ftp problems

Place to discuss Fedora and/or Red Hat
byrdman
administrator
administrator
Posts: 225
Joined: Thu May 08, 2003 1:59 pm
Location: In the cloud

Post by byrdman » Wed Jun 02, 2004 10:04 am

and I noticed that vsftpd is running as root. That should be a no-no, right? do I change the nopriv_user option in the vsftpd.conf?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Wed Jun 02, 2004 10:08 am

What does your /etc/shells look like? It should have /sbin/nologin listed in it and the /sbin/nologin file should actually exist. If it doesn't and you do have a /bin/false you can use that, but it must also be listed in /etc/shells. The FTP server *has* to run as root in order to listen on port 21 (a privilaged port). When the user makes a connection it should spawn a child that *isn't* running as root.

byrdman
administrator
administrator
Posts: 225
Joined: Thu May 08, 2003 1:59 pm
Location: In the cloud

Post by byrdman » Wed Jun 02, 2004 10:14 am

that was it, thanks. There was no /bin/false in the /etc/shells file.

byrdman
administrator
administrator
Posts: 225
Joined: Thu May 08, 2003 1:59 pm
Location: In the cloud

Post by byrdman » Wed Jun 02, 2004 11:11 am

Since I have other employees that will need to create users is there a script I could write that would easily do this? Could it be done in a shell script. Can you use <STDIN> in bash or does that have to be PERL. And would a PERL script be easier? In my test perl script, how would I call system commands? inother words they would ssh in to the ftp server and type "shellname joeb" and the script would create everything with the right dir perms and in the right location...

Am I way off base here? I just want to pass off the user creation and ftp site stuff to someone below me!! :lol:

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Wed Jun 02, 2004 11:32 am

This is very easy and can be done in a 2 or 3 line shell script. First of all there are many params to the "adduser" command so it will set your /etc/passwd info the way you want. Then just have it make the directory and set the permissions and set a password and you are done. Would you like me to give you a chance to try and work out the script on your own or would you like me to write it for you (no biggy, about 1 minutes worth of work)?

Hints:
$ man adduser

Shell hints:
Make use of parms ($1, $2, etc).

If you want them to be able to do this without being root you could run the script with "sudo".

byrdman
administrator
administrator
Posts: 225
Joined: Thu May 08, 2003 1:59 pm
Location: In the cloud

Post by byrdman » Wed Jun 02, 2004 11:41 am

I think I need help getting started...Once I see it, I can pretty much hack it up to my liking...

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Wed Jun 02, 2004 12:05 pm

Try this (more than 2 or 3 lines but added some error checking).

addftpuser:

Code: Select all

#!/bin/sh
 
# ftpadmin group number
FTPGRPID=2000
# ftpadmin group name
FTPGRPNAME=ftpadmin
# ftpadmin home
FTPHOME=/home/ftpadmin
export FTPGRPID FTPGRPNAME FTPHOME
 
if [ "`whoami`" != "root" ]; then
  echo "Must be root to run this script!"
  exit
fi
 
if [ $# -ne 2 ]; then
  echo "Syntax: `basename $0` username password"
  exit
fi
 
if grep -q "^$1:" /etc/passwd; then
  echo "User already exists in /etc/passwd!"
  exit
fi
 
/usr/sbin/adduser -c "FTP User" -d $FTPHOME/$1 -g $FTPGRPID -s /bin/false -M -p "$2" $1
mkdir -p $FTPHOME/$1
chown $1:$FTPGRPNAME $FTPHOME/$1
chmod 770 $FTPHOME/$1
This assumes you already have the "ftpadmin" ID set up properly. Change the FTPGRPID and FTPGRPNAME and FTPHOME variables to match your environment.

byrdman
administrator
administrator
Posts: 225
Joined: Thu May 08, 2003 1:59 pm
Location: In the cloud

Post by byrdman » Wed Jun 02, 2004 12:13 pm

awesome! Thanks

Post Reply