Date: Sat, 13 Nov 2004 00:50:17 GMT From: Olafur Osvaldsson <oli@isnic.is> To: freebsd-qa@FreeBSD.org Subject: Re: bin/60662: [sysinstall] 5.2 Anonymous FTP server out dated Message-ID: <200411130050.iAD0oHCm047682@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/60662; it has been noted by GNATS.
From: Olafur Osvaldsson <oli@isnic.is>
To: freebsd-gnats-submit@FreeBSD.org
Cc: fbsd_user@a1poweruser.com
Subject: Re: bin/60662: [sysinstall] 5.2 Anonymous FTP server out dated
Date: Sat, 13 Nov 2004 00:41:25 +0000
--OgqxwSJOaUobr8KG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
I've attached a patch that:
- moves the ftpmotd file to /etc/ftpmotd wich is the correct place
- does not create the ~ftp/bin directory
- makes skipping the creation of ~ftp/incoming an option by leaving the
directory name empty.
- Added text to the Anon-FTP config prompt that points out the previous change
and advises the user to add -r to the ftpd command-line options in inetd.conf
- creates pwd.db instead of passwd in ~ftp/etc
- does not include group and pwd.db entries that start with - or + incase the
user is using compat mode for the passwd database
My opinion on other suggestions:
- ~ftp/pub is still mentioned in the ftpd(8) man page and should therefor be made
- the ftp/anonymous user does not need to be in the ftpchroot file, it is
chrooted by default
- not everyone wants all anon downloads logged so the -S should be up to the user
- quota for the ftp user is not needed if the ~ftp/ dir is not writeable and the
ftpd(8) has the -r option set
/Oli
--
Olafur Osvaldsson
Systems Administrator
Internet a Islandi hf.
Tel: +354 525-5291
Email: oli@isnic.is
--OgqxwSJOaUobr8KG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="sysinstall.diff"
diff -ruN sysinstall.orig/anonFTP.c sysinstall/anonFTP.c
--- sysinstall.orig/anonFTP.c Thu Mar 11 11:58:15 2004
+++ sysinstall/anonFTP.c Sat Nov 13 00:38:18 2004
@@ -105,7 +105,7 @@
tconf.homedir, STRINGOBJ, NULL },
#define LAYOUT_UPLOAD 4
{ 14, 20, 22, ANONFTP_UPLOAD_LEN - 1,
- "Upload Subdirectory:", "Designated sub-directory that holds uploads",
+ "Upload Subdirectory:", "Designated sub-directory that holds uploads (leave empty for none)",
tconf.upload, STRINGOBJ, NULL },
#define LAYOUT_OKBUTTON 5
{ 19, 15, 0, 0,
@@ -248,6 +248,9 @@
"ftpd(8) in inetd.conf(5) for FTP services to be available. If you\n"
"did not do so earlier, you will have the opportunity to enable inetd(8)\n"
"again later.\n\n"
+ "If you want the server to be read-only you should leave the upload\n"
+ "directory option empty and add the -r command-line option to ftpd(8)\n"
+ "in inetd.conf(5)\n\n"
"Do you wish to continue configuring anonymous FTP?")) {
return DITEM_FAILURE;
}
@@ -268,9 +271,6 @@
if (!tconf.group[0])
SAFE_STRCPY(tconf.group, FTP_GROUP);
- if (!tconf.upload[0])
- SAFE_STRCPY(tconf.upload, FTP_UPLOAD);
-
/*** If the user did not specify a directory, use default ***/
if (tconf.homedir[strlen(tconf.homedir) - 1] == '/')
@@ -287,18 +287,19 @@
if (directory_exists(tconf.homedir)) {
msgNotify("Configuring %s for use by anon FTP.", tconf.homedir);
vsystem("chmod 555 %s && chown root.%s %s", tconf.homedir, tconf.group, tconf.homedir);
- vsystem("mkdir %s/bin && chmod 555 %s/bin", tconf.homedir, tconf.homedir);
- vsystem("cp /bin/ls %s/bin && chmod 111 %s/bin/ls", tconf.homedir, tconf.homedir);
- vsystem("cp /bin/date %s/bin && chmod 111 %s/bin/date", tconf.homedir, tconf.homedir);
vsystem("mkdir %s/etc && chmod 555 %s/etc", tconf.homedir, tconf.homedir);
vsystem("mkdir -p %s/pub", tconf.homedir);
- vsystem("mkdir -p %s/%s", tconf.homedir, tconf.upload);
- vsystem("chmod 1777 %s/%s", tconf.homedir, tconf.upload);
+ if (tconf.upload[0]) {
+ vsystem("mkdir -p %s/%s", tconf.homedir, tconf.upload);
+ vsystem("chmod 1777 %s/%s", tconf.homedir, tconf.upload);
+ }
if (DITEM_STATUS(createFtpUser()) == DITEM_SUCCESS) {
msgNotify("Copying password information for anon FTP.");
- vsystem("awk -F: '{if ($3 < 10 || $1 == \"ftp\") print $0}' /etc/passwd > %s/etc/passwd && chmod 444 %s/etc/passwd", tconf.homedir, tconf.homedir);
- vsystem("awk -F: '{if ($3 < 100) print $0}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir);
+ vsystem("awk -F: '{if ((substr($1, 1, 1) != \"+\") && (substr($1, 1, 1) != \"-\") && ($3 < 10 || $1 == \"ftp\")) print $0}' /etc/master.passwd > %s/etc/master.passwd", tconf.homedir);
+ vsystem("/usr/sbin/pwd_mkdb -d %s/etc %s/etc/master.passwd && chmod 444 %s/etc/pwd.db", tconf.homedir, tconf.homedir, tconf.homedir);
+ vsystem("rm -f %s/etc/master.passwd %s/etc/spwd.db", tconf.homedir, tconf.homedir);
+ vsystem("awk -F: '{if ((substr($1, 1, 1) != \"+\") && (substr($1, 1, 1) != \"-\") && ($3 < 100)) print $0}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir);
vsystem("chown -R root.%s %s/pub", tconf.group, tconf.homedir);
}
else {
@@ -308,8 +309,8 @@
if (!msgYesNo("Create a welcome message file for anonymous FTP users?")) {
char cmd[256];
- vsystem("echo Your welcome message here. > %s/etc/%s", tconf.homedir, MOTD_FILE);
- sprintf(cmd, "%s %s/etc/%s", variable_get(VAR_EDITOR), tconf.homedir, MOTD_FILE);
+ vsystem("echo Your welcome message here. > /etc/%s", MOTD_FILE);
+ sprintf(cmd, "%s /etc/%s", variable_get(VAR_EDITOR), MOTD_FILE);
if (!systemExecute(cmd))
i = DITEM_SUCCESS;
else
--OgqxwSJOaUobr8KG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411130050.iAD0oHCm047682>