Here's the thing: got a nice FC6 box running as a web server, so in order to reduce the load I download anything I need for it from a different box.

I also design websites on a different box.

All I need is for proftd to allow a single user to login (me) from across the LAN to have r/w permissions to /downloads and var/www/html

Do you think I can do it?

Well, as I'm posting here you've probably guessed the answer...

I must be getting thick I reckon: I've read everything I can and I still cannot get the conf to do it.. I created users/groups, I've tried root, my own account and I either get kicked off at the password or when I did get in once as root I couldn't get past the /var/ directory and couldn't upload files to the /downloads one either.

Please, please, somebody give me a pointer before I go completely nuts.

Doc (not completely familiar with Linux...)

Hmm - since you are working over a LAN (probably located in your home / office in its entirety) and you just want to share folders over the LAN, why use FTP at all? IMHO FTP (either provided by ProFTP or wuftp) is mostly for moving huge files over long distances, where there is a chance of having to resume an upload or a download due to a connection that frequently drops or something. Over a LAN I worked happily for a year, doing exactly what you describe (i. e. access a Linux webserver from my "work" Linux machine, and from Windows development machines) using SAMBA to provide the access. IMHO it is a bit simpler to set up than a FTP server, and for what you seem to want to do I think it will work much better than using FTP...

If you are familiar with Window$'s network neighbourhood, SAMBA is a Linux server program that allows a Linux machine to "become" a Windows machine from the viewpoint of other Windows machines on a LAN, as regards file sharing / shares on its HDD. Don't let the Windows centeredness fool you though, I've used it quite happily to share folders Linux / Linux as well (although NFS might be better for this, I've never tried it)

If you are committed to using FTP to this, take a look at wuftp rather than ProFTP. My ISP uses ProFTP, but they have real experts keeping it going. Wuftp I managed to set up quite easily, with zero effort on the above mentioned linux machine when I had had to do FTP relative work on it a year or two ago (no idea if it doesn't work for you though - mine did what I wanted "out of the box")

Thanks for that; you have it right - my lan consists of 5 machines in a SOHO (one each dedicated to specific tasks).

I have Samba installed and running but I didn't even consider using that. DOH!

Well, it took some doing, but I at least get connected to the relevant \\xx.xx.xx.xx\download directory. Still have a bit of bother trying to get rid of the 'access denied' message when I try to put a file there though; I guess it must be in the permissions...

However when I try to connect to \\xx.xx.xx.xx\var\www\html Windoze tells me that it is not a valid folder.

I've created both folders as shared in Samba, given r/w & visible permission to everyone, as there's only me here, but still have these probs.

Any help you could offer would be greatly appreciated - I have a whole site waiting to put up


Cheers.

Doc.

Ok, here's my smb.conf file which I use to allow Windows machines to write to mine, without passwords and with no access or writing restrictions. You can easily change it to have your windows machines, for example, write to Apache's htdocs directory if you are doing development. Note that this is not very secure (at all) but it works allright:

[global]

netbios name = stefan
workgroup = GOEDEHOOP10
security = share
log file = /var/log/samba.log
log level = 1
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=16384 SO_SNDBUF=16384
wins support = yes
domain logons = no
logon drive = f:
logon home = \\stefan\%U
os level = 99
preferred master = yes
local master = yes
hosts allow = 169.254.255.10 169.254.255.11 169.254.255.20 169.254.255.30 127.0.0.1 169.254.255.40 169.254.255.50 169.254.255.60 169.254.255.70 169.254.255.80
encrypt passwords = yes
browseable = yes
lanman auth = yes
lm announce = yes

[shared]
path = /mnt/win/shared
guest ok = yes
writeable = yes
create mode = 0666
directory mode = 0777
browseable = yes
public = yes

You can then change /mnt/win/shared to, for example, /usr/local/apache2/htdocs and make sure that htdocs has permission

a+rwx

so anybody (including the samba'ised user) can write to it for testing webpage code etc.

Hmm - have you tried other folders? Isn't stuff in the \var folder and subfolders non-persistent stuff?? I would set it up to the default htdocs folder used by apache. (Could be wrong here, I've never done anything in my var folder or subfolders...)

Ok, but try the config I sent you above. It works fine for me for FC 3 with kernel 2.6.14.3 and Samba 3.0.20a to have the listed machines (by IP) have access to my Linux machine's /mnt/win/shared folder.

Sure thing - let us know how you get on.

Wow Rylan/Stefan, what a comprehensive and helpful post

The weird thing is that in the end I cleared out all the files and settings, rebooted the server and started from scratch. Loaded the GUI for samba and added /downloads as a read/write/visible to all share and hey presto, it worked !!

So then I added another share (/var/www/html) and that didn´t

Without any aliasing going on that seems to be the place that apache wants me to put the files for a single site (yep, I do the testing here and then upload everything to a ´real´ server).....

So this morning, I went into Webmin and loaded the config file for samba which reads:

I discovered that the cursor in edit mode was resting quietly at the very end of the last line. Pressed CR, saved the file, started samba and whadaya know? There we have it.

I´m sure it´s not very secure (I´m hoping that the 10.0.0.13 is the only PC which can connect, but I haven´t tried from another PC yet, but that´s a small issue; if I discover that it´s not I can always create a rule for the firewall I guess), but as I only need to stuff files across occasionally, I can turn it on and off when the need arises.

When I get a moment or two, I´ll backup the config and try your file and see what happens; now I understand a little more of it perhaps I can then build in some security.

Thanks again for your help, it´s been invaluable.

Doc.

Sure thing Doc. Glad you got it going.

The only weird thing about all this to me personally is the insistance of your installation that webserved files need to reside in a /var somewhere... I've rarely heard of that setup, mine's been working fine for years with me putting the .html to be hosted in /usr/local/apache2/htdocs.

Did you use packages to install Apache, or did you compile it yourself (I can't remember if you've mentioned this yet)? FC3 also has quite a full set of pre-installed apps and programs "out of the box" but I've replaced almost everything I need by hand with newer versions and compiled them myself. You wouldn't believe how much trouble I was having with "stock" stuff supplied with FC3, and all those problems went away when I started compiling the programs I needed (which already existed in FC3, but were wrongly installed or "broken" IMHO) myself and configuring them like I wanted to.

Most applications' default settings are quite "sane" but for some reason RedHat had strange ideas about where their files should reside and what options they were compiled with.

I would really advise anybody to avoid "packages" like .rpm and .deb like the PLAGUE. If you are having the kind of weird problems you had (ok, you did manage to solve yours) try downloading a latest version of the app and compile and install it -yourself-. That way you have total control over how it is set up, and, for example, where it will find its datafiles....

Then again, the location of the htdocs is probably just a setting somewhere in apache.conf...

Anyway, glad to have managed to help you out.

Regards,

Yup, it seemes weird to me too. Everytime I've scouted around for help on various things to do with Apache, almost everything tells me that /usr/local/apache2/htdocs is the relevant directory. I don't have it!!

I downloaded the DVD Iso of FC6, ran the setup, selected the various options and let it do its stuff and that's where it all went!

In relative terms, I guess I'm still a bit of a novice when it comes to Linux, and a friend of mine here pours scorn on me every time I mention setting things up using a gui He inists that I should have a black screen and a cursor - "That's all you need" he reckons....

Thing is, when it gets busy here, I'm just grateful that it works.

Again, thanks for all your help.

Cheers,

Doc

For any future stumblers upon this thread (such as myself) it is fairly imperative you not run any X server (GUI) on a machine exposed to the internet as a web, ftp or other server. A Linux machine running a display manager (dm) exposed to the wild will end up with a rootkit or two fairly quickly, under normal circumstances. Another thread I searched out this late March ('07) morning had a fellow mentioning his ftp server was being brute-forced by a high school in Korea. A dm is like handing those folks the screwdriver.

Interesting reply. However, running a hardwar and software firewall as well as SElinux seems to do the trick. Server has been up for months with no sign of any intrusion to date.

Wish I could say the same for the Windoze servers!

As an experiment I ran an ftp server with a display manager running. It appeared to be up and running fine, but had two rootkits installed in the course of 48 hours. Shutting off the dm didn't fix, as the kits fired another instance right up again when killed.

You should run wireshark or etherape on the network the server is on (wireshark on the server itself, actually) and see what kind of traffic you have. A dead giveaway for a rootkit is outbound traffic to some unknown IP without any inbound requests from same. Mine was hijacked to talk to someone in the Philippines and China. (for about 5 minutes each before I pulled the plug)

Just because there's no obvious loss of expected function doesn't mean everything is copasetic. Not a good way to insure security. I stand by the 'no GUI on a server' idea, though indeed if you're behind such as a smoothwall, and running guarddog, shorewall or etc., on a machine in outer podunkville ISP-wise, you're probably quite safe... unless and until the wrong someone finds you.

BTW I read somewhere the average time to compromise for a Windows machine w/o protection is under 4 minutes. These things are automated, you might say attempted exploits are an integral function of the Internet itself.