group fields in the Ownership section of the window. For executables, you can also control which user the program runs as using the Execute as user and *Execute as group* fields. Because these options correspond to chmod permissions, changing them will update to Octal field as well.

When editing a directory, the checkboxes available are slightly different. The execute permission is replaced with list, an Only owners can edit files box is added, and the Execute as checkboxes are replaced with Files inherit group. These all correspond to standard Unix file permissions that any system administrator should already be familiar with.

If changing the permissions and ownership of a directory, you can also choose to change those of any subdirectories and files that it contains. The Apply changes to menu determines which files and directories the permissions are applied to, and has three options :

  • This directory only The ownership and permissions chosen will be set on the selected directory only.

  • This directory and its files The ownership and permissions will be set on the chosen directory and all files that it contains. Subdirectories and their files will not be effected.

* This directory and all subdirectories Ownership and permissions will be set on the chosen directory and all files and subdirectories that it contains.

If the file that was selected when the Info button was clicked is actually a symbolic link, the window will contain an additional Link to field that can be changed if you want to edit the link destination. Changing the permission and ownership fields is pointless, as they cannot be edited for symbolic links on Unix systems.

Creating links and directories

The file manager can be used to create a new symbolic link in the current directory by following these simple steps :

  1. Navigate to the directory that you want the link to be created in, and click the New link button on the toolbar.
  2. In the window that appears, enter the path of the new link file in the Link from field.
  3. Enter the path to an existing file or directory that you want the link to point to into the Link to field.
  4. Click the Create button to have it created on the server and added to the directory listing.

New directories can also be created using these steps :

  1. Navigate to the directory that you want the new sub-directory to be under, and click the New directory button on the toolbar.
  2. Enter the full path to the directory into the New directory field.
  3. Hit the Create button to have it created.

Finding files

The file manager can be used to search for files or directories on your system that match certain criteria. This can be useful if you know the name of a file but not the directory it is located in, or if you want to find files owned by some user or larger than some size. To search for files, the steps to follow are :

  1. Click on the Find icon on the toolbar, which will bring up a search window.
  2. In the Search directory field, enter the directory that the files you are looking for are under. To search the entire system, just enter /. However, this may take a long time on a server with large filesystems.
  3. To search by filename, enter a pattern into the For files matching field. This can be something like *.txt or foo?.c. If the field is left blank, filenames will not be included in the search criteria.
  4. To find only files owned by a particular user, enter the username or ID into the Owned by user field.
  5. Similar, to find files owned by group, enter its name or ID into the Owned by group field.
  6. To limit the search to normal files, directories or some other type of file, select it from the File type field.
  7. If you want to find files larger than some size, change the File size field to More than and enter the minimum size in bytes into the adjacent field. To find those smaller than some size, select Less than and enter the maximum size into the field next to it.
  8. To prevent filesystems mounted under the search directory from being checked, change the Search past mounts option to No. This can be useful if you want to avoid searching NFS filesystems, which can be much slower than those mounted from local disks.
  9. Finally, click the Search Now button. When the search is complete, all files and directories that match all of the chosen criteria will be displayed under the Search results tab in the window. You can double-click on one to have the file manager automatically navigate to the directory that contains it, and select it in the right-hand pane. To do another search, click back on the Search criteria tab and follow the steps above again.

In the background, the file manager's search function uses the Unix find command to locate files matching the criteria that you enter. All of the available options correspond to command-line options to find, such as -name, -user and -group.

Editing EXT file attributes

Several Unix filesystem types support special attributes on files beyond those that can be set with the normal chmod and chown commands. On Linux ext2 and ext3 filesystems, each file has several special options that are normal set with the chattr command. Assuming your system has at least one filesystem of this type, you can change the EXT attributes for files that it contains by following these steps :

  1. Select the file that you want to modify in the right-hand pane, and click the EXT button on the toolbar. This will bring up a window showing attributes that are currently set, assuming that the file is on an ext2 or ext3 filesystem.
  2. To stop the file's last access time being updated very time it is read, turn on the Do not update access times option. This can prevent a lot of useless disk writes on files that are read frequently.
  3. To stop processes modifying the contents of a file, check the Can only append to file option. This is useful for logfiles that you want to save from truncation or overwriting.
  4. To have the kernel automatically and transparently compress the contents of a file, turn on the *Compress data on disk *option. This will only have an effect if your kernel supports transparent file compression.
  5. To stop a file being read by the dump backup command (explained in chapter 14), turn on the Do not backup with dump option.
  6. To prevent a file from being modified or deleted, check the Do not allow modification option.
  7. To have the kernel overwrite the disk blocks containing the file when it is deleted, turn on the Zero blocks when deleting attribute.
  8. To force any writes to the file to be written to disk immediately, turn on the Always sync after writing option. Normally, the kernel buffers data for writing to disk when it is most convenient.
  9. To have the kernel save the contents of the file when it is deleted, turn on the Save contents for undeletion option.
  10. Finally, click the Save button to have your changes applied to the file.

Because all the above attributes can be changed at the shell prompt using the chattr command, making a file unchangeable or setting it to append-only mode does not provide any protection against someone who has root access to your system.

Editing XFS file attributes

On xfs filesystems on Linux and Irix, files have totally different kinds of attributes. Every file or directory can have an unlimited number, each of which is simply a mapping between a text name and value. Normally, the attr command is used for editing attributes, but the file manager can be used as well by following these steps :

  1. Select the file that you want to modify in the right-hand pane, and click the *Attrs *button on the toolbar. This will bring up a window listing existing attributes, unless the filesystem that the file is on does not support them.
  2. To create a new attribute, click the Add Attribute button at the bottom of the window. This will open another window for entering its name and value, which can contain several lines.
  3. Click the Save button in the new attribute window to add it to the list.
  4. To edit any existing attribute, just double-click on it. This will bring up a window like the one used for creating a new attribute, but with an additional Delete button.
  5. When you are done creating and editing attributes for the file, click the Save button below the list. Only then will they be actually applied to the file on the server.

Generally, attributes are used for storing meta-information about files, such as a description, character set or icon. See the man page for the attr command for more information on what attributes can be used for.

Editing file ACLs

Standard Unix file permissions and ownership are a simple way of controlling who can access a file, but are not very flexible. A superior alternative that is available on many operating systems is POSIX ACLs. POSIX is a set of standards that applies to many Unix systems, and ACL stands for Access Control List. By setting up an ACL for a file, you can grant permissions to additional users or groups in addition to the normal owner and group. When editing the ACL for a directory, defaults for newly created files in that directory can be set as well.

The xfs filesystem type on Irix and Linux includes ACL support, as do ufs filesystems on Solaris. If you have the right kernel patches installed, ext2 and ext3 filesystems on Linux can support ACLs as well. Fortunately, they are implemented in an almost identical way on all operating systems, such the user interface in Webmin for editing them is the same.

An access control list contains at least four entries, each of which grants some permissions to a user or group. The permissions granted by each entry are the same as those set by the chmod command - read, write and execute/list. The default ACL for a file contains entries for its owner user, owner group and other Unix users. These are exactly the same as the permissions granted to user, group and others by chmod and the Info window in the file manager.

One special entry that appears in all ACLs is the mask, which defines the maximum permissions that can be granted to the group owner and to any other users except the file's owner. Because the mask limits the permissions that can be granted by other entries, you will often need to change it to achieve the desired effect from your ACL. Exactly one mask entry must exist in every ACL.

The most commonly used ACL entry is one that that grants permissions to a Unix user other than the owner. Similarly, entries that grant permissions to another group can also be defined. There is no limit on the number of such entries that can be created.

The ACL for a directory can include several special default entries, which determine the initial ACL of any file created in the directory. Default user, group and mask entries can be created, and the default user and group can apply to either a specific user or the owner of the file. On most operating systems, if you create any defaults you must create at least entries for the default user owner, default group owner and default mask.

At the shell prompt, the commands getfacl and setfacl are used on Linux and Solaris to view and change ACLs, respectively. On Irix, the ls -D command is used to display ACLs and the chacl command to set them. Webmin will call these commands on the server whenever the file manager is used to view or change the ACL of a file.

To edit the ACL for a file or directory, do the following :

  1. Select the file from the list in the file manager's right-hand pane, and click the ACL button on the toolbar. This will bring up a window listing all existing ACL entries, as shown in the image below.
  2. To add a new entry, select its type from the menu next to the Add ACL of type button before clicking it. This will bring up another window for entering the user or group that the entry applies to, and the permissions that they are granted. An ACL can only have one mask or default mask entry, so if either is chosen when
  3. For user or group ACL entries, you must fill in the Apply to field with the name of the user or group that the permissions are being granted to. For default user or default group entries, the Apply to field can be set to the File owner option, or enter the name of a user or group. In the former case, the permissions will apply to the owner or group of any new file created in the directory. In the latter, they will be granted to the entered user or group. For mask ACL entries, there is no field for choosing who they apply to.
  4. In the Permissions field, check those permissions that you want granted to the user or group. These have the same meaning as those set by the chmod command on in the window described in the File permissions section.
  5. Click the Save button to have the new ACL entry added the list in the ACL window. It will not be saved to the server yet though.
  6. To edit an existing ACL entry, just double-click on its row in the list. You can change the user or group that it applies to (if any) and the permissions, but not the type. Click the Save button to keep your changes, or the Delete button to remove the entry from the list. Not all types of ACL entry can be deleted though - only those that grant permissions to a specific user or group, or the various default types for a directory.
  7. Finally, click the Save button at the bottom of the ACL window to have the ACL applied to the file on the server. Because not all combinations of entries are valid on all operating systems, an error message may be displayed if your ACL is incorrect in some way. If this happens, either fix the problem or use the Cancel button to discard your changes.


The ACL window

Sharing directories

If you have Samba installed on your system (covered in SambaWindowsFileSharing), it is possible to use the file manage to share directories to Windows clients. In addition, if you are running Linux or Solaris the file manager can be used to export directories via NFS (as explained in NFSExports). When sharing directories, the file manager has very few options compared to the modules designed specifically for the purposes of configuring Samba and NFS. However, it does provide a much simpler user interface.

Assuming the Samba is installed and working on your system, to share a directory to Windows clients, the steps to follow are :

  1. Select the directory that you want to share in the right-hand pane and click the Sharing button on the toolbar. This will bring up a window with two tabs, labeled Windows and NFS.
  2. Under the first tab, turn on the Windows file sharing enabled option.
  3. Enter a short description for this directory into the Comment field.
  4. Unless you want the share to be temporarily disabled, make sure the Currently active? field is set to Yes.
  5. To stop clients writing to the directory, change the Writable field to No. Otherwise, leave it set to Yes.
  6. To allow clients to access this share without needing to login, set the Guest option to Yes. If you set it to Only, clients will be treated as guests for the share even if they do login to the server. However if you select No, clients will not be able to access it at all without logging in.
  7. Click the Save button to make your new share active. On the server, an entry will be added to the Samba configuration file automatically. From now on, when the directory appears in the file manager its icon will have the letter S on it, to indicate that it is shared.

In the same way, directories that are already shared via Samba can be modified using the file manager. Any options that have been set in Webmin or manually will not be effected by editing the share in this module, even though only a few of them are visible under the Windows tab. To turn off the sharing of a directory to Windows clients, just select the Windows file sharing disabled option and hit Save. This will cause the entire share to be deleted from the Samba configuration, including all options.

If you are running Linux and the NFS server software is installed on your system, you can export a directory to Unix clients by following these steps :

  1. Select the directory that you want to share in the right-hand pane and click the Sharing button on the toolbar. In the window that appears, select the NFS tab.
  2. Turn on the NFS file sharing enabled option.
  3. The NFS export options section contains a table of hosts to which the directory is shared, and the options that apply to those hosts. When setting up sharing for the first time only one empty row is available, so if you want to add multiple rows you must save the export and re-edit it. In the field under the Hosts column, enter the hostname, IP address or netgroup that you want the directory to be exported to. From the menus under the Options column, you can control whether clients are allowed to write to the directory, and how client Unix users are treated by the server. Chapter 6 explains the meanings of these menu options in more detail.
  4. Click the Save button to have the export settings written back to the server and the NFS server automatically re-started. Allowed Unix clients will be able to access the directory immediately.
  5. To add another host to the directory, click on the Sharing button on the toolbar again and repeat steps 3 to 5.

On Solaris, the steps for sharing a directory via NFS are not quite the same due to the different options that are available on that operating systems :

  1. Select the directory that you want to share in the right-hand pane and click the Sharing button on the toolbar. In the window that appears, select the NFS tab.
  2. Turn on the NFS file sharing enabled option.
  3. Enter a short description for this export into the Description field, if you like.
  4. To give some hosts read-only access to the directory, change the Read-only hosts field to Listed and enter their hostnames, IP addresses or netgroups into the field below, separated by spaces. You can specify an entire network by preceding it with an @, such as @192.168.1. To give all hosts read-only access, select the All option instead. This means that any system which can connect to yours over the network will be able to mount the directory and read files that it contains.
  5. To give hosts read-write access to the directory, change the Read-write hosts field to Listed and enter their hostnames, IP addresses, netgroups or networks into the field below it. If you select All, any system that can connect to yours will be able to read and write files in the directory, which is probably a bad idea from a security point of view.
  6. By default, even those hosts that have read or write access will not be able to access files as the root user. To grant this to some hosts, change the Root access hosts field to Listed and enter their hostnames, addresses, netgroups or networks into the field below. See chapter 6 for more details on what root access means in relation to NFS.
  7. Finally, click the Save button to have your new NFS export saved and made active.

On both Linux and Solaris, once a directory is shared via NFS its icon in the file manager's right-hand pane will be marked with the letter S. Directories that have been shared manually or by Webmin's NFS module will also be similarly indicated, and you can edit their settings by selecting them and hitting the Sharing button. Any NFS options that are not configurable in the file manager will be unaffected.

In the sharing window, you can turn off the NFS exporting of a directory by selecting the NFS file sharing disabled option and clicking the Save. All entries in the NFS configuration file for the directory will be deleted, and the NFS server re-started to make the changes immediately active.

Module access control

Like other modules, the file manager can be configured in the Webmin Users module (covered in chapter 52) to restrict the access that a user has to it. Specifically, you can limit a Webmin user to particular directories and allow him to access files with the rights of a non-root Unix user. The directory limitation feature is particularly powerful, as a user can be give root access within that directory but by prevented from seeing or touching any files outside of it.

Once you have created a Webmin user with access to the module, the steps to follow to restrict his access to it are :

  1. In the Webmin Users module, click on File Manager next to the name of the user or group that you want to edit access control restrictions for.
  2. To change the Unix user that files are accessed as, enter a new name into the Access files on server as field. Alternatively, you can select the Same as Webmin login option, in which case the Webmin user will the same privileges as the Unix user with the same name. Anyone who uses the module will non-root privileges will not be able to use the its file sharing features, as this would open up a large security hole. Similarly, Webmin users who do not have access to the Samba or NFS modules will not be able to configure file sharing.
  3. The Umask for new files field controls the permissions that are set on newly created files and directories. It contains an octal number which is the binary inverse of the number used in the chmod command to set permissions. So for example, a umask of 022 would give new files 755 permissions, while a umask of 077 would give them permissions of 700.
  4. To prevent the user creating or editing symbolic links and to force all links to appear as the file that they are linked to, change the Always follow symlink? field to Yes. This should be done when restricting a user to a directory, so that he cannot create links to files outside of the directory and then edit or view them in the file manager.
  5. To stop the Webmin user editing or changing any files, set the Read-only mode? field to Yes.
  6. To restrict him to only certain directories, enter them into the Only allow access to directories text box. By default this field contains on the root directory /, which you must remove if the restrictions are to make any sense. When the user opens the file manager, it will appear as though directories other than those that have been allowed do not exist. However, the full path to each directory will still be visible. To automatically include the home directory of the Unix user with the same name, check the Include home directory of Webmin user option. To have the file manager navigate to the first accessible directory automatically, leave the Open first allowed directory? option checked.
  7. Finally, click the Save button to have the new restrictions activated.

If you want to give a large number of users access to the file manager, it may be better to install Usermin (covered in UserminConfiguration) instead. It includes an identical file manager that always runs as the Unix user logged into Usermin, and can be restricted to the user's home directory.

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r2 < r1 | More topic actions
Topic revision: r2 - 09 Apr 2007 - 23:03:44 - JamieCameron
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback