Hey guys,
I am almost totally migrated to Linux except for a few things.
The one that is really bothering me is that I can't FTP to my server (running RH9 and proftpd) using either gftp or kbear but I can't FTP perfectly when in WIndows and using Filezilla.
I triple-checked both client and server and I can't see anything wrong. But I'm sure it's a client problem. I am running Fedora 1 at the moment.
What do I do?
Oh... and the other thing that's stopping me is I havent yet got video editing working perfectly yet. But that's another time.
Thanks,
buzza
ftp problems
Did you configure a firewall (iptables) on either the client or server or both? Are you running proftpd in daemon mode or inetd mode? If you are running it in inetd mode have you configured xinetd? Since you posted this in the Red Hat/Fedora forum I assume you are using one of those in which case I am curious why you didn't have a go with vsftpd instead of proftpd (not that there is anything wrong with either, just that vsftpd comes with RH/Fedora).
speaking of vsftpd, I was wanting to know the most secure way to run it. I hear that SANS, which I have become a big fan of, really likes it. Since my web/ftp server just crashed because of hw issues, I get to rebuild it with FC1/2. (not sure which one yet)
anywho, does anyone have a really good config to really secure up the vsftpd?
I want one login, say ftpadmin to be able to have write access to all the 'child' logins that I create. I work for a company where the 'admin' login controls the 'child' logins. But at the same time the 'admin' login is chrooted...!?
anywho, does anyone have a really good config to really secure up the vsftpd?
I want one login, say ftpadmin to be able to have write access to all the 'child' logins that I create. I work for a company where the 'admin' login controls the 'child' logins. But at the same time the 'admin' login is chrooted...!?
well as far as that goes I have to admit that I don't know much about.
Though i have been using linux for a while, you could still call me a newbie.
I have no idea about setting up iptables and xientd. But i doo know that I am running Proftp
in stand-alone.
Reason I am using proftp instead of vsftp is because I was told by Doogee that it was better and more secure if I remember correctly.
Anyway, if u need more info just ask.
also the server firewall can't be the problem becuase it allows transfer from windows machines.
Though i have been using linux for a while, you could still call me a newbie.
I have no idea about setting up iptables and xientd. But i doo know that I am running Proftp
in stand-alone.
Reason I am using proftp instead of vsftp is because I was told by Doogee that it was better and more secure if I remember correctly.
Anyway, if u need more info just ask.
also the server firewall can't be the problem becuase it allows transfer from windows machines.
Last edited by Buzza24 on Fri May 21, 2004 12:58 am, edited 1 time in total.
For the record proftpd is not more secure than vsftpd. It might be more secure than wu-ftpd but not vsftpd. vsftpd is built with security as it's primary focus (hence the name "very secure ftpd"). byrdman, I'll try and get an answer for you soon if nobody else gets it.
http://vsftpd.beasts.org/
http://vsftpd.beasts.org/
This README seems to cover your user question:
ftp://vsftpd.beasts.org/users/cevans/un ... S_2/README
I'm not sure but I think it expands on these config files:
ftp://vsftpd.beasts.org/users/cevans/un ... UAL_USERS/
ftp://vsftpd.beasts.org/users/cevans/un ... S_2/README
I'm not sure but I think it expands on these config files:
ftp://vsftpd.beasts.org/users/cevans/un ... UAL_USERS/
well it's all good now.
I installed vsftpd and it's works fine. not one problem yet.
Just before I go, here is the address of the webserver that I have working on.
http://buzza.kicks-ass.net/
Thanks,
Buzza
I installed vsftpd and it's works fine. not one problem yet.
Just before I go, here is the address of the webserver that I have working on.
http://buzza.kicks-ass.net/
Thanks,
Buzza
Glad to see you chose to run your webserver on the only viable option as far as I am concerned, which is Linux using Apache ( I hope that is what you are using 
). If you have any further questions as far as administering apache goes ask away, I am sure we can give you any help required. I know this ia a Linux site mainly but if you have any html or any other web design questions I will probably be able to help you out. I am sure Void can too, I mean he designed this sight didn't he?
I actually stold his idea of using a programming format for my index page. I used Perl syntax though instead of C but you get the idea. Anyway good luck with the Christian sites, it is good to see someone use techologic skills for a decent cause.
Oh and my site I am refering too is www.perlskripts.com.
). If you have any further questions as far as administering apache goes ask away, I am sure we can give you any help required. I know this ia a Linux site mainly but if you have any html or any other web design questions I will probably be able to help you out. I am sure Void can too, I mean he designed this sight didn't he? I actually stold his idea of using a programming format for my index page. I used Perl syntax though instead of C but you get the idea. Anyway good luck with the Christian sites, it is good to see someone use techologic skills for a decent cause.
Oh and my site I am refering too is www.perlskripts.com.
Ok, I worked out an example config that does what you want. In my example I have added 4 more users to my system. "ftpadmin" is the user that needs access to all the other ftp users and with read/write access to their stuff. Then I created users "ftp1", "ftp2", and "ftp3".byrdman wrote:speaking of vsftpd, I was wanting to know the most secure way to run it. I hear that SANS, which I have become a big fan of, really likes it. Since my web/ftp server just crashed because of hw issues, I get to rebuild it with FC1/2. (not sure which one yet)
anywho, does anyone have a really good config to really secure up the vsftpd?
I want one login, say ftpadmin to be able to have write access to all the 'child' logins that I create. I work for a company where the 'admin' login controls the 'child' logins. But at the same time the 'admin' login is chrooted...!?
I used the plain old adduser command:
Code: Select all
# adduser ftpadmin
# adduser ftp1
# adduser ftp2
# adduser ftp3
Code: Select all
ftpadmin:x:10025:10025:FTP Admin:/home/ftpadmin:/bin/false
ftp1:x:10026:10025:FTP User 1:/home/ftpadmin/ftp1:/sbin/nologin
ftp2:x:10027:10025:FTP User 2:/home/ftpadmin/ftp2:/sbin/nologin
ftp3:x:10028:10025:FTP User 3:/home/ftpadmin/ftp3:/sbin/nologin
Code: Select all
# cd /home
# rm -rf ftp1 ftp2 ftp3 ftpadmin
# mkdir ftpadmin
# mkdir ftpadmin/ftp1
# mkdir ftpadmin/ftp2
# mkdir ftpadmin/ftp3
# chown -R ftpadmin:ftpadmin ftpadmin
# chmod -R 770 ftpadmin
Code: Select all
ftpadmin
ftp1
ftp2
ftp3
http://voidmain.is-a-geek.net/files/vsftpd/vsftpd.conf
Here it is with the comments removed:
Code: Select all
write_enable=YES
local_umask=002
anon_upload_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ftpd_banner=Welcome to Void Main's FTP server.
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=YES
Here are all the files:
http://voidmain.is-a-geek.net/files/vsftpd/
In regarding FTP'ing
Void, I seem to remember you helped us write a script that simplified our asp webcam script to perl. you also wrote cron scripts that copied the webcam pix that were sent to the account's home dir and placed them in the right folder under the website. Well of course you heard that our website crashed and, being the great net admin that I am , did not have a back up because....well....I just didn't 
I remember the script was something like this:
LATEST='tail -200 /var/log/xferlog grep something something -someswitch etc... \
cp -f $LATEST /loc/of/webcam/folder...
there was one to copy the live picture and one to copy archives because in our crontab there was a webcamlive and a webcam archive...
could you help a poor sap out, I will buy you a Chevy's lunch!!!
I remember the script was something like this:
LATEST='tail -200 /var/log/xferlog grep something something -someswitch etc... \
cp -f $LATEST /loc/of/webcam/folder...
there was one to copy the live picture and one to copy archives because in our crontab there was a webcamlive and a webcam archive...
could you help a poor sap out, I will buy you a Chevy's lunch!!!
Yes, I somewhat remember doing that. I would need a copy of the xfer log and a directory/name where you want the most current image placed and what the image name(s) are in the log and it should be pretty simple. You can either email a portion of the log (gzipped) or upload it to my ftp server in the /upload directory (if you upload it you will not be able to see it or download it, it will appear to just go into a black hole but it will be there). I will not be able to look at it until this evening if you ftp it but I might be able to get what you want earlier than that if you email it.
Is /sbin/nologin and/or /bin/false listed in your /etc/shells file (they should be) and do the files actually exist?
Last edited by Void Main on Wed Jun 02, 2004 10:05 am, edited 1 time in total.