• Apache
• Changelog
• ChangingToMySqli
• Development
• FAQ
• Installation
• Nephthys
• ProFTPD
• Screenshot

Apache¶

To be exact - the HTTP server project of the Apache Foundation - is a widley used HTTP server. It's licensed by the Apache License and can be extended with modules. For more information see http://httpd.apache.org/

Changelog¶

• Version 1.5
  • bug, quoting of input data works now correct (#113)
  • bug, avoid notice-message in load_translation_table() (#135)
  • feature, make the position of Smarty template cache directories configureable (#134)
  • feature, Debian package can be built now out of the 'debian' branch (#53)
  • feature, modify bucket expiration time via user-management (#112)
  • feature, show bucket-details via HelpBalloon javascript class (#102)

• Version 1.4
  • bug, user-last-logon information gets now updated during login (#91)
  • bug, do not remove bucket from database, if bucket-deletion in
    filesystem failed (#93)
  • bug, use relative font-size instead of fixed (#92)
  • bug, make Exceptions better readable in browser-view (#100)
  • feature, show user-privileges in user-management overview (#94)
  • feature, set default language via user-management (#57)
  • feature, nephthys_watch.php is now quiet per default
    but support verbose-mode via -v command line option (#90)
  • feature, config-option to force auto-created users to update
    their profiles during first login (#87)
  • feature, notify owner when bucket has expired (#96)
  • feature, sort columns (#37)

• Version 1.3
  • feature, russian translation (#2)
    contributed by Alexander Davidenko
  • feature, italian translation (#75)
    contributed by Alberto Vincenzi
  • feature, spanish translation (#77)
    contributed by Juan Pablo
  • feature, dutch translation (#82)
    contributed by Gijs van Gemert
  • feature, fullname for address-book contacts (#50)
  • feature, auto-suggest for multiple receivers (#69)
  • feature, deny user-password-change flag (#71)
  • feature, confirmation dialog is now shown after clicking "notify" (#49)
  • feature, permit input-format "fullname <email-address" as receiver
    address, to be auto-inserted into the address-book (#83)

• Version 1.2
  • feature, new privilege for long-time buckets (#41)
  • feature, support for mutli-language (#1)
  • feature, german translation (#42)
  • feature, expirining date now also showes up in notification email (#48)
  • bug, user fullname is now editable via user-management (#38)
  • bug, used-diskspace now displays the real used diskspace (#40)
  • bug, icons and images are now theme-managed too (#39)
  • bug, GPL banners in Nephthys own PHP files no lead to GPLv3 (#43)
  • bug, german umlauts are now handled correct (#46)
  • bug, also umlauts in notification email are now correct (#52)
  • bug, unprivileged users can now delete their address-book contacts (#54)
  • bug, multiple receipients can now be entered also with whitespaces between (#47)

• Version 1.1
  • feature, internal address book (#18)
  • feature, some usabilitily fixes (#22,#21)
  • feature, config option to hide logout-link (#24)
  • feature, bucket-successfully-created page (#23)
  • feature, show used/free diskspace (#33)
  • bug, fixed some design mistakes (#27)
  • bug, non-auto-created users are now able to update profile (#31)
  • bug, correctly quote SQL queries to avoid syntax errors on special characters (#29)
  • bug, fixed sometimes occuring misbehavior of ajaxtabs
  • bug, cleanup code to avoid PHP notice- and warning messages (#35)
  • bug, check if bucket root directory exists and is writeable (#36)

• Version 1.0
  • first public release

ChangingToMySqli¶

To more protect Nephthys from SQL-injection, the MySQL support switched from ordinary MySQL interface to MySQLi. See php.net for more.

All you need to upgrade is

sudo pear install MDB2 pear/MDB2#mysqli

what will install the necessary Pear-DB drivers.

Development¶

Futher idea's:

• Addressbook - maybe get some info from an LDAP directory? see #104
• Profile details - if server-authentication is enabled and a user has been auto-created, maybe get the rest out of a LDAP directory (fullname, email address), see #103
• keep config in database instead of filling up phpfspot_cfg.php

Create Archive¶

• [done] git archive --format=tar -v --prefix=Nephthys-1.2/ nephthys-1.2 > ../Nephthys-1.2.tar

FAQ - Frequently Asked Questions¶

Q: Should I better use FTP or WebDAV?

A: WebDAV mostly have the advantage, that it does not require any firewall reconfiguration. If you can connect to a webserver on port 80 (HTTP) or port 443 (HTTPs) then you can do WebDAV too (but it may be possible that a firewall/proxy in between filters out the WebDAV commands). On the other hand the most available clients does not support resuming a WebDAV transfer once it get interrupted.

This lead us to FTP - FTP usually requires firewall reconfiguration - the control connection on port 21 + the randomly selected ports for the data connections. The most available FTP clients support resuming up- & downloads if they got interrupted.

Q: How does Nephthys sends emails?

A: Nephthys assumes that there is a local configured mail server. Nephthys itself uses the PHP PEAR package 'Mail' for mailing, which requires a sendmail compatible mail server. The code for mailing can be found in nephthys_buckets.php in the function notify().

Installation¶

This wiki page describes a full Nephthys installation on Debian.

• Installation
• 1. Prepare Debian system
• 2. Prepare database system
• 2.1 MySQL
• 2.2 SQLite
• 3. Install Nephthys
• 4. Apache 2.2 configuration
• 5. proftpd configuration
• 6. Cron-job for deleting expired buckets

The following parameters are used for this example installation:

• Server-Name: share.mydomain.test

• Install directory: /srv/www/share.mydomain.test
  • /srv/www/share.mydomain.test/htdocs/
    - virtual-host document root
  • /srv/www/share.mydomain.test/htdocs/nephthys
    - Nephthys PHP source
  • /srv/www/share.mydomain.test/nirvana/
    - Nirvana directory (see below)
  • /srv/www/share.mydomain.test/transfer/
    - bucket directory
  • /srv/www/share.mydomain.test/db/
    - Directory which will contain the SQLite database (if MySQL is not used)

1. Prepare Debian system¶

• Install the necessary system requirements

sudo aptitude install apache2 libapache2-mod-php5 smarty php-pear
sudo pear install HTML_AJAX
sudo pear install Mail Net_UserAgent_Detect

• If you want to use WebDAV, Apache'es WebDAV module needs to be enabled

sudo a2enmod dav_fs

• As HTML_AJAX is still in beta state, it will probably tell you during install probably to do something like that:

sudo pear install channel://pear.php.net/HTML_AJAX-0.x.x

2. Prepare database system¶

Either choose MySQL or SQLite. The database structure (tables) and initial data are filled automatically on first opening Nephthys.

2.1 MySQL¶

• Install software

sudo aptitude install mysql-server-5.0 mysql-client-5.0 php5-mysql
sudo pear install MDB2 pear/MDB2#mysqli

• Create a database which will be used for Nephthys. For example let us call the database 'db_nephthys':

create database db_nephthys;

• Create a user in the MySQL database which will be used by Nephthys.

grant all on db_nephthys.* to 'nephthys'@'localhost';
set password for 'nephthys'@'localhost' = password('somesecurepassword');
flush privileges;

2.2 SQLite¶

sudo aptitude install sqlite php5-sqlite
sudo pear install MDB2 pear/MDB2#sqlite

3. Install Nephthys¶

1. Create the directory hierarchy:

mkdir /srv/www/share.mydomain.test
cd /srv/www/share.mydomain.test
mkdir htdocs nirvana transfer db
chown -R www-data.www-data htdocs nirvana transfer db

1. Either get a public release or checkout the latest development code in copy all files to /srv/www/share.mydomain.test/htdocs/nephthys. For example here as GIT checkout:

cd /srv/www/share.mydomain.test/htdocs
git clone http://git.netshadow.at/Nephthys.git/ nephthys

2. Prepare Nephthys configuration file

cp nephthys_cfg.php.dist nephthys_cfg.php

3. Open nephthys_cfg.php in your favorite text editor and take a look at all configuration options and their default settings. Espacially the config options regarding local directories ($base_path, $data_path, ...) need to be checked. Also the connection parameters to the MySQL database & position of SQLite database are set here.

If you choose SQLite, set the $sqlite_path to /srv/www/share.mydomain.test/db/nephthys.db. Keep the SQLite always out of the htdocs and transfer directory!

5. Create the following file in the Nirvana directory to automatically redirect users to Nephthys.

echo "<?php Header('Location: /nephthys/'); ?>" > /srv/www/share.mydomain.test/htdocs/index.php

• http://share.mydomain.test/nephthys/
• On the first call, this will automatically create all necessary database tables.

• After login please consider to change the default administrator password immediately!

8. You are done! Have fun with Nephthys!

4. Apache 2.2 configuration¶

The following shows how I configured Apache to support the previously created directory structure of Nephthys. Also in this way it takes care, that you can't get a bucket-list by browsing the "transfer" directory which will be redirected to the nirvana directory.

<VirtualHost share.mydomain.test:80>

   ServerName share.mydomain.test
   ServerAdmin root@mydomain.test

   DocumentRoot /srv/www/share.mydomain.test/htdocs

   # Take care of M$ windows in handling WebDAV
   BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
   BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
   BrowserMatch "Microsoft-WebDAV-MiniRedir/5.1.2600" redirect-carefully
   BrowserMatch "^WebDrive" redirect-carefully
   BrowserMatch "^WebDAVFS" redirect-carefully

   LogLevel warn
   ErrorLog /var/log/apache2/share.mydomain.test_error.log
   CustomLog /var/log/apache2/share.mydomain.test_access.log combined
   ServerSignature On
   IndexOptions Charset=UTF-8

   # some nirvana aliases to avoid directory listing and problems
   # with Microsoft WebDAV handling.
   AliasMatch ^/$ /srv/www/share.mydomain.test/nirvana/
   AliasMatch ^/index.php$ /srv/www/share.mydomain.test/htdocs/index.php
   AliasMatch ^/transfer$ /srv/www/share.mydomain.test/nirvana
   # Alias for bucket directory
   Alias /transfer/ /srv/www/share.mydomain.test/transfer/

   <Directory /srv/www/share.mydomain.test/htdocs>
      Options Indexes FollowSymLinks MultiViews
      AllowOverride None
      Order allow,deny
      allow from all
    </Directory>

   # Nirvana basically permitts DAV but only GET and PROPFIND calls
   <Directory /srv/www/share.mydomain.test/nirvana>
      Dav On
      Options Indexes
      AllowOverride All
      <Limit GET PROPFIND>
         Allow from all
      </Limit>
      <Limit ALL>
         Deny from all
      </Limit>
   </Directory>

   # Fully enable DAV on any item and directory within directory
   <Directory /srv/www/share.mydomain.test/transfer/*>
      Dav On
      Options Indexes
      AllowOverride None
   </Directory>

   # No DAV on the transfer directory itself
   <Directory /srv/www/share.mydomain.test/transfer>
      Options none
      AllowOverride None
   </Directory>

   <Directory /srv/www/share.mydomain.test>
      Options FollowSymLinks
      AllowOverride None
      Allow from all
   </Directory>

   # finally we secure everything else
   <Directory />
      Options FollowSymLinks
      AllowOverride None
      Deny from all 
   </Directory> 

</VirtualHost>

It's also wise to set "ServerTokens" to "Prod" in your main apache configuration file. In this way, Apache does not tell much about itself (version information, loaded modules, ...).

5. proftpd configuration¶

The following shows how I configured proftpd to support the directory structure of Nephthys. Currently a drawback - it's possible to upload files to the / directory. But the directory listing is not possible.

Include                 /etc/proftpd/modules.conf
PidFile                 /var/run/proftpd.pid
ServerType              standalone
ServerIdent             off
UseIPv6                 off

User                    ftp
Group                   nogroup
Port                    21
PassivePorts            49152 65534

ServerName              "share.mydomain.test" 
MaxInstances            20
UseReverseDNS           off
TimeoutNoTransfer       600
TimeoutStalled          600
TimeoutIdle             600
MultilineRFC2228        on
DefaultRoot             /srv/www/share.mydomain.test/transfer
DefaultServer           on
# per default do not allow overwriting files
AllowOverwrite          off
# do not allow .ftpaccess files 
AllowOverride           off
ShowSymlinks            off
AllowForeignAddress     on
DisplayLogin            welcome.msg
DisplayChdir       .message true
ListOptions             "-aln +R" strict
DenyFilter              \*.*/|NLST
RequireValidShell       off
DeferWelcome            off
MaxLoginAttempts        3
AllowStoreRestart       on
AllowRetrieveRestart    on
IdentLookups            off
LogFormat               default  "%h %l %u %t \"%r\" %s %b" 
LogFormat               auth     "%v [%P] %h %t \"%r\" %s" 
LogFormat               write    "%h %l %u %t \"%r\" %s %b" 
TransferLog             /var/log/proftpd/xfer.log
ExtendedLog             /var/log/proftpd/access.log      WRITE,READ write
ExtendedLog             /var/log/proftpd/auth.log        AUTH auth
ExtendedLog             /var/log/proftpd/paranoid.log    ALL default

<Anonymous /srv/www/share.mydomain.test/transfer>
   HideUser                root
   HideNoAccess            on
   User                    www-data
   Group                   www-data
   GroupOwner              www-data
   DirFakeUser             on ftp
   DirFakeGroup            on ftp
   Umask                   022 022

   UserAlias               anonymous www-data
   MaxClients              10
   DisplayLogin            welcome.msg
   DisplayFirstChdir       .message
   AllowOverwrite          off

   #
   # Limits
   #

   # getting the current working directory and
   # change directory is allowed
   <Limit PWD CWD>
      IgnoreHidden      on
      AllowAll
   </Limit>
   # everything else is denied
   <Limit ALL>
      DenyAll
   </Limit>

   # for any object _within_ the ftp root directory
   # listing the directory content is allowed (LIST)
   # as well as getting the current working directory
   # and change directory.
   <Directory /srv/www/share.mydomain.test/transfer/*>
      AllowOverwrite       off
      <Limit PWD CWD LIST>
         IgnoreHidden      on
         AllowAll
      </Limit>
   </Directory>

   # within the bucket directories, everything is allowed
   <Directory /srv/www/share.mydomain.test/transfer/*/*>
      AllowOverwrite       on

      # changing permissions and ownerships is not allowed
      <Limit SITE_CHMOD>
         DenyAll
      </Limit>

      <Limit ALL>
         IgnoreHidden      on
         Allow             from all
      </Limit>
   </Directory>

</Anonymous>

6. Cron-job for deleting expired buckets¶

Nephthys comes with a script which automatically cleans up expired buckets. Create a new file in /etc/cron.d/nephthys

# set mailto to a email address if somebody should be informed which buckets got deleted.
# otherwise set it to "" which will suppress any email message
MAILTO="" 
0 * * * * www-data  php /srv/www/share.bahnforum.info/htdocs/nephthys/nephthys_watch.php

Nephthys¶

• Nephthys
• Features
• Requirements
• Get it!
• Mailing list
• Documentation and Howto's
• How does it work?
• "I want to share some files"
• "Someone wants to share some files with me"
• Further information
• Where does the name "Nephthys" comes from?
• What was the intension to write Nephthys?

Nephthys provides a web-interface to create file-sharing "buckets", through which data can be shared. Nephthys handles the buckets in the local filesystem of the server. Access and data transfer is done by helper protocols like FTP and WebDAV. For this ProFTPD (FTP) and Apache (WebDAV) seems to be perfect for which also configuration examples are available (see Installation). Some screen captures can be found on the Screenshot page.

Nephthys does not handle any authentication mechanism of external applications. The path to the bucket - the directory name is a SHA1 hash - identifies the bucket.

The access mechanism (WebDAV, FTP, ...) needs to be configured so that no directory-listing is possible in the transfer directory. For this example configurations of Apache and ProFTPD can be found on the Installation wiki page. If you for example use a different FTP server which can be secured in a similar way like ProFTPD and want to share your configuration, please post it to the mailing list.

Features¶

• Multi-Language Support
  • English
  • German
  • Russian
  • Italian
  • Spanish
  • Dutch

• Privileges
  • user, manage his own buckets
  • manager, manage all available buckets
  • admin, like manager but handles user management too

• User auto-creation
  • if authentication is done via web-server (ldap, kerberos, ...)

• Theme support
  • create your own design

Requirements¶

• Linux-based operating system
• Apache HTTP webserver (or other which supports PHP5 and WebDAV)
• PHP5
• ProFTPD (or any other suiteable FTP server).
• Database
  • MySQL, >= 5.0
  • SQLite, 2.0

Get it!¶

Get a stable release out of the "Files" section. Or checkout the lasted development code out of the GIT repository via:

git clone http://git.netshadow.at/Nephthys.git/

Mailing list¶

A mailing list is available via nephthys-users@netshadow.at - make sure you subscribed here https://admin.netshadow.at/mailman/listinfo/nephthys-users before send a message to the list.

It is not necessary to register on this project website (aka Redmine) for it. Anyway if you want to apply (to open a new issue for example), please send a request to the mailing list first.

Documentation and Howto's¶

• Installation
• FAQ
• Development
• Changelog

How does it work?¶

Basically there are two modes:

"I want to share some files"¶

A user wants to share some files. He has to upload the files to the bucket and afterwards sends the bucket-url to the receiver.

1. Via Nephthys the user creates a slot on the server by providing a slot name and a expiring date.
2. User will receive an automatically generated email with links to the server, where he can store the files.
3. User can then pass these links to the "other" users who should be able to access the uploaded files (FTP or WebDAV).

"Someone wants to share some files with me"¶

1. Via Nephthys the user creates a slot on the server by providing a slot name, his own email address, the receivers email address, a expiring date and a short note of the purpose of this slot.
2. The "other" users will receive an automatically generated email with links to the server, where they can upload files via FTP or WebDAV. The original sender will get this email in CC.
3. Afterwards they notify the original sender that they files are up and can then download the firewalls from the server.

Further information¶

Where does the name "Nephthys" comes from?¶

An old egypt goddess - see this Wikipedia entry for more: http://en.wikipedia.org/wiki/Nephthys

What was the intension to write Nephthys?¶

Many companies (including the one I'm working for) have problems with their mail system, because users are starting to abuse it as a file sharing tool. They are sending a big amount of data through it and are getting quickly upset if their email with a 178MB attachment gets rejected by the mailserver... :-)

Also this becomes quiet expensive if you have some mail archiving tools and higher-level storage systems for your mailboxes.

Common FTP servers with usernames & passwords are often to difficult for "office" users. Not speaking about handling settings for firewalls, proxy servers, ... . For them WebDAV should be a real alternative.

ProFTPD¶

A GPL-licensed and very configureable FTP server. See http://www.proftpd.org for more information.

Screenshot¶

Nephthys - Start Page - showing bucket-listing¶

Nephthys - Create a bucket¶