| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 76404 | 2007-01-31 06:13:00 | Linux - proftpd - can't quite get it happening. | personthingy (1670) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 521060 | 2007-02-01 21:55:00 | The point everyone seems to be missing is not that the FTP server is failing to work in the exact way i want it to, but that it is failing to work at all even if i access it from my machine in the next room and go to ftp://192.168.0.1Are you trying to access it as root? That is considered bad practice, and usually disallowed by default these days. What errors are being logged? That's what the files in /var/log are for. (Use tail on any of those files. THe FTP server will have its own error log file(s). "It doesn't work" isn't a helpful error message. :D |
Graham L (2) | ||
| 521061 | 2007-02-01 23:16:00 | Are you trying to access it as root? That is considered bad practice, and usually disallowed by default these days. What errors are being logged? That's what the files in /var/log are for. (Use tail on any of those files. THe FTP server will have its own error log file(s). "It doesn't work" isn't a helpful error message. :DI've got about 5 minutes before i have to go out again. I'll answer what i can. No, i'm not logging in as anything, let alone as root. what i am doing is pointing a web browser (konq) at ftp://192.168.0.1 that being the address of the server which is of course in the same building as i, and getting time out messages rather than an opertunity to log in. I have nothing i would want to alter as root via FTP anyway, and yes root access is disabled . Fish is far better for messing around as root. What i want it to do is let me (or others) log in as a user, and be able to alter or add to the files in ~/pub so as to change the content of the websites that this machine is hosting. I'll get a chance to look at the error log tonight sometime. thanks for the pointer :) |
personthingy (1670) | ||
| 521062 | 2007-05-01 07:40:00 | Seems that whatever the issue was, it went away when we nuked and rebuilt server! So all is good now! |
personthingy (1670) | ||
| 521063 | 2007-05-01 07:45:00 | The browser would have been trying to connect as "anonymous". Of course anonymous access should have been disabled by default, too. That's the "trouble" with systems built with security in mind. :D | Graham L (2) | ||
| 521064 | 2007-05-01 07:52:00 | The browser would have been trying to connect as "anonymous". Of course anonymous access should have been disabled by default, too. That's the "trouble" with systems built with security in mind. :DNow it simply asks for the user and pass, and the user is jailed in their own account. Unfortunatly, by default proftpd on etch is NOT safe like this, and any user could see anything, just not write to what wasn't theirs.... A simple line needed to be uncommented, so it read as below # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. DefaultRoot ~ All good now... i think! |
personthingy (1670) | ||
| 521065 | 2007-05-01 08:01:00 | In some ways, the anonymous user provision was the "safest" mode in a system designed for a trusted environment. That should have the "/public" tree, which could be kept away from all user directories. But to make it properly safe, it was necessary to have local ("safe") versions of many of the system executables, and even the passwd stuff. It only needs one unsafe implemantation of an application which runs with privileges to make the whole seystem insecure. (FTP should be started by root, but immediately change user to run as ftp, with limited privileges). |
Graham L (2) | ||
| 521066 | 2007-05-01 08:12:00 | Ah.... i suppose that would also depend on precisely what was required of a FTP server. Mine is so that armed with any exteranal computer, a user can get into ~/pub files, and change whats on their website.... There's currently 3 "public" sites, 2 of mine, CF1, and a possible maybe or three that will possibly never get finished. For this, we definitely need all users on personalized FTP home detention! :) |
personthingy (1670) | ||
| 521067 | 2007-05-01 08:24:00 | I first used FTP to get files from around the world, in the days long befoire web sites had been dreamed of. I got used to logging in as "anonymous" and entering the password which was my 16 character email address. (The password was typed blind --- no echo -- but it wasn't checked. It was used to keep an eye on who was using the service). Most of the servers were on university mainframes ... mostly about as powerful as an Intel 386. Almost all asked users to avoid the "business hours" of the server, and even then had a limit of 3-10 connected users at once. Big files were usually provided compressed and split into sections of about 300k to fit on individual floppies. user/password access is "reasonably safe" with the chroot option, but there are some potential holes. You can probably rely on "security by obscurity" to some extent. |
Graham L (2) | ||
| 521068 | 2007-05-01 08:44:00 | ..... ... mostly about as powerful as an Intel 386. Here's our server (www.something.net.nz) Somewhat less glamorous than a mainframe, but several times more powerful than a 386. Actually it's just been pointed out to me that the file size of the pic, is more than 300K.. How things change. user/password access is "reasonably safe" with the chroot option, but there are some potential holes. You can probably rely on "security by obscurity" to some extent. What pitfalls can you see? |
personthingy (1670) | ||
| 521069 | 2007-05-01 11:44:00 | lol, no pitfalls that I can see. Just the usual dirt, grime, trash, loose wires and chance of water seeping in that most of us have to live with. And a sealed user manual for something. Well atleast it has plenty of ventilation:D | beeswax34 (63) | ||
| 1 2 3 | |||||