Having a nightmare with Proftpd
Here's the thing: got a nice FC6 box running as a web server, so in order to reduce the load I download anything I need for it from a different box.
I also design websites on a different box. All I need is for proftd to allow a single user to login (me) from across the LAN to have r/w permissions to /downloads and var/www/html Do you think I can do it? Well, as I'm posting here you've probably guessed the answer... I must be getting thick I reckon: I've read everything I can and I still cannot get the conf to do it.. I created users/groups, I've tried root, my own account and I either get kicked off at the password or when I did get in once as root I couldn't get past the /var/ directory and couldn't upload files to the /downloads one either. Please, please, somebody give me a pointer before I go completely nuts. :cry: Doc (not completely familiar with Linux...) |
Hmm - since you are working over a LAN (probably located in your home / office in its entirety) and you just want to share folders over the LAN, why use FTP at all? IMHO FTP (either provided by ProFTP or wuftp) is mostly for moving huge files over long distances, where there is a chance of having to resume an upload or a download due to a connection that frequently drops or something. Over a LAN I worked happily for a year, doing exactly what you describe (i. e. access a Linux webserver from my "work" Linux machine, and from Windows development machines) using SAMBA to provide the access. IMHO it is a bit simpler to set up than a FTP server, and for what you seem to want to do I think it will work much better than using FTP...
If you are familiar with Window$'s network neighbourhood, SAMBA is a Linux server program that allows a Linux machine to "become" a Windows machine from the viewpoint of other Windows machines on a LAN, as regards file sharing / shares on its HDD. Don't let the Windows centeredness fool you though, I've used it quite happily to share folders Linux / Linux as well (although NFS might be better for this, I've never tried it) If you are committed to using FTP to this, take a look at wuftp rather than ProFTP. My ISP uses ProFTP, but they have real experts keeping it going. Wuftp I managed to set up quite easily, with zero effort on the above mentioned linux machine when I had had to do FTP relative work on it a year or two ago (no idea if it doesn't work for you though - mine did what I wanted "out of the box") |
Thanks for that; you have it right - my lan consists of 5 machines in a SOHO (one each dedicated to specific tasks).
I have Samba installed and running but I didn't even consider using that. DOH! Well, it took some doing, but I at least get connected to the relevant \\xx.xx.xx.xx\download directory. Still have a bit of bother trying to get rid of the 'access denied' message when I try to put a file there though; I guess it must be in the permissions... However when I try to connect to \\xx.xx.xx.xx\var\www\html Windoze tells me that it is not a valid folder. I've created both folders as shared in Samba, given r/w & visible permission to everyone, as there's only me here, but still have these probs. Any help you could offer would be greatly appreciated - I have a whole site waiting to put up :( Cheers. Doc. |
Quote:
[global] netbios name = stefan workgroup = GOEDEHOOP10 security = share log file = /var/log/samba.log log level = 1 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=16384 SO_SNDBUF=16384 wins support = yes domain logons = no logon drive = f: logon home = \\stefan\%U os level = 99 preferred master = yes local master = yes hosts allow = 169.254.255.10 169.254.255.11 169.254.255.20 169.254.255.30 127.0.0.1 169.254.255.40 169.254.255.50 169.254.255.60 169.254.255.70 169.254.255.80 encrypt passwords = yes browseable = yes lanman auth = yes lm announce = yes [shared] path = /mnt/win/shared guest ok = yes writeable = yes create mode = 0666 directory mode = 0777 browseable = yes public = yes You can then change /mnt/win/shared to, for example, /usr/local/apache2/htdocs and make sure that htdocs has permission a+rwx so anybody (including the samba'ised user) can write to it for testing webpage code etc. Quote:
Quote:
Quote:
|
Wow Rylan/Stefan, what a comprehensive and helpful post :)
The weird thing is that in the end I cleared out all the files and settings, rebooted the server and started from scratch. Loaded the GUI for samba and added /downloads as a read/write/visible to all share and hey presto, it worked !! So then I added another share (/var/www/html) and that didnīt :( Without any aliasing going on that seems to be the place that apache wants me to put the files for a single site (yep, I do the testing here and then upload everything to a īrealī server)..... So this morning, I went into Webmin and loaded the config file for samba which reads: Code:
Iīm sure itīs not very secure (Iīm hoping that the 10.0.0.13 is the only PC which can connect, but I havenīt tried from another PC yet, but thatīs a small issue; if I discover that itīs not I can always create a rule for the firewall I guess), but as I only need to stuff files across occasionally, I can turn it on and off when the need arises. When I get a moment or two, Iīll backup the config and try your file and see what happens; now I understand a little more of it perhaps I can then build in some security. Thanks again for your help, itīs been invaluable. Doc. |
Sure thing Doc. Glad you got it going.
The only weird thing about all this to me personally is the insistance of your installation that webserved files need to reside in a /var somewhere... I've rarely heard of that setup, mine's been working fine for years with me putting the .html to be hosted in /usr/local/apache2/htdocs. Did you use packages to install Apache, or did you compile it yourself (I can't remember if you've mentioned this yet)? FC3 also has quite a full set of pre-installed apps and programs "out of the box" but I've replaced almost everything I need by hand with newer versions and compiled them myself. You wouldn't believe how much trouble I was having with "stock" stuff supplied with FC3, and all those problems went away when I started compiling the programs I needed (which already existed in FC3, but were wrongly installed or "broken" IMHO) myself and configuring them like I wanted to. Most applications' default settings are quite "sane" but for some reason RedHat had strange ideas about where their files should reside and what options they were compiled with. I would really advise anybody to avoid "packages" like .rpm and .deb like the PLAGUE. If you are having the kind of weird problems you had (ok, you did manage to solve yours) try downloading a latest version of the app and compile and install it -yourself-. That way you have total control over how it is set up, and, for example, where it will find its datafiles.... Then again, the location of the htdocs is probably just a setting somewhere in apache.conf... Anyway, glad to have managed to help you out. Regards, |
Quote:
I downloaded the DVD Iso of FC6, ran the setup, selected the various options and let it do its stuff and that's where it all went! In relative terms, I guess I'm still a bit of a novice when it comes to Linux, and a friend of mine here pours scorn on me every time I mention setting things up using a gui :) He inists that I should have a black screen and a cursor - "That's all you need" he reckons.... Thing is, when it gets busy here, I'm just grateful that it works. Again, thanks for all your help. Cheers, Doc |
dm gui on server
Quote:
|
Interesting reply. However, running a hardwar and software firewall as well as SElinux seems to do the trick. Server has been up for months with no sign of any intrusion to date.
Wish I could say the same for the Windoze servers! |
just say no...
Quote:
You should run wireshark or etherape on the network the server is on (wireshark on the server itself, actually) and see what kind of traffic you have. A dead giveaway for a rootkit is outbound traffic to some unknown IP without any inbound requests from same. Mine was hijacked to talk to someone in the Philippines and China. (for about 5 minutes each before I pulled the plug) Just because there's no obvious loss of expected function doesn't mean everything is copasetic. Not a good way to insure security. I stand by the 'no GUI on a server' idea, though indeed if you're behind such as a smoothwall, and running guarddog, shorewall or etc., on a machine in outer podunkville ISP-wise, you're probably quite safe... unless and until the wrong someone finds you. BTW I read somewhere the average time to compromise for a Windows machine w/o protection is under 4 minutes. These things are automated, you might say attempted exploits are an integral function of the Internet itself. |
All times are GMT -5. The time now is 07:26 AM. |