LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 10-31-2006, 05:10 AM   #1
DrJon
LQ Newbie
 
Registered: Oct 2006
Location: East Sussex, UK
Distribution: Fedora Core 6
Posts: 13

Rep: Reputation: 0
Question Having a nightmare with Proftpd


Here's the thing: got a nice FC6 box running as a web server, so in order to reduce the load I download anything I need for it from a different box.

I also design websites on a different box.

All I need is for proftd to allow a single user to login (me) from across the LAN to have r/w permissions to /downloads and var/www/html

Do you think I can do it?

Well, as I'm posting here you've probably guessed the answer...

I must be getting thick I reckon: I've read everything I can and I still cannot get the conf to do it.. I created users/groups, I've tried root, my own account and I either get kicked off at the password or when I did get in once as root I couldn't get past the /var/ directory and couldn't upload files to the /downloads one either.

Please, please, somebody give me a pointer before I go completely nuts.

Doc (not completely familiar with Linux...)
 
Old 10-31-2006, 07:15 AM   #2
rylan76
Senior Member
 
Registered: Apr 2004
Location: Potchefstroom, South Africa
Distribution: Fedora 17 - 3.3.4-5.fc17.x86_64
Posts: 1,475

Rep: Reputation: 87
Hmm - since you are working over a LAN (probably located in your home / office in its entirety) and you just want to share folders over the LAN, why use FTP at all? IMHO FTP (either provided by ProFTP or wuftp) is mostly for moving huge files over long distances, where there is a chance of having to resume an upload or a download due to a connection that frequently drops or something. Over a LAN I worked happily for a year, doing exactly what you describe (i. e. access a Linux webserver from my "work" Linux machine, and from Windows development machines) using SAMBA to provide the access. IMHO it is a bit simpler to set up than a FTP server, and for what you seem to want to do I think it will work much better than using FTP...

If you are familiar with Window$'s network neighbourhood, SAMBA is a Linux server program that allows a Linux machine to "become" a Windows machine from the viewpoint of other Windows machines on a LAN, as regards file sharing / shares on its HDD. Don't let the Windows centeredness fool you though, I've used it quite happily to share folders Linux / Linux as well (although NFS might be better for this, I've never tried it)

If you are committed to using FTP to this, take a look at wuftp rather than ProFTP. My ISP uses ProFTP, but they have real experts keeping it going. Wuftp I managed to set up quite easily, with zero effort on the above mentioned linux machine when I had had to do FTP relative work on it a year or two ago (no idea if it doesn't work for you though - mine did what I wanted "out of the box")
 
Old 10-31-2006, 07:35 AM   #3
DrJon
LQ Newbie
 
Registered: Oct 2006
Location: East Sussex, UK
Distribution: Fedora Core 6
Posts: 13

Original Poster
Rep: Reputation: 0
Thanks for that; you have it right - my lan consists of 5 machines in a SOHO (one each dedicated to specific tasks).

I have Samba installed and running but I didn't even consider using that. DOH!

Well, it took some doing, but I at least get connected to the relevant \\xx.xx.xx.xx\download directory. Still have a bit of bother trying to get rid of the 'access denied' message when I try to put a file there though; I guess it must be in the permissions...

However when I try to connect to \\xx.xx.xx.xx\var\www\html Windoze tells me that it is not a valid folder.

I've created both folders as shared in Samba, given r/w & visible permission to everyone, as there's only me here, but still have these probs.

Any help you could offer would be greatly appreciated - I have a whole site waiting to put up


Cheers.

Doc.

Last edited by DrJon; 10-31-2006 at 07:47 AM.
 
Old 11-01-2006, 11:07 AM   #4
rylan76
Senior Member
 
Registered: Apr 2004
Location: Potchefstroom, South Africa
Distribution: Fedora 17 - 3.3.4-5.fc17.x86_64
Posts: 1,475

Rep: Reputation: 87
Quote:
Originally Posted by DrJon
Thanks for that; you have it right - my lan consists of 5 machines in a SOHO (one each dedicated to specific tasks).

I have Samba installed and running but I didn't even consider using that. DOH!

Well, it took some doing, but I at least get connected to the relevant \\xx.xx.xx.xx\download directory. Still have a bit of bother trying to get rid of the 'access denied' message when I try to put a file there though; I guess it must be in the permissions...
Ok, here's my smb.conf file which I use to allow Windows machines to write to mine, without passwords and with no access or writing restrictions. You can easily change it to have your windows machines, for example, write to Apache's htdocs directory if you are doing development. Note that this is not very secure (at all) but it works allright:

[global]

netbios name = stefan
workgroup = GOEDEHOOP10
security = share
log file = /var/log/samba.log
log level = 1
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=16384 SO_SNDBUF=16384
wins support = yes
domain logons = no
logon drive = f:
logon home = \\stefan\%U
os level = 99
preferred master = yes
local master = yes
hosts allow = 169.254.255.10 169.254.255.11 169.254.255.20 169.254.255.30 127.0.0.1 169.254.255.40 169.254.255.50 169.254.255.60 169.254.255.70 169.254.255.80
encrypt passwords = yes
browseable = yes
lanman auth = yes
lm announce = yes

[shared]
path = /mnt/win/shared
guest ok = yes
writeable = yes
create mode = 0666
directory mode = 0777
browseable = yes
public = yes

You can then change /mnt/win/shared to, for example, /usr/local/apache2/htdocs and make sure that htdocs has permission

a+rwx

so anybody (including the samba'ised user) can write to it for testing webpage code etc.

Quote:

However when I try to connect to \\xx.xx.xx.xx\var\www\html Windoze tells me that it is not a valid folder.
Hmm - have you tried other folders? Isn't stuff in the \var folder and subfolders non-persistent stuff?? I would set it up to the default htdocs folder used by apache. (Could be wrong here, I've never done anything in my var folder or subfolders...)

Quote:
I've created both folders as shared in Samba, given r/w & visible permission to everyone, as there's only me here, but still have these probs.
Ok, but try the config I sent you above. It works fine for me for FC 3 with kernel 2.6.14.3 and Samba 3.0.20a to have the listed machines (by IP) have access to my Linux machine's /mnt/win/shared folder.

Quote:
Any help you could offer would be greatly appreciated - I have a whole site waiting to put up
Doc.
Sure thing - let us know how you get on.
 
Old 11-02-2006, 05:49 AM   #5
DrJon
LQ Newbie
 
Registered: Oct 2006
Location: East Sussex, UK
Distribution: Fedora Core 6
Posts: 13

Original Poster
Rep: Reputation: 0
Thumbs up

Wow Rylan/Stefan, what a comprehensive and helpful post

The weird thing is that in the end I cleared out all the files and settings, rebooted the server and started from scratch. Loaded the GUI for samba and added /downloads as a read/write/visible to all share and hey presto, it worked !!

So then I added another share (/var/www/html) and that didnīt

Without any aliasing going on that seems to be the place that apache wants me to put the files for a single site (yep, I do the testing here and then upload everything to a īrealī server).....

So this morning, I went into Webmin and loaded the config file for samba which reads:

Code:
[global]
	netbios name = Samba_Server
	socket options = TCP_NODELAY
	hosts equiv = 10.0.0.13
	default service = Downloads
	workgroup = office
	os level = 20
	security = share
	server string = Samba


[Downloads]
	comment = Downloads
	path = /downloads
	writeable = yes
	browseable = yes
	guest ok = yes


[html]
	comment = websites
	path = /var/www/html
	writeable = yes
	browseable = yes
	guest ok = yes
I discovered that the cursor in edit mode was resting quietly at the very end of the last line. Pressed CR, saved the file, started samba and whadaya know? There we have it.

Iīm sure itīs not very secure (Iīm hoping that the 10.0.0.13 is the only PC which can connect, but I havenīt tried from another PC yet, but thatīs a small issue; if I discover that itīs not I can always create a rule for the firewall I guess), but as I only need to stuff files across occasionally, I can turn it on and off when the need arises.

When I get a moment or two, Iīll backup the config and try your file and see what happens; now I understand a little more of it perhaps I can then build in some security.

Thanks again for your help, itīs been invaluable.

Doc.
 
Old 11-04-2006, 12:36 AM   #6
rylan76
Senior Member
 
Registered: Apr 2004
Location: Potchefstroom, South Africa
Distribution: Fedora 17 - 3.3.4-5.fc17.x86_64
Posts: 1,475

Rep: Reputation: 87
Sure thing Doc. Glad you got it going.

The only weird thing about all this to me personally is the insistance of your installation that webserved files need to reside in a /var somewhere... I've rarely heard of that setup, mine's been working fine for years with me putting the .html to be hosted in /usr/local/apache2/htdocs.

Did you use packages to install Apache, or did you compile it yourself (I can't remember if you've mentioned this yet)? FC3 also has quite a full set of pre-installed apps and programs "out of the box" but I've replaced almost everything I need by hand with newer versions and compiled them myself. You wouldn't believe how much trouble I was having with "stock" stuff supplied with FC3, and all those problems went away when I started compiling the programs I needed (which already existed in FC3, but were wrongly installed or "broken" IMHO) myself and configuring them like I wanted to.

Most applications' default settings are quite "sane" but for some reason RedHat had strange ideas about where their files should reside and what options they were compiled with.

I would really advise anybody to avoid "packages" like .rpm and .deb like the PLAGUE. If you are having the kind of weird problems you had (ok, you did manage to solve yours) try downloading a latest version of the app and compile and install it -yourself-. That way you have total control over how it is set up, and, for example, where it will find its datafiles....

Then again, the location of the htdocs is probably just a setting somewhere in apache.conf...

Anyway, glad to have managed to help you out.

Regards,
 
Old 11-04-2006, 04:50 AM   #7
DrJon
LQ Newbie
 
Registered: Oct 2006
Location: East Sussex, UK
Distribution: Fedora Core 6
Posts: 13

Original Poster
Rep: Reputation: 0
Quote:

The only weird thing about all this to me personally is the insistance of your installation that webserved files need to reside in a /var somewhere... I've rarely heard of that setup, mine's been working fine for years with me putting the .html to be hosted in /usr/local/apache2/htdocs.
Yup, it seemes weird to me too. Everytime I've scouted around for help on various things to do with Apache, almost everything tells me that /usr/local/apache2/htdocs is the relevant directory. I don't have it!!

I downloaded the DVD Iso of FC6, ran the setup, selected the various options and let it do its stuff and that's where it all went!

In relative terms, I guess I'm still a bit of a novice when it comes to Linux, and a friend of mine here pours scorn on me every time I mention setting things up using a gui He inists that I should have a black screen and a cursor - "That's all you need" he reckons....

Thing is, when it gets busy here, I'm just grateful that it works.

Again, thanks for all your help.

Cheers,

Doc
 
Old 03-18-2007, 09:14 AM   #8
catworld
Member
 
Registered: Nov 2004
Location: Horseheads, New York
Distribution: Mandriva 2010.1 / KDE 4.5.2, Slax, Knoppix, Backtrack & etc...
Posts: 198

Rep: Reputation: 36
dm gui on server

Quote:
Originally Posted by DrJon
In relative terms, I guess I'm still a bit of a novice when it comes to Linux, and a friend of mine here pours scorn on me every time I mention setting things up using a gui He inists that I should have a black screen and a cursor - "That's all you need" he reckons...
For any future stumblers upon this thread (such as myself) it is fairly imperative you not run any X server (GUI) on a machine exposed to the internet as a web, ftp or other server. A Linux machine running a display manager (dm) exposed to the wild will end up with a rootkit or two fairly quickly, under normal circumstances. Another thread I searched out this late March ('07) morning had a fellow mentioning his ftp server was being brute-forced by a high school in Korea. A dm is like handing those folks the screwdriver.
 
Old 03-18-2007, 12:48 PM   #9
DrJon
LQ Newbie
 
Registered: Oct 2006
Location: East Sussex, UK
Distribution: Fedora Core 6
Posts: 13

Original Poster
Rep: Reputation: 0
Interesting reply. However, running a hardwar and software firewall as well as SElinux seems to do the trick. Server has been up for months with no sign of any intrusion to date.

Wish I could say the same for the Windoze servers!
 
Old 03-18-2007, 01:24 PM   #10
catworld
Member
 
Registered: Nov 2004
Location: Horseheads, New York
Distribution: Mandriva 2010.1 / KDE 4.5.2, Slax, Knoppix, Backtrack & etc...
Posts: 198

Rep: Reputation: 36
just say no...

Quote:
Originally Posted by DrJon
Interesting reply. However, running a hardwar and software firewall as well as SElinux seems to do the trick. Server has been up for months with no sign of any intrusion to date.

Wish I could say the same for the Windoze servers!
As an experiment I ran an ftp server with a display manager running. It appeared to be up and running fine, but had two rootkits installed in the course of 48 hours. Shutting off the dm didn't fix, as the kits fired another instance right up again when killed.

You should run wireshark or etherape on the network the server is on (wireshark on the server itself, actually) and see what kind of traffic you have. A dead giveaway for a rootkit is outbound traffic to some unknown IP without any inbound requests from same. Mine was hijacked to talk to someone in the Philippines and China. (for about 5 minutes each before I pulled the plug)

Just because there's no obvious loss of expected function doesn't mean everything is copasetic. Not a good way to insure security. I stand by the 'no GUI on a server' idea, though indeed if you're behind such as a smoothwall, and running guarddog, shorewall or etc., on a machine in outer podunkville ISP-wise, you're probably quite safe... unless and until the wrong someone finds you.

BTW I read somewhere the average time to compromise for a Windows machine w/o protection is under 4 minutes. These things are automated, you might say attempted exploits are an integral function of the Internet itself.
 
  


Reply

Tags
samba


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
proftpd: proftpd startup failed tumana Linux - Newbie 14 06-17-2012 11:06 AM
[PROFTPD] Ldap and proftpd authentication wesleywest Linux - Software 1 02-22-2005 09:51 AM
Disabling the chroot in proftpd and enabling root logins on ssh/proftpd jon_k Linux - Software 1 06-16-2004 10:27 AM
proftpd --- need help? could someone post a working proftpd.conf i could look at ZooRoPa Linux - Networking 1 04-02-2003 06:56 PM
ML 8.2 Nightmare! descras Linux - General 2 08-22-2002 04:06 AM


All times are GMT -5. The time now is 07:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration