| FreeBSD Server Administration |  |
January 04, 2006
Anonymous FTP Account
Several months ago, I switched to pure-ftpd from proftpd for my Linux VPS and FreeBSD server, but I didn't test the anonymous login on Linux, just found it's enabled by default!! Fortunately, it wasn't abused. If someone used it for video download, I could face a big bill for bandwidth usage. Very lucky.
I did test it on my FreeBSD server, and got the error message "Unable to set up secure anonymous FTP". But now I realized this message might be from FreeBSD system other than pure-ftpd, because I got a different message on Linux after I disabled anonymous login: "This is a private system - No anonymous login".
Anyway, don't take anything for granted, a simple test is the best way to avoid silly error like this.
Posted by FreeBSD Newbie at 01:24 AM | Comments (0)
September 14, 2005
Switch to pure-ftpd
WebHost Manager on my Linux VPS displayed the following message:
At this time, it is recommended that all customers using proftpd Switch to pure-ftpd as soon as possible to eliminate a potential security hole. It is important to consider that this security hole has not been verified. Multiple reports of compromised machines which have Trojans horse binaries installed with the proftpd group have been received. We wish acknowledge that there is only circumstantial evidence pointing to proftpd as the culprit, however we feel it is best to err on the side of caution.
Switching to pure-ftpd on WebHost Manager is as easy as one mouse click. It also solved a very annoying problem of proftpd -- up to 15 seconds delay with new connections. This is a common problem of proftpd, I believe it's because of my poor configuration, but I can't fix it. Time to replace proftpd on FreeBSD too.
Install pure-ftpd on FreeBSD
# cd /usr/ports/ftp/pure-ftpd
# make install clean
# rehash
Start pure-ftpd, this doesn't need any configuration. The sample configuration file is /usr/local/etc/pure-ftpd.conf.sample, if needed.
# /usr/local/sbin/pure-ftpd &
If you want to Chroot (FTP clients see /home/account/ as /), start with the option "-A":
# /usr/local/sbin/pure-ftpd -A &
No anonymous login:
# /usr/local/sbin/pure-ftpd -E &
Run Pure-FTPd with a configuration file instead of command-line options:
# /usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf &
Posted by FreeBSD Newbie at 02:36 AM | Comments (0)
March 11, 2005
Install ProFTPD
Update: The ProFTPD port seems buggy, I suggest you try pure-ftpd, the installation is very easy and worked very well.
I installed NcFTP client when I just got the server, it seems that "pkg_add -r ncftp" also installed NcFTP server and it worked without any configuration - it gave me an impression that I didn't have to care about the FTP server at all. After some time, my ftp client on Windows started displaying the unregistered version message of NcFTP server. I decided to install a free one - proFTPD.
proFTPD installation is a bit tricky, pkg_add doesn't install the configuration file: /usr/local/etc/proftpd.conf. (Can see the error message when run proftpd in debug mode)
Install proftpd with ports
# cd /usr/ports/ftp/proftpd
# make install
Ports will display a message to insert the following three lines to the PAM configuration /etc/pam.conf (you may have to create it).
ftpd auth required pam_unix.so try_first_pass
ftpd account required pam_unix.so try_first_pass
ftpd session required pam_permit.so
After installation, there are two executable files:
/usr/local/libexec/proftpd
/usr/local/etc/rc.d/proftpd.sh
proftpd.sh didn't work, no error message either.
Run proftpd in debug mode
# /usr/local/libexec/proftpd -n -d 9
It displayed the following error message:
opening scoreboard '/var/run/proftpd/proftpd.scoreboard'
RELINQUISH PRIVS at main.c:2315
error opening scoreboard: No such file or directory
Since the directory /var/run/proftpd doesn't exist, to fix this error, either create the directory manually or add a line in the proftpd config file:
ScoreboardFile /var/run/proftpd.scoreboard
Now I can start proftpd with the following command, although I need to do this every time the server is rebooted.
# /usr/local/libexec/proftpd
Misc
1. I have a few sites on this server, all ftp accounts use /home/username/ as the base ftp directory. To avoid modifying all saved setting on my ftp client software, I uncommented a line in the config file:
DefaultRoot ~
2. There is a few seconds delay when connecting to the server, I had the same problem on my Linux server, later fixed it by removing all entries like the following in the config file:
<VirtualHost>
...
</VirtualHost>
But unfortunately, I can't find similar entries on FreeBSD, please let me know if you know how to fix it.
Posted by FreeBSD Newbie at 06:46 PM | Comments (1)
November 03, 2004
Recursively FTP Files
How to get files recursively by FTP?
Update: NcFTP doesn't work well on some FTP servers, the best way to transfer files is using tar command.
NcFTP Client is a very nice tool which enables you get/put files recursively. I used it to transfer my sites, the whole procedure becomes very fast and easy: get all files, export/import DB data, setup necessary configuration for some program (e.g. blog, forums), done. You don't have to upload everything with slow home connection, also needn't to change the scripts' file attributes since FTP maintains all file information. NcFTP also supports bookmarks which is very convenient.
Download the source file here, extract all files and read README.txt for installation guide, it is very straightforward, just run:
# ./configure
# make
# make install
The third step needs root account, but after installation, all users can use the program.
The command for getting files recursively is:
# get -R filename
(You might want to replace "filename" with "." to get current directory.)
Posted by FreeBSD Newbie at 08:24 AM | Comments (0)