I have tried to configure an ftp server on one of my machines, I want to all authenticated users to be able to upload files to the apache web root /var/www/html. This machine is behind a firewall/router and will not be exposed to the outside world. I want to know if someone can point me to a good tutorial on setting up one of these servers, I have read the man pages and googled for possible configurations and I still have not been successfull. I can log in as my normal user and see my home folder, but cannot upload to the web root.
John -- Registered Linux User 263680, get counted at http://counter.li.org
John Pierce wrote:
I have tried to configure an ftp server on one of my machines, I want to all authenticated users to be able to upload files to the apache web root /var/www/html. This machine is behind a firewall/router and will not be exposed to the outside world. I want to know if someone can point me to a good tutorial on setting up one of these servers, I have read the man pages and googled for possible configurations and I still have not been successfull. I can log in as my normal user and see my home folder, but cannot upload to the web root.
try vsftp :
this page mentions a quick install (on whitebox linux) : http://www.hughesjr.com/content/view/19/2/Site_News
(i'm using vsftp on FreeBSD and i like it, it's a matter of getting the config and permissions right)
On 4/29/06, albi albi@scii.nl wrote:
John Pierce wrote:
I have tried to configure an ftp server on one of my machines, I want to all authenticated users to be able to upload files to the apache web root /var/www/html. This machine is behind a firewall/router and will not be exposed to the outside world. I want to know if someone can point me to a good tutorial on setting up one of these servers, I have read the man pages and googled for possible configurations and I still have not been successfull. I can log in as my normal user and see my home folder, but cannot upload to the web root.
hey,
what are the permissions set on /var/www/html. Does others have the write permission on this folder. Or other thing you can do is create a user with his home directory set to /var/www/html and with this user you can upload and download the files.
If you want everybody to upload the files to /var/www/html then you have to give write permissions to everybody that is 766
Thanks & Regards
Ankush Grover
I found the FTP chapter under Redhat Enterprise 4 for Dummies to be very helpful in setting up an FTP server. It uses vsftp in the book. I was able to set it up in no time. And I am the Newb from hell so if I can do it anyone can.
----- Original Message ----- From: "John Pierce" john.j35@gmail.com To: "CentOS mailing list" centos@centos.org Sent: Saturday, April 29, 2006 12:57 PM Subject: [CentOS] wu-ftpd, proftpd, or vsftpd!
I have tried to configure an ftp server on one of my machines, I want to all authenticated users to be able to upload files to the apache web root /var/www/html. This machine is behind a firewall/router and will not be exposed to the outside world. I want to know if someone can point me to a good tutorial on setting up one of these servers, I have read the man pages and googled for possible configurations and I still have not been successfull. I can log in as my normal user and see my home folder, but cannot upload to the web root.
John -- Registered Linux User 263680, get counted at http://counter.li.org _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
--- Chris Peikert c.peikert@co.matagorda.tx.us wrote:
I found the FTP chapter under Redhat Enterprise 4 for Dummies to be very helpful in setting up an FTP server. It uses vsftp in the book. I was able to set it up in no time. And I am the Newb from hell so if I can do it anyone can.
----- Original Message ----- From: "John Pierce" john.j35@gmail.com To: "CentOS mailing list" centos@centos.org Sent: Saturday, April 29, 2006 12:57 PM Subject: [CentOS] wu-ftpd, proftpd, or vsftpd!
I have tried to configure an ftp server on one of my machines, I want to all authenticated users to be able to upload files to the apache web root /var/www/html. This machine is behind a firewall/router and will not be exposed to the outside world. I want to know if someone can point me to a good tutorial on setting up one of these servers, I have read the man pages and googled for possible configurations and I still have not been successfull. I can log in as my normal user and see my home folder, but cannot upload to the web root.
John
Registered Linux User 263680, get counted at http://counter.li.org _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Well, Setting up the ftp server is the easy part. Now the question, is it very secure or is this a hackers practice server?
Steven
"On the side of the software box, in the 'System Requirements' section, it said 'Requires Windows or better'. So I installed Linux."
Steven Vishoot wrote:
Well, Setting up the ftp server is the easy part. Now the question, is it very secure or is this a hackers practice server?
erhm, the vsftp-software stands for "very secure ftp", but of course the admin and the admin's configuring makes it secure or not
(the fact that the redhat-company now uses it as their default ftp-server doesn't mean anything, because they were provided wu-ftpd as the default ftp-server install years ago afair, and wu-ftpd has a pretty bad reputation as has other software from WU, like pine)
albi wrote:
erhm, the vsftp-software stands for "very secure ftp", but of course the admin and the admin's configuring makes it secure or not
(the fact that the redhat-company now uses it as their default ftp-server doesn't mean anything, because they were provided wu-ftpd as the default ftp-server install years ago afair, and wu-ftpd has a pretty bad reputation as has other software from WU, like pine)
May I ask what is wrong with pine? TIA.
-Jose
On Sun, 2006-04-30 at 19:13 -0400, José Alburquerque wrote:
albi wrote:
erhm, the vsftp-software stands for "very secure ftp", but of course the admin and the admin's configuring makes it secure or not
(the fact that the redhat-company now uses it as their default ftp-server doesn't mean anything, because they were provided wu-ftpd as the default ftp-server install years ago afair, and wu-ftpd has a pretty bad reputation as has other software from WU, like pine)
May I ask what is wrong with pine? TIA.
It's license
José Alburquerque wrote:
albi wrote:
erhm, the vsftp-software stands for "very secure ftp", but of course the admin and the admin's configuring makes it secure or not
(the fact that the redhat-company now uses it as their default ftp-server doesn't mean anything, because they were provided wu-ftpd as the default ftp-server install years ago afair, and wu-ftpd has a pretty bad reputation as has other software from WU, like pine)
May I ask what is wrong with pine? TIA.
well, here's 1 example of the mentioning of pine's not so secure code, if you try to install pine on FreeBSD (from ports), you will see this :
│ SECURITY NOTE: The pine software has had several remote │ vulnerabilities discovered in the past, which allowed remote │ attackers to execute arbitrary code as you on your local system, │ by the action of sending a specially-prepared email. All such │ KNOWN problems have been fixed, but the pine code is written in a │ very insecure style and the FreeBSD Security Officer believes │ there are likely to be other undiscovered vulnerabilities. Do you │ wish to proceed with the installation of pine anyway? │ [ Yes ] [ No ]
there are alternatives for pine, e.g. mutt, elmo, and there's more (forgot the names)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, Apr 29, 2006 at 12:57:10PM -0500, John Pierce wrote:
I have tried to configure an ftp server on one of my machines, I want to all authenticated users to be able to upload files to the apache web root /var/www/html. This machine is behind a firewall/router and will not be exposed to the outside world. I want to know if someone can point me to a good tutorial on setting up one of these servers, I have read the man pages and googled for possible configurations and I still have not been successfull. I can log in as my normal user and see my home folder, but cannot upload to the web root.
If that is all your users will have to do on the server, I recommend using proftpd with virtual users.
Each uses will have its own password (and you can get logs for them), but all files will end up with the uid:gid you want. The same for everyone, actually.
This is also a good way to make sure the users will not be able to use their passwords to do anything else on the server.
- -- Rodrigo Barbosa rodrigob@suespammers.org "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
Rodrigo Barbosa wrote:
If that is all your users will have to do on the server, I recommend using proftpd with virtual users.
I concur, and do just such here to run our FTP server. It's basically this simple:
1) Install a RPM, here's mine compiled with a MySQL auth bugfix for RHEL4/CentOS4 (ProFTPd bug #2644): ftp://falsehope.com/home/tengel/centos/4/te/i386/RPMS/proftpd-1.2.10-10_mysql.te.i386.rpm
2) Edit /etc/proftpd.conf to not use system logins, and instead use a set of files on the system (you can also use MySQL or another method, just giving the easy way here):
AuthPAMAuthoritative off AuthPam off AuthUserFile /opt/etc/passwd.ftp AuthGroupFile /opt/etc/group.ftp
3) Create /opt/etc/group.ftp with one (or two) lines in it:
ftp::50: nobody::99:
4) Add login users to /opt/etc/passwd.ftp, using an encrypted password (such as those created by "htpasswd" that comes with Apache). Make one that you never use for the user "ftp" (or for anon logins), then one for your actual login people:
ftp:XXXXXXX:14:50::/var/ftp:/sbin/nologin someuser:XXXXXX:14:50::/var/www/html:/sbin/nologin
5) Change the permissions of your /var/www/html tree to allow UID 14 (or GID 50) to write to it.
You can further increase security by making a third group with a unique GID and have the user have it's own unique UID as well, but I'll leave that up to you to figure out. There's a lot of room for play in the above steps, they're meant as a guideline.
NOTE: if you use MySQL as your authenticator and do *not* want to fall back to system auth (PAM), then you need to set two more options in /etc/proftpd.conf:
PersistentPasswd off AuthOrder mod_sql.c mod_auth_file.c
FYI only.
-te
On Sunday 30 April 2006 22:34, Rodrigo Barbosa wrote:
If that is all your users will have to do on the server, I recommend using proftpd with virtual users.
Having used both proftpd and vsftpd, they *seem* to be about feature equivalent. Is there any case where one would be preferrable to the other? Why?
Unfortunately, I had a bad experience with ProFTPd - a RedHat 7.x server otherwise maintained with yum was compromised due to a flaw in ProFTPd, because I missed that ProFTPd had been installed from source and wasn't being updated.
It's my bad, so I'm not really downing ProFTPd, but it does make clear to me that it's usually preferrable to use whatever the distro comes with, even if competing packages have a generally better security record, if only because of the assurance of timely security patches and updates.
When you install from source, you're married to that package from then on, and have to maintain it until the end of time! But, when you install a distro RPM, the good folks at RedHat and CentOS effectively maintain it. That's a *good thing*, since they'll most assuredly do a better job at it.
Over the years, I've gotten *very* conservative about what I install!
-Ben
Benjamin Smith wrote:
When you install from source, you're married to that package from then on, and have to maintain it until the end of time! But, when you install a distro RPM, the good folks at RedHat and CentOS effectively maintain it. That's a *good thing*, since they'll most assuredly do a better job at it.
Your reasoning is sound. However, there are real-world scenarios where you have to do this, so it's better to develop a robust secondary plan to supplement the automatic distro yum upgrades rather than possibly living within the restrictions of the distro (unhappily).
Take for instance MySQL -- CentOS4/RHEL4 ship 4.1.12 in some form. But, your developer coding an application needs 4.1.18 in order to utilize some newer SQL syntax features (INSERT ... SELECT ... ON DUPLICATE KEY UPDATE ...). So, you end up having to install a newer set of server binaries (carefully -- w/ MySQL, I marry custom downloads with the RPMs, so they can co-exist) so I can meet the developer and business needs.
Subscribing to announce mailing lists to track security releases is of course important, or if you can't use a mailing list setting up a monitoring software like WebSec (http://savannah.nongnu.org/projects/websec/) is a good alternative.
My $0.02 US. :) -te
-
albi -
ankush grover -
Benjamin Smith -
Chris Peikert -
John Pierce -
Johnny Hughes -
José Alburquerque -
Rodrigo Barbosa -
Steven Vishoot -
Troy Engel