View previous topic :: View next topic |
Author |
Message |
pcardout n00b
Joined: 11 Mar 2005 Posts: 34 Location: Socorro, NM
|
Posted: Fri Mar 11, 2005 5:11 am Post subject: Serving Web Pages (ftpd or Apache?) |
|
|
Hi there -- I already have a web site running on my university's servers. It works great for small
html and text files. I am getting to the point where I want to put pictures, videos and tarballs on it,
but I don't have enough server space allocated to me.
On the other hand, I have 130 free GBytes on my desktop, and I could put links from the web-server machine (call it
Ishmael) to my desktop (call it Moby). I thought I could just set Moby up serving anonymous ftp for the big
files. Unfortunately, it didn't run right. (I tried emerging ftpd and for some reason it never would
run).
When load ftpd as root@Moby, get
Error messages: Error loading /etc/ssl/certs/ftpd.pem: 3867:error:02001002:system library:fopen:No such file or directory:bss_file.c:278:fopen('/etc/ssl/certs/ftpd.pem','r')
3867:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:280:
3867:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:515:
ftpd: SSLeay initialisation failed
Maybe I ought to just run apache, but it seems like a long learning curve, and at the moment I have too many other
things to work on.
Does anyone know of an "apache for the impatient" ... i.e., emerge it, edit 1 or 2 .conf files and go!
(Or can you help me with my ftpd error message).
Thank you -- Gentooites _________________ I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman |
|
Back to top |
|
|
thebigslide l33t
Joined: 23 Dec 2004 Posts: 792 Location: under a car or on top of a keyboard
|
Posted: Fri Mar 11, 2005 6:21 am Post subject: |
|
|
either re-emerge ftpd without the ssl flag or generate your ssl certificates.
"Apache for the impatient" sounds like "How to get my box hacked and turned into a spam relay" |
|
Back to top |
|
|
pcardout n00b
Joined: 11 Mar 2005 Posts: 34 Location: Socorro, NM
|
Posted: Fri Mar 11, 2005 9:01 am Post subject: FTPD -- thank you |
|
|
Thank you. (Nice Avatar, Austin!)
I couldn't make sense of the error message, but I almost understand your suggestion. Is this sort of thing I do
with ssh-keygen?? I am familiar with ssh, but it wasn't clear whether the Gentoo ncu-ftpd was using similar
technology. In fact, I looked in the man page for something about missing files, but couldn't find it. So I'll poke around
and see if I can figure out how to generate these certs, but I'll take another hint if you're around.
As far as your point on Apache ... well taken. I never really wanted to get into it. Fixing FTP will solve all my needs. _________________ I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman |
|
Back to top |
|
|
pcardout n00b
Joined: 11 Mar 2005 Posts: 34 Location: Socorro, NM
|
Posted: Fri Mar 11, 2005 9:20 am Post subject: FTPD -- And another thing |
|
|
Taking your second suggestion (drop ssl)
Actually, I just tried
USE="-ssl" emerge -v ftpd
ftpd now no longer gives an error. However, ftpd isn't listed as a running process, and I can't ftp in. So something
more is wrong.
As far as your point on Apache ... well taken. I never really wanted to get into it. Fixing FTP will solve all my needs. _________________ I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman |
|
Back to top |
|
|
Nard` Apprentice
Joined: 23 Jan 2005 Posts: 250
|
Posted: Fri Mar 11, 2005 9:35 am Post subject: |
|
|
you should always use /etc/portage/package.use for package specific USE flag changes. That way it doesn't get overwritten next time you update your system
Might sound stupid but have you started ftpd? /etc/init.d/<packagename> start normally
Have you configured it, maybye it needs to bind to a specific address? Also, it may (hopefully) not be running as root so make sure you use the 'a' flag on ps. _________________ Programming is the process of putting bugs in.
Debugging is the process of attempting to take bugs out, doing an ugly hack, hitting your computer, then claiming insurance. |
|
Back to top |
|
|
thebigslide l33t
Joined: 23 Dec 2004 Posts: 792 Location: under a car or on top of a keyboard
|
Posted: Fri Mar 11, 2005 10:22 am Post subject: |
|
|
I believe ftpd is installed with xinetd by default with portage. It will need to be configured. |
|
Back to top |
|
|
pcardout n00b
Joined: 11 Mar 2005 Posts: 34 Location: Socorro, NM
|
Posted: Fri Mar 11, 2005 2:37 pm Post subject: |
|
|
Nard -- Thanks for "package-use" tip. Am still figuring out what USE flags are about.
I asked our resident gentoo expert and he started fudging. It seems to me that
USE flags make the difference between a package running or not and that you should strive
to always use the same set on all packages, but this fellow said they were only about
speed. I don't think I buy it. I think they are basically coding for include files or #DEFINES.
Feel free to wax rhapsodic if you know anything.
I do know to start a daemon and then add to rc-update,
and I got no error messages, and I know to use ps -A, but still no joy.
Got to look at inetd, which indeed was freshly installed with ftpd. _________________ I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman |
|
Back to top |
|
|
pcardout n00b
Joined: 11 Mar 2005 Posts: 34 Location: Socorro, NM
|
Posted: Fri Mar 11, 2005 5:04 pm Post subject: XINETD and FTPD |
|
|
I tried xinetd -stayalive just so I'd be able to see if xinetd was a running process. After I did
this I saw xinetd.
moby home # ps -A |grep -i xinetd
5111 ? 00:00:00 xinetd
I then tried ftpd again. (Compiled w/o SSL Use flag). Still didn't show as process
and was not log into able. (Tried anonymous and named user. Read directions in man ftpd on how to
set up anonymous account.)
Thanks if you know what to try. I already checked my passwd file:
moby home # cat /etc/passwd |grep -i ftp
ftp:x:21:21::/home/ftp:/bin/false
Don't know if I should also add "anonymous" as a user. The man page on ftpd was ambiguous about that, implying
that the user ftp was equivalent to anonymous. _________________ I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman
Last edited by pcardout on Sat Mar 12, 2005 8:48 am; edited 2 times in total |
|
Back to top |
|
|
thebigslide l33t
Joined: 23 Dec 2004 Posts: 792 Location: under a car or on top of a keyboard
|
Posted: Sat Mar 12, 2005 5:28 am Post subject: Re: Still stuck |
|
|
pcardout wrote: | I tried xinetd -stayalive just so I'd be able to see if xinetd was a running process. After I did
this I saw xinetd.
dirac home # ps -A |grep -i xinetd
5111 ? 00:00:00 xinetd
I then tried ftpd again. (Compiled w/o SSL Use flag). Still didn't show as process
and was not log into able. (Tried anonymous and named user. Read directions in man ftpd on how to
set up anonymous account.)
Thanks if you know what to try. I already checked my passwd file:
dirac home # cat /etc/passwd |grep -i ftp
ftp:x:21:21::/home/ftp:/bin/false
Don't know if I should also add "anonymous" as a user. The man page on ftpd was ambiguous about that, implying
that the user ftp was equivalent to anonymous. |
anonymous users have the same privledges as the ftp user, yes. There is no need to add an anonymous user. Do an Code: | etcat files ftpd | grep doc | That should show you the install documentation which describes how to set it up. |
|
Back to top |
|
|
pcardout n00b
Joined: 11 Mar 2005 Posts: 34 Location: Socorro, NM
|
Posted: Sat Mar 12, 2005 7:54 am Post subject: Progress on enabling FTPD - XINETD -- Subtle! |
|
|
OK -- I think I'm figuring it out. One more hurdle. Thanks for sticking with me.
The reason xinetd service seemed not to start is because it went to sleep as it had no services at all to provide.
It didn't even appear is ps -A. I think xinetd is somewhat special as it spawns services on demand.
The key file for xinetd is xinetd.conf and there is an "includedir" feature which references (as if they were part of
xinetd.conf itself) any and all files which are in directory xinetd.d
One of these was called "ftp" and one of the lines was "disable=yes". Changing that line to disable=no and restarting
xinetd allowed xinetd to persist (show up on ps -A). After that, could start ftpd. Amusingly ps -A still does not show
ftpd. Again, that's because it doesn't really exist (as an active process) until an ftp request comes in. So when I
ran ftp from my own machine to my own machine, I could suddenly see ftpd as a process. When I closed the ftp
session, ftpd disappears again from ps -A. Whew!! Subtle!!!
So here's what's left. The following works:
I'm sitting at a command prompt on moby. I start ftp.
ftp> open moby.nmt.edu
Connected to moby.nmt.edu.
421 Service not available, remote server has closed connection
ftp> open localhost
Connected to localhost.
220- Successful login to MOBY! --rs
220 localhost FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17) ready.
Name (localhost:richard):
Note then that I could ftp to localhost, but not to dirac. And I think it's because my machine is refusing the
connection. I looked for /etc/hosts.allow and hosts.deny. They don't exist. Maybe I need to create them? _________________ I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman
Last edited by pcardout on Sat Mar 12, 2005 8:45 am; edited 1 time in total |
|
Back to top |
|
|
pcardout n00b
Joined: 11 Mar 2005 Posts: 34 Location: Socorro, NM
|
Posted: Sat Mar 12, 2005 8:11 am Post subject: hosts.allow doesn't do it |
|
|
I added my entire university's domain (temporarily) to hosts.allow for the ftpd service. Still my connection is
refused.
I welcome more advice. _________________ I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman |
|
Back to top |
|
|
pcardout n00b
Joined: 11 Mar 2005 Posts: 34 Location: Socorro, NM
|
Posted: Sat Mar 12, 2005 8:44 am Post subject: FTP and Security |
|
|
BTW -- I don't need a helpful person to tell me to use scp instead of ftp. I use scp all the time.
However, to my knowledge, there is no
url scp:// tag in html, but there most certainly is a url ftp://. Thus you can use an ftp server as a web server,
and you can't use a Linux box running only sshd.
Crustily (but gratefully) yours. --picard out. _________________ I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman |
|
Back to top |
|
|
NightCrawler n00b
Joined: 14 Oct 2005 Posts: 2
|
Posted: Fri Oct 14, 2005 8:48 pm Post subject: |
|
|
I was having the same problem as you had, your posts helped me setup xinetd and ftpd working now, and so, I think I can help with your problem. Take a look at the /etc/xinetd.conf file, see if there's a line there saying: only_from: localhost. Comment it and your done!
Hope that helps. |
|
Back to top |
|
|
psi0nik n00b
Joined: 21 Nov 2003 Posts: 31
|
Posted: Fri Oct 14, 2005 9:38 pm Post subject: |
|
|
if you're looking for just file serving, with no CGI or anything else via HTTP, I'd suggest using publicfile. it's in portage, it's written by djb, author of qmail, which you may or may not be familiar with. it's a simple, ultra-secure web server that's perfect for what you're looking for (it also happens to do anonymous ftp). djb writes (in my opinion) really great, easy to configure, useful software that does exactly what's advertised and nothing else. he also tends to actually *finish* a piece of software rather than perpetually updating it. it's good stuff |
|
Back to top |
|
|
|