A Flexshare is a flexible and secure collaboration utility which integrates three of the most common methods of accessing files or content:
File Shares (Samba)
It is an extremely powerful and versatile tool that has many uses. The example below (a hypothetical engineering consulting firm Eng-123 and its client OEM-XYZ) describes a Flexshare and a typical working environment.
A Flexshare might be defined on a server owned by Eng-123 after successfully bidding on an engineering project for OEM-XYZ. CAD files (engineering drawings) associated with the project's design are centrally located on the server and should be accessed only by the users included in Eng-12's engineering group. The file-sharing (Samba) Flexshare definition is used to allow restricted access to this directory from the Local Area Network (LAN) or over Virtual Private Network (VPN) tunnels in the event engineers work remotely.
By adding Flexshare's FTPS (secure FTP) access and configured to require a username/password for read-only permission, the project manager of OEM-XYZ can have access to the drawings at any time from anywhere on the Internet. The increase in productivity by allowing real-time access to the CAD drawings keeps the project on track and negates having to e-mail CAD files which are often large and not ideal for e-mail transfers.
Nearing the completion of the project, OEM-XYZ's sales/marketing team make a request to have an assortment of images created from the CAD software's rendering engine from 3D wire-frame. Flexshare's web access, set-up with unrestricted access, gives the sales team the images they need to begin pre-selling - with just a browser and a URL provided.
The above illustrates just one possible use of Flexshares. Much simpler Flexshare's can be created for every-day tasks common to any small business such as hosting and updating a website or creating user-restricted file shares.
If your system does not have this app available, you can install it via the Marketplace.
You will also need to install one or more of the following apps to enable file share functionality:
When you click on the Flexshare configuration page, you will be presented with the Flexshare Overview.
The summary lists the shares you have currently defined, allowing you to quickly view which access methods are enabled in addition to overall flexshare status. You can Edit or Delete each Flexshare using the Action links in the right hand column. Of course, if no Flexshares are defined, the Action links will not be visible.
Creating a New Flexshare
To define a new Flexshare, fill out the Share Name, Description and Group fields. A Flexshare template will be created and at this point the share is disabled and no access is yet defined. The Editing a Flexshare form will be displayed, allowing you to customize the share options and enable access options.
Choose the group the who has access to the flexshare
Third Party App Access
This makes the share readable by other apps
Editing a Flexshare
You can make edits/changes to any defined Flexshare at any time. A newly created Flexshare will have no access points enabled, so you will want to install and configure at least one service (Web, FTP, Filesharing) to take advantage of the share you have created.
To begin editing a Flexshare, you'll need to select which access point you want to modify.
Select the appropriate configuration and use the help sections below to guide you through each type of access point and the options that are available.
Changes will take place immediately upon clicking either the Update or Enable/Disable links for the access point you are configuring.
Windows File Share
Configuring Flexshare's File access (Samba) enables public or authorized users only (or both) to connect via file sharing in order to move files from desktop to the server and vice-versa.
Indicates the current status of the File Access for a Flexshare. Note, even though the File Access point is enabled, the overall Flexshare must also be Enabled in order to work.
The Permissions field determines what type of access group members have to files on the share.
The Windows/CIFS Network Share URL used to access the share. This parameter is locked to the Server Name/Share Name field defined in the basic share configuration.
If you would like to add recycle (trash) bin support to the Flexshare, please enable this feature.
Currently the recycle bin grows indefintely. If you want to prune it regularly, you can add a cron.daily job to do something like “tmpwatch 30d –all -m -q /var/flexshare/shares/*/.trash/” to prune all files over 30 days old
Access to all files can be logged using this feature. This may be a compliance requirement in many jurisdictions.
Audit logging can slow down file transfers and produce large log files. Only enable this if you really want or need it.
Configuring Flexshare's FTP access allows authorized users to use an FTP-client to connect via File Transfer Protocol in order to upload and/or download files to the server. The FTP protocol is still a prominent service today and is particularly useful for handling large files.
One of the downsides of the FTP
protocol is that it uses separate ports to control dataflow and transmit payload data which causes conflicts with firewalls (both server and client side).
For those upgrading from ClearOS 5.x, the default FTP
ports for Flexshares are 21 (FTP
) and 990 (FTPS). Port 2121 is now used to FTP
into home directories.
Indicates the current status of the FTP Access for a Flexshare. Note, even though the FTP Access point is enabled, the overall Flexshare must also be Enabled in order to work. Use the Enabled/Disabled link at the bottom of the form to toggle the status.
The FTP URL (or domain name) used to access the service. This parameter is locked to the Server Name field defined in the FTP Server configuration.
A greeting that is displayed once when a user authenticates and has access to the FTP Flexshare.
All the following options are for information only:
FTP and FTPES Port
Allow Unencrypted FTP
Passive Mode From Port
Passive Mode To Port
Configuring Flexshare's Web access enables anyone (or authorized users only) to use a web-browser to navigate to a website in order to view content, interact with a dynamic web page (for example - a PHP or CGI enabled online store) or download files from an index listing.
The rest of this section will describe the different settings that will modify the behavior of a Web accessible Flexshare.
Indicates the current status of the Web Access for a Flexshare. Note, even though the Web Access point is enabled, the overall Flexshare must also be Enabled.
Server URL/Alternative Server URL
The server name (domain name) that will be used to access this Flexshare. This parameter is locked to the Server Name field defined in the Web Server configuration.
Accessibility allow you to restrict which interfaces incoming requests to the share are allowed from. Setting this field to LAN Only essentially makes your Flexshare accessible from your Intranet only.
Firewall Configuration | If set to All, make sure you have added the appropriate incoming firewall rule if the server is the gateway, or forwarded the appropriate port on your firewall.
If enabled, a user will be prompted with a login dialog pop-up where they can enter their username/password. Before gaining access to the Flexshare, the username/password will be confirmed as a valid account on the server. In addition, the user must belong to the group that has been given access to the share.
Determines the protocol to use - HTTP or HTTPS. If you have enabled authentication, you are advised to enable this feature (use HTTPS) since users will be required to provide their username/passwords to authenticate to the server. Using HTTPS ensures this sensitive data is encrypted.
This does not force your browser to switch from port 80 to port 443. It just enables the website on port 443
You can select which certificate you'd like to use for the web site. You can choose between the ClearOS Default self-signed certificate, any Let's Encrypt certificate or any External Certificate uploaded through the Certificate Manager.
If Show Index is enabled, browsers will display a listing of all files if there is no index page (for example, index.html, index.php etc.). This is normally only desirable if using the Flexshare as a file access service (similar to FTP). If you are running a website, this option should be disabled.
Follow Symlinks / Allow Rewrite
Unless support for symbolic links is required, this feature should be disabled.
Allow Server Side Includes
If you are installing a web application into your Flexshare, check to see if server side includes are required. In most circumstances, this feature is not required.
Allow [.htaccess] Override
If you are installing a web application into your Flexshare, you will likely need to enable this feature.
Similar to the PHP field above, but pertaining to CGI script. CGI script, however, is isolated to the /cgi-bin sub-directory (for example, http://example.com/flexshare/sales/cgi-bin/store).
Enables the execution of PHP script on the server. Any file with a .php/php4/php5 extension will be parsed by the PHP engine rather than by Apache directly.
If you have the PHP Engines app installed from the Marketplace, this is where you choose the version you want for the web site.
Override Default Port
In some cases (for example, an ISP that blocks port 80), you may want to run the server on a non-standard port. In this case, enable this feature and supply a valid port for the web server.
Deleting a Flexshare
Deleting a Flexshare that is currently defined can be done from the Overview page. Click on the Delete link next to the share you wish to delete. A form will be displayed requesting you to confirm your intention to delete the share.
Deleting a Flexshare does not delete the contents, just the Flexshare definition. To delete the files manually, you'll need to delete the relevant folder from /var/flexshare/shares
Use the Disable share function instead of Delete in the event you want to remove share access temporarily but not lose all your configuration settings.
Fixing Permissions on a Flexshare after Transferring Data with Rsync, WinSCP, or SCP as 'root'
Run the following commands from command line; remember to replace '[share_name]' and '[group_name]' with the correct information.
Restore the ownership to flexshare built-in user for [share_name]:
chown -R flexshare /var/flexshare/shares/[share_name]/*
Restore the group name to [group_name] for [share_name]:
chgrp -R [group_name] /var/flexshare/shares/[share_name]/*
Restore permissions so that the group assigned has rights to all files in the [share_name]:
chmod -R g+rwx /var/flexshare/shares/[share_name]/*
Remember to open up appropriate ports on your firewall if your intention is to allow access from outside your network.
Accessing Home Directories via FTP
If access to home directories is desired, please use port 2121 instead of the default FTP ports.