Thursday, October 21, 2010

FreeBSD FTP erection



When you install FreeBSD after the built-in FTP, but it just does not start by default, some people feel the spring sun FreeBSD built-in ftpd, will also be replaced by other ftpd, common alternatives are: proftpd, pureftp .. .... and so on, but attention should be updated at any time, because FTP program often find a security hole.

1 to FreeBSD ftpd built to provide services
Generally speaking, when you installed FreeBSD, FTP service program / usr / libexec / ftpd will have a
Just change it / etc / inetd.conf, FTP service is already available to people who use the machine account

1-1 Open the FTP service
FreeBSD system to provide default ftpd daemon mode (stand alone) and two ways by the inetd start ftpd
Comparison of two methods, daemon approach for using multiple connections to the same time, load the larger host

1-1-1 Method 1: daemon mode (stand alone)
Immediately start the ftpd daemon 1-1-1-1
If you just want to immediately start the service as long as the implementation of:

/ Usr / libexec / ftpd-D-l-l

Parameters:

-D: let ftpd daemon way to start.
-L: called syslogd record each connection, with twice-l can not even use the motion are recorded
-L records need to stay connected with changes / etc / syslog.conf will boot record
ftpd many parameters, can be man ftpd view.

1-1-1-2 how to make FreeBSD boot automatically start ftpd
If the only way to start in front of ftpd daemon, the next system reboot is gone, for it to automatically start, we can start the command into / etc / rc.local or imitation in / usr / local / etc / rc.d files, write a ftpd.sh.

Example One:

ee / etc / rc.local

Put a line in it:

/ Usr / libexec / ftpd-D-l-l

Example Two:

Imitation / usr / local / etc / rc.d files in, add a call ftpd.sh the script:

ee / usr / local / etc / rc.d / ftpd.sh

Inside into the following:


#! / Bin / shftpd_flag = "-l-l-S" ftpd = "/ usr / libexec / ftpd" case "$ 1" instart) [-x $ (ftpd)] & & $ (ftpd )-D $ (ftpd_flag)> / dev / null & & echo-n''ftpd;; stop) / usr / bin / killall ftpd> / dev / null & & echo-n''ftpd '';; *) echo "Usage:` basename $ 0 `(start | stop)"> & 2;; esacexit 0


Keep a good file and then change my file permissions, it can do:

chmod 554 / usr / local / etc / rc.d / ftpd.sh

Thus, when the FreeBSD boot automatically start ftpd, you can use / usr / local / etc / rc.d / ftpd stop to stop the service, what parameters of implementation to add the line to modify ftpd_flag.

1-1-2 Method 2: by the inetd to start ftpd
In this way, assume it is to modify / etc / inetd.conf La:

ee / etc / inetd.conf

First check the / etc / inetd.conf has not the following line:

# Ftp stream tcp nowait root / usr / libexec / ftpd ftpd-l

If, as the line above, as at the beginning of a pound, he said that the FTP service is disabled by default. Pound that comment, do not use, as long as the pound like to remove into the following:

ftp stream tcp nowait root / usr / libexec / ftpd ftpd-l

After filing the implementation of the following command:

kill-HUP `cat / var / run / inetd.pid`

Let inetd re-crawl / etc / inetd.conf configuration file like the

Note: The above is the Esc key `caterpillars the following buttons that pan Oh, do not single quotes beaten



1-2 stop the FTP service
If you want to stop the FTP service, see mode before the start or the inetd daemon is started and the different models.

1-2-1 daemon mode
daemon mode can execute the following command to terminate the ftpd process:

killall ftpd

If the prior is to ftpd on / etc / rc.local the reason behind the system automatically starts at boot time, you can use the following methods to stop automatically provide FTP services.

First open / etc / rc.local to edit, run:

ee / etc / rc.local

Files, the implementation of the ftpd top of the line add a pound, you can save good.

1-2-2 inetd mode
Inetd mode is initially to provide services, will have to modify the inetd configuration file / etc / inetd.conf, and let inetd re-read the settings.

First open / etc / inetd.conf to edit, run:

ee / etc / inetd.conf

The profile, there ftpd that line with a pound sign in front, the storage profile.

Let inetd re-read configuration file, execute the following command:

kill-HUP `cat / var / run / inetd.pid`

To verify whether the FTP service has stopped, you can do:

netstat-na

Consider the following line is not already disappeared:

tcp4 0 0 *. 21 *.* LISTEN



Restrict users to only 1-3 in their own directory activities (chroot)
Without special setting, users with their own FTP account to the host, you can freely switch to any directory, and if you do not want it running around to do the following settings.

1-3-1 Method 1: Use / etc / ftpchroot
FreeBSD's ftpd to / etc / ftpchroot to control which people or groups how to chroot, so we open / Add this profile to edit.

ee / etc / ftpchroot

In the file into our desire to control the person or group:

gsyan
foo
@ Staff

The above settings make gsyan, foo and the group of people belonging to staff only in their catalog activities.

Description:

Little mouse that is followed by the beginning of the name of the group.


There are ways to open an account not only other all chroot chroot it?

FreeBSD ftpd recently built in the / etc / ftpchroot addition of stuff that can be set, if the man ftpchroot see description says that you can use the following settings to achieve the only open part of the account is not locked in the purpose of personal directory .

First open / etc / ftpchroot to edit:

ee / etc / ftpchroot

Assume admin is the administrator account, so that admin can walk everywhere in the system, on the inside into the following three lines:

admin /
ftp.
@ Www

Good storage can use ftp to connect to see if, under the above setting has the effect of:

The first line set: admin login will switch to the /
The second line setting: Anonymous login is to maintain the way, only in the public directory specified account activities.
The third line setting: other users can only be in the personal directory www folder activities.
The third line used in apache server to provide users with up page, and set the UserDir = www apache, the future just tell users: Please do 銆巔ages directly with their own ftp account to the host can銆? previously have explaining to do, ask him after ftp into the website www folder, but remember the first users of the www directory to first establish a good, or even log in but can not log in would be Oh!!

In FreeBSD 4.8R after / etc / ftpchroot have introduced new features, detailed settings can be man ftpchroot (but not the previous version of the pot man).

1-3-2 Method 2: Use / etc / login.conf
This method is the use of user database (the system password file / etc / master.passwd) in the login class field to set the user attached to the class, and then in / etc / login.conf set the class in the FTP chroot actions are, in the / etc / ftpchroot convenient setting for many people to deal with the situation.

Open / etc / login.conf to modify, run:

ee / etc / login.conf

And then locate the following default: at the beginning of which a few lines, similar to the following:

default:: copyright = / etc / COPYRIGHT:: welcome = / etc / motd :................... slightly

Add the following line:

: Ftp-chroot:
Becomes:

default:: ftp-chroot:: copyright = / etc / COPYRIGHT:: welcome = / etc / motd :................... slightly

Then the following command line to convert the database format login.conf

cap_mkdb / etc / login.conf

In this way, all the accounts would do chroot, limit the scope of activities in their own directory.


Like all the controls, but want to open system management makes use of the account then chroot?

The previous method, we set the default login class to do this FTP the chroot, that is all common settings, system management may want to roam, to set a system pipe class, and the properties of the ftp-chroot can be achieved by removing part of the purpose of opening up.

Open / etc / login.conf new line pipe login class called admin, and joined the ftp-chroot is not set:

ee / etc / login.conf

Add the following lines (note the blue part), Note: Besides the above defaults: ftp-chroot under part, we have the following to add a login class called another admin:


default:: ftp-chroot:: copyright = / etc / COPYRIGHT:: welcome = / etc / motd :................... slightly

admin:: ftp-chroot @:: tc = default:

................... Slightly


Then the following command line to convert the database format login.conf:

cap_mkdb / etc / login.conf

Note: The above used in the admin of this class are:

: Ftp-chroot @:

ftp-chroot little more than a mouse Oh! It represents the value to the opposite meaning, also do not do ftp-chroot.

Next, we must tell the system who belong to admin the login class, directly modify the account database, the implementation of

vipw

Modify the administrator (do not do chroot) of the login class for the admin

For example:

Suppose the original account administrator gsyan information:

gsyan: *: 1000:1000:: 0:0: Nobita: / home / gsyan: / bin / tcsh

The login class to modify it as admin, to look into the following:

gsyan: *: 1000:1000: admin: 0:0: Nobita: / home / gsyan: / bin / tcsh

Have gone on to save the file changes, using FTP software testing to see if a different log.

Description:

FreeBSD in the / etc / master.passwd password fields were:

Username: Password: UID: GID: class: force password change time: valid time: Information: home directory: shell

So to change the login class is the fifth column.

The format of the password file can be man 5 passwd view

The identity of users will be divided into several different login class, and using / etc / login.conf to set the status to use the system resources are pretty good control tools, well worth a good look at the detailed content can be man login. conf.


1-4 to provide anonymous (visitors) the FTP service
Account in the system so that visitors can not download files in FTP stand, this is called anonymous FTP service (Anonymous FTP), to provide such services must have an account called ftp and create good-related directories and files, this If you were not sure, use / stand / sysinstall to do is the most easily do. Here are the steps to set:

1. Call / stand / sysinstall, run:

/ Stand / sysinstall

2. When a single installation point 銆? stand / sysinstall Main Menu銆? press the arrow keys to move 銆忋? Configure, then press the space bar



3. Entered 銆忋? FreeBSD Configuration Menu, press the arrow keys to move 銆忋? Networking, then press the space bar



4. Entered 銆忋? Network Services Menu, press the arrow keys to move 銆忋? Anon FTP, and press the space bar



5. Entered 銆忋? Anonymous FTP Configuration, enter the following information:



6. Input is finished press OK.

7. Then enter the FTP's GID (use the default values, you can directly press Enter key).



8. Then asked to produce stop Welcome (welcome message), you can directly press Enter key.



9. Enter the pit of welcome:



10. Editor well and press Esc key, then press Enter key twice to file away.

11. Then have the choice of site can be a single top Exit.









相关链接:



SWF To MPEG4



After the way you do business you're considering?



Review Health And Nutrition



Articles about Strategy And War Games



Private hospital, why are white Fujian YOUYIZUOZHUANG 80 per?



If The Turmoil On Wall Street Later To 30 Years



fixing status 0xc0000225 Boot error message



MUST have the heart by the five interview



Enhance The Concept Of Active Intrusion Prevention IPS Is Not Speculation



Glibc 2 HOWTO English Version - 1. Introduction



Green Dam is related to the Chinese people "dignity"?



3GP to MOV



FLV to M4V



No comments:

Post a Comment