Sir_Yaro
November 8th, 2005, 02:52 PM
It's my first how-to in english so please don't be to severe... :D
go to :
http://glftpd.com/
download and unpack package.
cd /tmp
wget http://glftpd.com/files/glftpd-LNX_2.01.tgz
gunzip -c glftpd-LNX_2.01.tgz | tar -xvf -
change directory
$ cd glftpd-LNX_2.01
install required software:
sudo apt-get install xinetd zip unzip openssl tcpd
And run script as a root
# sudo sh installgl.sh
Thats is example how to answer the questions:
Use tcpd? [Y]es [N]o: y
Use a jailed environment? [Y]es [N]o: y
Please enter the private directory to install glftpd inside [/jail]: /jail
Use a private group? [Y]es [No]: y
What would you like your private group to be called? : glftpd
Who should have access to glftpd? (separate with ,): YOUR_USER(S)_NAME
Please enter the directory inside /jail to install glftpd to : /glftpd
Press <enter> for the default (glftpd)> glftpd
Enter a service name for glftpd. [...]
Press <enter> for the default (glftpd)> glftpd
modifying source (bin/sources/glconf.h) ... OK.
Compiling source files in /jail/glftpd/bin/sources to /jail/glftpd/bin:
ansi2gl .. OK.
dirlogclean .. OK.
dirloglist .. OK.
dirlogscanner .. OK.
dirlogsearch .. OK.
dupeadd .. OK.
dupecheck .. OK.
dupediradd .. OK.
dupelist .. OK.
dupescan .. OK.
flysfv .. OK.
ftpwho .. OK.
glupdate .. FAILED!
killghost .. OK.
nukelogclean .. OK.
nukelogscanner .. OK.
olddirclean2 .. OK.
undupe .. OK.
userstat .. OK.
weektop .. OK.
Failed to compile: /jail/glftpd/bin/sources/glupdate.c
Copying required shared library files:
libacl.so.1: OK
libattr.so.1: OK
libncurses.so.5: OK
libc.so.6: OK
libdl.so.2: OK
libm.so.6: OK
libpthread.so.0: OK
librt.so.1: OK
Copying your system's run-time library linker(s):
(NOTE: Searches can take a couple of minutes, please be patient.)
ld-linux.so.2: OK
Configuring the shared library cache . . . Done.
don't care about this error above (probably? :P )
Enter the port you would like glftpd to listen on [21]: 21
Do you wish to use European weeks? European weeks starts with a Monday.
This is for glftpd's 'reset' binary (see docs for more info) [Y/N]: y
Please specify location, inside /jail/glftpd,
to install the cert (ftpd-dsa.pem) [/etc]: /etc
Please specify a generic name for this certificate.
This can be any name but should say something about the ftp server
like the name for it perhaps (press enter for glftpd): SirYaroFTP
I've removed most of comunicates but all important remain.
Now server generate key, it've taken about 10 sec on my computer and about 2 minutes in old version of glftpd.
Probably You'll receive error like that:
Restarting inetd . . . Failed! You must restart inetd before using glftpd.
That's mean You need to install inetd superserver. Let's do it:
$ sudo apt-get install inetd
Czytanie list pakietów... Gotowe
Budowanie drzewa zależności... Gotowe
Uwaga, wybieranie inetutils-inetd zamiast inetd
Zostaną zainstalowane następujące NOWE pakiety:
inetutils-inetd
0 aktualizowanych, 1 nowo instalowanych, 0 usuwanych i 85 nieaktualizowanych.
Konieczne pobranie 37,6kB archiwów.
Po rozpakowaniu zostanie dodatkowo użyte 139kB miejsca na dysku.
Pob: 1 http://archive.ubuntu.com breezy/universe inetutils-inetd 2:1.4.2+20040207-4 [37,6kB]
Pobrano 37,6kB w 15s (2397B/s)
Prekonfiguracja pakietów ...
Zaznaczenie poprzednio niezaznaczonego pakietu inetutils-inetd.
(Odczytywanie bazy danych ... 103934 plików i katalogów obecnie zainstalowanych.)
Rozpakowanie inetutils-inetd (z .../inetutils-inetd_2%3a1.4.2+20040207-4_i386.deb) ...
Konfigurowanie inetutils-inetd (1.4.2+20040207-4) ...
Starting internet superserver: inetd.
$
Server will start automatically, let check it:
# nmap localhost|grep 21
21/tcp open ftp
Now we need to edit config:
sudo mcedit /jail/glftpd.conf
#shutdown 1
define if server is on or off
0 - yes
1 - only for admin
!* - off
# at the begining - server works for all
sitename_long MY[:space:]SITE[:space:]NAME
Long name of the server. Replace every space with [:space:] string.
sitename_short MSN
short name of the server
email root@127.0.0.1
admin email
rootpath /jail/glftpd
where is server root path (do not change)
Following lines leave unchanged:
-----------------------------------------
# Path relative to the ROOTPATH.
datapath /ftp-data
welcome_msg /ftp-data/misc/welcome.msg *
goodbye_msg /ftp-data/misc/goodbye.msg *
newsfile /ftp-data/misc/newsfile *
banner /ftp-data/misc/banner
# TLS enforcements.
userrejectsecure !*
userrejectinsecure !*
denydiruncrypted !*
denydatauncrypted !*
-----------------------------------------
color_mode 0
Display colour listings?
Turn off - it makes only problems
put # before line:
site_cmd LOCATE EXEC /bin/locate.sh
free_space 20
How much free space is required to grant upload permision
max_users 15 5
How many user may be logged in at the same time
total_users 300
Maximum accounts amount on server
# dupecheck how many days? ignore file case like Windows?
dupe_check 7 no
Files duplicate checking. If You have good, stable bandwidth use it. Otherwise put turn it off - it may cause a lot of problems.
ex:
dupe_check 0 no
nodupecheck *
dl_incomplete 0
To allow downloading unfinished files put 1 instead of 0
min_homedir /site
Inside this directory root directory (accessible for ftp users) of server is located.
Now couple examples of additional configuration:
upload /site/katalog/* *
everybody can upload to "katalog" directory
upload /site/katalog/Encore/* -seem
only "seem" user can upload to "katalog/Encore" directory
upload * -yaro -admin
users admin and yaro can upload everywhere
download * *
everybody can download everywhere
rename * admin 1 =STAFF
only admin, STAFF group and users with flag "1" can rename files and directories on all server
renameown * *
everybody can rename own files and directories
delete * 1
only users with flag "1" can delete on all server
privpath /site/Upload/by.Blaster -yaro 1 -blaster
above-mentioned directory (Upload/by.Blaster) is visible only for user "yaro", "blaster" and users with flag "1"
I think that's all from additional options
Now we may log in (login glftpd, password glftpd). IN EXACTLY THE SAME WAY LIKE ME
# ftp 127.0.0.1
Connected to 127.0.0.1.
220 MY SITE NAME (glFTPd 2.00 Linux+TLS) ready.
Name (127.0.0.1:root): glftpd
331 Password required for glftpd.
Password:
230- _____
230- ______________________________|__ |____ ________________________________
230- \ _ / _ / _ / | | _ / _ / _ /
230- \ \ / / / /____/. | | / / /____/. /_____/
230- \________/____/ /______ |___|____|___/ /______ |____|
230- .-=----------- /____/ ---- |____| --------- /____/ ---- |____| -------=-.
230- `-=-------------------------------------------------------------------=-'
230- `-----( Type 'site onel MESSAGE' to enter your message )-----'
230 User glftpd logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
If You received an error like this:
Connected to 127.0.0.1.
421 Service not available, remote server has closed connection
ftp> quit
do (UNSECURE!!!!!! but always working):
echo 'IP *@*'>>/jail/glftpd/ftp-data/users/glftpd
or:
echo 'IP *@your.ip.addres.here'>>/jail/glftpd/ftp-data/users/glftpd
ex:
echo 'IP *@83.141.171.241'>>/jail/glftpd/ftp-data/users/glftpd
or (probably UNSECURE as well):
echo 'IP *@0.0.0.0'>>/jail/glftpd/ftp-data/users/glftpd
It's happen beacause of some strange reasons you're not identified as some concrete ident and ip address. Look here:
$ sudo cat /jail/glftpd/ftp-data/logs/login.log
Wed Nov 23 16:23:37 2005 [6585 ] *@0.0.0.0 (0.0.0.0): connection refused: ident@ip not added to any users.
Wed Nov 23 16:23:48 2005 [6639 ] *@0.0.0.0 (0.0.0.0): connection refused: ident@ip not added to any users.
Wed Nov 23 16:28:10 2005 [7679 ] *@0.0.0.0 (0.0.0.0): connection refused: ident@ip not added to any users.
After this actions you can notice change(s) on the end of user file:
# cat /jail/glftpd/ftp-data/users/glftpd |tail -n 4
NUKE 0 0 0
TIME 1 923341886 0 0
IP *@127.0.0.1
IP *@83.141.171.241
#
Now try login again:
$ ftp 127.0.0.1
Connected to 127.0.0.1.
220 MY SITE NAME (glFTPd 2.00 Linux+TLS) ready.
Name (127.0.0.1:yaro):
Now let's back to the point:
receiving informations about glftpd user
ftp> site user glftpd
200- User Comment: glftpd
200- +================================================= ======================+
200- | Username: glftpd Created: 0 |
200- | Added by: Expires: Never |
200- | Time On Today: 00:00 Last seen: Thu Apr 21 14:44:15 2005|
200- | Flags: 1 Idle time: Disabled |
200- | Ratio: 1:3 Credits: 4.9 MB |
200- | Total Logins: 2 Current Logins: 1 |
200- | Max Logins: 2 From same IP: Unlimited |
200- | Max Sim Uploads: Unlimited Max Sim Downloads: Unlimited |
200- | Max Upload Speed: 0.0 K/s Max Download Speed: 0.0 K/s |
200- | Times Nuked: 0 Bytes Nuked: 0 MB |
200- | Weekly Allotment: 0 MB Messages Waiting: N |
200- | Time Limit: 0 minutes. (0 = Unlimited) |
200- | Tagline: Glftpd default user |
200- | Groups: |
200- | Priv Groups: |
200- +-----------------------------------------------------------------------+
200- | IP0: *@127.0.0.1 IP1: *@0.0.0.0 |
200- | IP2: IP3: |
200- | IP4: IP5: |
200- | IP6: IP7: |
200- | IP8: IP9: |
200- +================================================= ======================+
200 Command Successful.
ftp>
On the very same end You can see from which IP's You can log in using this account.To allow every ip enter *@*
Additionally You can see flag "1" mentioned above.
Description of all flags:
Flagname Flag Description
-------------------------------------------------------------
SITEOP 1 User is siteop.
GADMIN 2 User is Groupadmin of one of his/her groups
(doesn't work for private groups).
GLOCK 3 User cannot change group.
EXEMPT 4 Allows to log in when site is full. Also allows
user to do "site idle 0", which is the same as
having the idler flag. Also exempts the user
from the sim_xfers limit in config file.
COLOR 5 Enable/Disable the use of color (toggle with "site color").
DELETED 6 User is deleted.
USEREDIT 7 "Co-Siteop"
ANON 8 User is anonymous (per-session like login).
Let receive information about existing users:
ftp> site users
Now we may create new user "test" with password "test" allowed to log in from any IP address
ftp> site adduser
200- .-------------------------------------------------------.
200- | USAGE: SITE ADDUSER <username> <password> <IP#1 - 5> |
200- | |
200- | <username> The username to add. |
200- | <password> The password to set for this user. |
200- | <IP#1 - 5> Optional: Up to 5 ips may be specified here. |
200- | |
200- | After you add a user, use "SITE ADDIP" to add IP's to |
200- | the new account. |
200- `-------------------------------------------------------'
200 Command Successful.
ftp> site adduser test test *@*
200- User created, now adding IPs...
200- IP '*@*' successfully added to test.
200-
200 User (test) successfully added.
ftp>
Let's change some settings (it can download any one thing at the same time and it is FTP operator)
ftp> site change
200- -----------------------------------------------------------
200- SITE CHANGE <username> <field> <value>
200- SITE CHANGE { <user1> <user2> } <field> <value>
200- SITE CHANGE =<group> <field> <value>
200- SITE CHANGE * <field> <value>
200- -----------------------------------------------------------
200-
200- Fields: ratio
200- sratio
200- wkly_allotment [#,]#
200- max_dlspeed
200- max_ulspeed
200- max_sim_down
200- max_sim_up
200- timeframe # #
200- credits
200- flags
200- homedir
200- idle_time
200- startup_dir
200- num_logins # [#]
200- time_limit
200- tagline
200- comment
200- expires [yyyy-mm-dd]
200- -----------------------------------------------------------
200 Command Successful.
ftp> site change test max_sim_down 1
200 Command Successful.
ftp> site change test flags +1
200 Command Successful.
ftp>
display this informations:
ftp> site user test
200- User Comment: Added by glftpd
200- +================================================= ======================+
200- | Username: test Created: 04-21-05 |
200- | Added by: glftpd Expires: Never |
200- | Time On Today: 00:00 Last seen: Thu Apr 21 14:52:41 2005|
200- | Flags: 13 Idle time: Disabled |
200- | Ratio: 1:3 Credits: 14.6 MB |
200- | Total Logins: 0 Current Logins: 0 |
200- | Max Logins: 2 From same IP: Unlimited |
200- | Max Sim Uploads: Unlimited Max Sim Downloads: 1 |
200- | Max Upload Speed: 0.0 K/s Max Download Speed: 0.0 K/s |
200- | Times Nuked: 0 Bytes Nuked: 0 MB |
200- | Weekly Allotment: 0 MB Messages Waiting: N |
200- | Time Limit: 0 minutes. (0 = Unlimited) |
200- | Tagline: No Tagline Set |
200- | Groups: |
200- | Priv Groups: |
200- +-----------------------------------------------------------------------+
200- | IP0: *@* IP1: |
200- | IP2: IP3: |
200- | IP4: IP5: |
200- | IP6: IP7: |
200- | IP8: IP9: |
200- +================================================= ======================+
200 Command Successful.
ftp>
Now, You can see flags "1" and "3" as well as restriction in d/l field
Lot of information You can find in file
/jail/glftpd/docs/glftpd.docs
In practise You may (it's up to You) chmod everything in /jail/glftpd/site to 777 because server control access rights by itself. Otherwise You need to take care of this rights for server (reading, writing etc access)
If You wan't to share some directory located outside /jail/glftpd/site (Do You remember
min_homedir /site ??) directory You can do it only like that:
mount --bind /source/directory/ /jail/glftpd/site/target/directory/
and add this entry for example to /etc/rc.local
serwer ma wiecej mozliwosci niz bedziemy kiedykolwiek potrzebowac....
All accesible commands You may receive after invoking command:
ftp> SITE HELP
Good luck!
please forgive me my poor english.... :)
Added on 29/06/2007:
Thanks Sir_Yaro for the great tutorial
i need some more help
i have followed your tutorial and installed successfully
now all i want to know is how to make usergroups and its permission
There is simple example in glftpd.conf already:
################################################## ############################
################## THE RIGHTS SECTION BEGINS HERE ####################
################################################## ############################
# (you can use a ! in front of any group/user/flag to negate it) #
# The default is no, you don't need to add "!*" at the end #
# #
# Function Path =GROUP or -username or X (flag) #
################################################## ############################
upload * -yaro -mac
resume * *
makedir * *
download * *
dirlog * *
rename * 1 =STAFF
filemove * 1 =STAFF
renameown * *
nuke * *
delete * 1
deleteown * *
################################################## ############################
################### THE RIGHTS SECTION ENDS HERE #####################
################################################## ############################
This one might be altered a bit by me. Im not sure.
As u can see there is group STAFF which has 2 extra rights. People in this group can rename and move (filemove) file no matter where they are (*). U can add specific rights to different groups in a same way. Also u can limit access to this right/option to spacific path.
For example:
makedir /path/to/directory *
Allow everyone to create directories (makedir) only in /path/to/directory .
Now u can login to ftp and create new group.
By default it can be done only by glftpd user because he's the only one who has admin flag (1) set up:
ftp> site user glftpd
200- User Comment: glftpd
200- +================================================= ======================+
200- | Username: glftpd Created: 0 |
200- | Added by: Expires: Never |
200- | Time On Today: 00:00 Last seen: Fri Jun 29 14:11:55 2007|
200- | Flags: 15 Idle time: Disabled |
200- | Ratio: 1:3 Credits: 4.9 MB |
200- | Total Logins: 10 Current Logins: 1 |
200- | Max Logins: 2 From same IP: Unlimited |
200- | Max Sim Uploads: Unlimited Max Sim Downloads: Unlimited |
200- | Max Upload Speed: 0.0 K/s Max Download Speed: 0.0 K/s |
200- | Times Nuked: 0 Bytes Nuked: 0 MB |
200- | Weekly Allotment: 0 MB Messages Waiting: N |
200- | Time Limit: 0 minutes. (0 = Unlimited) |
200- | Tagline: Glftpd default user |
200- | Groups: |
200- | Priv Groups: |
200- +-----------------------------------------------------------------------+
200- | IP0: *@127.0.0.1 IP1: *@* |
200- | IP2: IP3: |
200- | IP4: IP5: |
200- | IP6: IP7: |
200- | IP8: IP9: |
200- +================================================= ======================+
200 Command Successful.
ftp>
and with this:
-groupcomment 1
-grpadd 1
-grpchange 1
located approximately at the end of glftpd.conf we can see that only users with admin flag has access to this comand. We can add this flag to specified other users:
site change USER flags +1
or just allow user with other flags to use this command (VERY BAD idea):
-grpadd 148
Flagname Flag Description
-------------------------------------------------------------
SITEOP 1 User is siteop.
GADMIN 2 User is Groupadmin of one of his/her groups
(doesn't work for private groups).
GLOCK 3 User cannot change group.
EXEMPT 4 Allows to log in when site is full. Also allows
user to do "site idle 0", which is the same as
having the idler flag. Also exempts the user
from the sim_xfers limit in config file.
COLOR 5 Enable/Disable the use of color (toggle with "site color").
DELETED 6 User is deleted.
USEREDIT 7 "Co-Siteop"
ANON 8 User is anonymous (per-session like login).
So to create new group u need access to GRPADD command. U can check if u have it with site help command:
230 User glftpd logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> site help
200- --=--------------------- Available SITE commands ---------------------=--
200- TAGLINE: Change Your Tagline
200- WKUP: Show Weektop Uploaders
200- WKDN: Show Weektop Downloaders
200- ALUP: Show Alltime Uploaders
200- ALDN: Show Alltime Downloaders
200- GPWK: Show Weektop Groups
200- GPMONTHUP: Show Month Top Groups
200- GPAL: Show Alltime Top Groups
200- GPWD: Show Weektop Group Downloaders
200- GPMONTHDN: Show Month Top Group Downloaders
200- GPAD: Show Alltime Top Group Downloaders
200- DAYUP: Today's Top Uploaders
200- DAYDN: Today's Top Downloaders
200- MONTHUP: Show MonthTop Uploaders
200- MONTHDN: Show MonthTop Downloaders
200- TRAFFIC: Show Site Traffic
200- REQUEST: Make a Request
200- REQFILLED: Mark a Request as Filled
200- WELCOME: Show Welcome Message
200- RULES: Show Site Rules
200- USER: Show Users On Site (Type username to see users stats)
200- NUKES: Show Nukes
200- UNNUKES: Show UnNukes
200- DUPE: Search Dupe Database
200- TIME: Show Local Time
200- NEW: Show Recent Dirs
200- GROUP: Join/Leave Groups
200- ONEL: Add/View Onliners
200- MSG: Send a Message
200- WHO: See who's online
200- COLOR: Toggle Color
200- SEEN: See when a user was last on
200- LASTON: Display stats of last users online
200- SEARCH: Locate a DIR on the site.
200- PASSWD: Change Password
200- VERS: Show Daemon Version
200- STAT: Show Statline
200- IDLE: Show Minimum and Maximum Idle Timeout
200- GINFO: Detailed nfo of Groups
200- USERS: List Users on Site
200- DELIP: SITE DELIP <yourownusername> # (delete your own IP's)
200- ADDIP: Add IP To a User
200- DELIP: Delete an IP From a User
200- ADDUSER: Add User
200- DELUSER: Delete User
200- READD: Readd Deleted User
200- CHANGE: Change Field For a User
200- GADDUSER: Add User and put him in a group
200- RENUSER: Rename User
200- CHPASS: Change Another User's Password
200- GRPADD: Add group
200- GRPDEL: Delete group
200- GRPNFO: Change Group nfo
200- GRPREN: Rename group
200- GRP: Show extended group info
200- CHGRP: Change a user's group
200- GRPCHANGE: Change group settings
200- CHGADMIN: Change the gadmin(s) for a group
200- LOGINS: Login Log
200- SYSLOG: Syslog Log of User Changes
200- UPDATE: Update DirLog Database
200- PURGE: Purge Deleted Users
200 Use "SITE HELP <command>" for syntax help.
ftp>
So to add group test execute:
ftp> site grpadd test
200 Group (test) successfully added.
to move existing user to this group:
ftp> site CHGRP mac test
200- 'mac' has been successfully added to 'test'
200 Command Successful.
to create new user and put him in an existing group:
ftp> site GADDUSER test newuser password *@127.0.0.1
200- User created, now adding IPs...
200- IP '*@127.0.0.1' successfully added to newuser.
200-
200 User (newuser) successfully added to group test.
ftp>
Also u can create description for a groups and mark some paths as private for specific users, flags or groups:
################################################## ##########################
# Private Groups: privgroup GROUPNAME GROUPDESC #
################################################## ##########################
privgroup STAFF My[:space:]Private[:space:]Group
################################################## ##########################
# PRIVPATHS: Directories should be uniquely named (no wildcards) #
################################################## ##########################
privpath /site/admins_only 1
privpath /site/privatedir 1 =STAFF
privpath /site/privatedir2 1 =TEST
privpath /site/privatedir3 1 =STAFF -yaro -mac
privpath /site/privatedir4 1 =STAFF -yaro -mac =TEST
plus how will my user will acess the ftp to upload or download the files
is there any clients or any other way
http://ubuntuforums.org/showthread.php?t=351841
http://en.wikipedia.org/wiki/List_of_FTP_clients
go to :
http://glftpd.com/
download and unpack package.
cd /tmp
wget http://glftpd.com/files/glftpd-LNX_2.01.tgz
gunzip -c glftpd-LNX_2.01.tgz | tar -xvf -
change directory
$ cd glftpd-LNX_2.01
install required software:
sudo apt-get install xinetd zip unzip openssl tcpd
And run script as a root
# sudo sh installgl.sh
Thats is example how to answer the questions:
Use tcpd? [Y]es [N]o: y
Use a jailed environment? [Y]es [N]o: y
Please enter the private directory to install glftpd inside [/jail]: /jail
Use a private group? [Y]es [No]: y
What would you like your private group to be called? : glftpd
Who should have access to glftpd? (separate with ,): YOUR_USER(S)_NAME
Please enter the directory inside /jail to install glftpd to : /glftpd
Press <enter> for the default (glftpd)> glftpd
Enter a service name for glftpd. [...]
Press <enter> for the default (glftpd)> glftpd
modifying source (bin/sources/glconf.h) ... OK.
Compiling source files in /jail/glftpd/bin/sources to /jail/glftpd/bin:
ansi2gl .. OK.
dirlogclean .. OK.
dirloglist .. OK.
dirlogscanner .. OK.
dirlogsearch .. OK.
dupeadd .. OK.
dupecheck .. OK.
dupediradd .. OK.
dupelist .. OK.
dupescan .. OK.
flysfv .. OK.
ftpwho .. OK.
glupdate .. FAILED!
killghost .. OK.
nukelogclean .. OK.
nukelogscanner .. OK.
olddirclean2 .. OK.
undupe .. OK.
userstat .. OK.
weektop .. OK.
Failed to compile: /jail/glftpd/bin/sources/glupdate.c
Copying required shared library files:
libacl.so.1: OK
libattr.so.1: OK
libncurses.so.5: OK
libc.so.6: OK
libdl.so.2: OK
libm.so.6: OK
libpthread.so.0: OK
librt.so.1: OK
Copying your system's run-time library linker(s):
(NOTE: Searches can take a couple of minutes, please be patient.)
ld-linux.so.2: OK
Configuring the shared library cache . . . Done.
don't care about this error above (probably? :P )
Enter the port you would like glftpd to listen on [21]: 21
Do you wish to use European weeks? European weeks starts with a Monday.
This is for glftpd's 'reset' binary (see docs for more info) [Y/N]: y
Please specify location, inside /jail/glftpd,
to install the cert (ftpd-dsa.pem) [/etc]: /etc
Please specify a generic name for this certificate.
This can be any name but should say something about the ftp server
like the name for it perhaps (press enter for glftpd): SirYaroFTP
I've removed most of comunicates but all important remain.
Now server generate key, it've taken about 10 sec on my computer and about 2 minutes in old version of glftpd.
Probably You'll receive error like that:
Restarting inetd . . . Failed! You must restart inetd before using glftpd.
That's mean You need to install inetd superserver. Let's do it:
$ sudo apt-get install inetd
Czytanie list pakietów... Gotowe
Budowanie drzewa zależności... Gotowe
Uwaga, wybieranie inetutils-inetd zamiast inetd
Zostaną zainstalowane następujące NOWE pakiety:
inetutils-inetd
0 aktualizowanych, 1 nowo instalowanych, 0 usuwanych i 85 nieaktualizowanych.
Konieczne pobranie 37,6kB archiwów.
Po rozpakowaniu zostanie dodatkowo użyte 139kB miejsca na dysku.
Pob: 1 http://archive.ubuntu.com breezy/universe inetutils-inetd 2:1.4.2+20040207-4 [37,6kB]
Pobrano 37,6kB w 15s (2397B/s)
Prekonfiguracja pakietów ...
Zaznaczenie poprzednio niezaznaczonego pakietu inetutils-inetd.
(Odczytywanie bazy danych ... 103934 plików i katalogów obecnie zainstalowanych.)
Rozpakowanie inetutils-inetd (z .../inetutils-inetd_2%3a1.4.2+20040207-4_i386.deb) ...
Konfigurowanie inetutils-inetd (1.4.2+20040207-4) ...
Starting internet superserver: inetd.
$
Server will start automatically, let check it:
# nmap localhost|grep 21
21/tcp open ftp
Now we need to edit config:
sudo mcedit /jail/glftpd.conf
#shutdown 1
define if server is on or off
0 - yes
1 - only for admin
!* - off
# at the begining - server works for all
sitename_long MY[:space:]SITE[:space:]NAME
Long name of the server. Replace every space with [:space:] string.
sitename_short MSN
short name of the server
email root@127.0.0.1
admin email
rootpath /jail/glftpd
where is server root path (do not change)
Following lines leave unchanged:
-----------------------------------------
# Path relative to the ROOTPATH.
datapath /ftp-data
welcome_msg /ftp-data/misc/welcome.msg *
goodbye_msg /ftp-data/misc/goodbye.msg *
newsfile /ftp-data/misc/newsfile *
banner /ftp-data/misc/banner
# TLS enforcements.
userrejectsecure !*
userrejectinsecure !*
denydiruncrypted !*
denydatauncrypted !*
-----------------------------------------
color_mode 0
Display colour listings?
Turn off - it makes only problems
put # before line:
site_cmd LOCATE EXEC /bin/locate.sh
free_space 20
How much free space is required to grant upload permision
max_users 15 5
How many user may be logged in at the same time
total_users 300
Maximum accounts amount on server
# dupecheck how many days? ignore file case like Windows?
dupe_check 7 no
Files duplicate checking. If You have good, stable bandwidth use it. Otherwise put turn it off - it may cause a lot of problems.
ex:
dupe_check 0 no
nodupecheck *
dl_incomplete 0
To allow downloading unfinished files put 1 instead of 0
min_homedir /site
Inside this directory root directory (accessible for ftp users) of server is located.
Now couple examples of additional configuration:
upload /site/katalog/* *
everybody can upload to "katalog" directory
upload /site/katalog/Encore/* -seem
only "seem" user can upload to "katalog/Encore" directory
upload * -yaro -admin
users admin and yaro can upload everywhere
download * *
everybody can download everywhere
rename * admin 1 =STAFF
only admin, STAFF group and users with flag "1" can rename files and directories on all server
renameown * *
everybody can rename own files and directories
delete * 1
only users with flag "1" can delete on all server
privpath /site/Upload/by.Blaster -yaro 1 -blaster
above-mentioned directory (Upload/by.Blaster) is visible only for user "yaro", "blaster" and users with flag "1"
I think that's all from additional options
Now we may log in (login glftpd, password glftpd). IN EXACTLY THE SAME WAY LIKE ME
# ftp 127.0.0.1
Connected to 127.0.0.1.
220 MY SITE NAME (glFTPd 2.00 Linux+TLS) ready.
Name (127.0.0.1:root): glftpd
331 Password required for glftpd.
Password:
230- _____
230- ______________________________|__ |____ ________________________________
230- \ _ / _ / _ / | | _ / _ / _ /
230- \ \ / / / /____/. | | / / /____/. /_____/
230- \________/____/ /______ |___|____|___/ /______ |____|
230- .-=----------- /____/ ---- |____| --------- /____/ ---- |____| -------=-.
230- `-=-------------------------------------------------------------------=-'
230- `-----( Type 'site onel MESSAGE' to enter your message )-----'
230 User glftpd logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
If You received an error like this:
Connected to 127.0.0.1.
421 Service not available, remote server has closed connection
ftp> quit
do (UNSECURE!!!!!! but always working):
echo 'IP *@*'>>/jail/glftpd/ftp-data/users/glftpd
or:
echo 'IP *@your.ip.addres.here'>>/jail/glftpd/ftp-data/users/glftpd
ex:
echo 'IP *@83.141.171.241'>>/jail/glftpd/ftp-data/users/glftpd
or (probably UNSECURE as well):
echo 'IP *@0.0.0.0'>>/jail/glftpd/ftp-data/users/glftpd
It's happen beacause of some strange reasons you're not identified as some concrete ident and ip address. Look here:
$ sudo cat /jail/glftpd/ftp-data/logs/login.log
Wed Nov 23 16:23:37 2005 [6585 ] *@0.0.0.0 (0.0.0.0): connection refused: ident@ip not added to any users.
Wed Nov 23 16:23:48 2005 [6639 ] *@0.0.0.0 (0.0.0.0): connection refused: ident@ip not added to any users.
Wed Nov 23 16:28:10 2005 [7679 ] *@0.0.0.0 (0.0.0.0): connection refused: ident@ip not added to any users.
After this actions you can notice change(s) on the end of user file:
# cat /jail/glftpd/ftp-data/users/glftpd |tail -n 4
NUKE 0 0 0
TIME 1 923341886 0 0
IP *@127.0.0.1
IP *@83.141.171.241
#
Now try login again:
$ ftp 127.0.0.1
Connected to 127.0.0.1.
220 MY SITE NAME (glFTPd 2.00 Linux+TLS) ready.
Name (127.0.0.1:yaro):
Now let's back to the point:
receiving informations about glftpd user
ftp> site user glftpd
200- User Comment: glftpd
200- +================================================= ======================+
200- | Username: glftpd Created: 0 |
200- | Added by: Expires: Never |
200- | Time On Today: 00:00 Last seen: Thu Apr 21 14:44:15 2005|
200- | Flags: 1 Idle time: Disabled |
200- | Ratio: 1:3 Credits: 4.9 MB |
200- | Total Logins: 2 Current Logins: 1 |
200- | Max Logins: 2 From same IP: Unlimited |
200- | Max Sim Uploads: Unlimited Max Sim Downloads: Unlimited |
200- | Max Upload Speed: 0.0 K/s Max Download Speed: 0.0 K/s |
200- | Times Nuked: 0 Bytes Nuked: 0 MB |
200- | Weekly Allotment: 0 MB Messages Waiting: N |
200- | Time Limit: 0 minutes. (0 = Unlimited) |
200- | Tagline: Glftpd default user |
200- | Groups: |
200- | Priv Groups: |
200- +-----------------------------------------------------------------------+
200- | IP0: *@127.0.0.1 IP1: *@0.0.0.0 |
200- | IP2: IP3: |
200- | IP4: IP5: |
200- | IP6: IP7: |
200- | IP8: IP9: |
200- +================================================= ======================+
200 Command Successful.
ftp>
On the very same end You can see from which IP's You can log in using this account.To allow every ip enter *@*
Additionally You can see flag "1" mentioned above.
Description of all flags:
Flagname Flag Description
-------------------------------------------------------------
SITEOP 1 User is siteop.
GADMIN 2 User is Groupadmin of one of his/her groups
(doesn't work for private groups).
GLOCK 3 User cannot change group.
EXEMPT 4 Allows to log in when site is full. Also allows
user to do "site idle 0", which is the same as
having the idler flag. Also exempts the user
from the sim_xfers limit in config file.
COLOR 5 Enable/Disable the use of color (toggle with "site color").
DELETED 6 User is deleted.
USEREDIT 7 "Co-Siteop"
ANON 8 User is anonymous (per-session like login).
Let receive information about existing users:
ftp> site users
Now we may create new user "test" with password "test" allowed to log in from any IP address
ftp> site adduser
200- .-------------------------------------------------------.
200- | USAGE: SITE ADDUSER <username> <password> <IP#1 - 5> |
200- | |
200- | <username> The username to add. |
200- | <password> The password to set for this user. |
200- | <IP#1 - 5> Optional: Up to 5 ips may be specified here. |
200- | |
200- | After you add a user, use "SITE ADDIP" to add IP's to |
200- | the new account. |
200- `-------------------------------------------------------'
200 Command Successful.
ftp> site adduser test test *@*
200- User created, now adding IPs...
200- IP '*@*' successfully added to test.
200-
200 User (test) successfully added.
ftp>
Let's change some settings (it can download any one thing at the same time and it is FTP operator)
ftp> site change
200- -----------------------------------------------------------
200- SITE CHANGE <username> <field> <value>
200- SITE CHANGE { <user1> <user2> } <field> <value>
200- SITE CHANGE =<group> <field> <value>
200- SITE CHANGE * <field> <value>
200- -----------------------------------------------------------
200-
200- Fields: ratio
200- sratio
200- wkly_allotment [#,]#
200- max_dlspeed
200- max_ulspeed
200- max_sim_down
200- max_sim_up
200- timeframe # #
200- credits
200- flags
200- homedir
200- idle_time
200- startup_dir
200- num_logins # [#]
200- time_limit
200- tagline
200- comment
200- expires [yyyy-mm-dd]
200- -----------------------------------------------------------
200 Command Successful.
ftp> site change test max_sim_down 1
200 Command Successful.
ftp> site change test flags +1
200 Command Successful.
ftp>
display this informations:
ftp> site user test
200- User Comment: Added by glftpd
200- +================================================= ======================+
200- | Username: test Created: 04-21-05 |
200- | Added by: glftpd Expires: Never |
200- | Time On Today: 00:00 Last seen: Thu Apr 21 14:52:41 2005|
200- | Flags: 13 Idle time: Disabled |
200- | Ratio: 1:3 Credits: 14.6 MB |
200- | Total Logins: 0 Current Logins: 0 |
200- | Max Logins: 2 From same IP: Unlimited |
200- | Max Sim Uploads: Unlimited Max Sim Downloads: 1 |
200- | Max Upload Speed: 0.0 K/s Max Download Speed: 0.0 K/s |
200- | Times Nuked: 0 Bytes Nuked: 0 MB |
200- | Weekly Allotment: 0 MB Messages Waiting: N |
200- | Time Limit: 0 minutes. (0 = Unlimited) |
200- | Tagline: No Tagline Set |
200- | Groups: |
200- | Priv Groups: |
200- +-----------------------------------------------------------------------+
200- | IP0: *@* IP1: |
200- | IP2: IP3: |
200- | IP4: IP5: |
200- | IP6: IP7: |
200- | IP8: IP9: |
200- +================================================= ======================+
200 Command Successful.
ftp>
Now, You can see flags "1" and "3" as well as restriction in d/l field
Lot of information You can find in file
/jail/glftpd/docs/glftpd.docs
In practise You may (it's up to You) chmod everything in /jail/glftpd/site to 777 because server control access rights by itself. Otherwise You need to take care of this rights for server (reading, writing etc access)
If You wan't to share some directory located outside /jail/glftpd/site (Do You remember
min_homedir /site ??) directory You can do it only like that:
mount --bind /source/directory/ /jail/glftpd/site/target/directory/
and add this entry for example to /etc/rc.local
serwer ma wiecej mozliwosci niz bedziemy kiedykolwiek potrzebowac....
All accesible commands You may receive after invoking command:
ftp> SITE HELP
Good luck!
please forgive me my poor english.... :)
Added on 29/06/2007:
Thanks Sir_Yaro for the great tutorial
i need some more help
i have followed your tutorial and installed successfully
now all i want to know is how to make usergroups and its permission
There is simple example in glftpd.conf already:
################################################## ############################
################## THE RIGHTS SECTION BEGINS HERE ####################
################################################## ############################
# (you can use a ! in front of any group/user/flag to negate it) #
# The default is no, you don't need to add "!*" at the end #
# #
# Function Path =GROUP or -username or X (flag) #
################################################## ############################
upload * -yaro -mac
resume * *
makedir * *
download * *
dirlog * *
rename * 1 =STAFF
filemove * 1 =STAFF
renameown * *
nuke * *
delete * 1
deleteown * *
################################################## ############################
################### THE RIGHTS SECTION ENDS HERE #####################
################################################## ############################
This one might be altered a bit by me. Im not sure.
As u can see there is group STAFF which has 2 extra rights. People in this group can rename and move (filemove) file no matter where they are (*). U can add specific rights to different groups in a same way. Also u can limit access to this right/option to spacific path.
For example:
makedir /path/to/directory *
Allow everyone to create directories (makedir) only in /path/to/directory .
Now u can login to ftp and create new group.
By default it can be done only by glftpd user because he's the only one who has admin flag (1) set up:
ftp> site user glftpd
200- User Comment: glftpd
200- +================================================= ======================+
200- | Username: glftpd Created: 0 |
200- | Added by: Expires: Never |
200- | Time On Today: 00:00 Last seen: Fri Jun 29 14:11:55 2007|
200- | Flags: 15 Idle time: Disabled |
200- | Ratio: 1:3 Credits: 4.9 MB |
200- | Total Logins: 10 Current Logins: 1 |
200- | Max Logins: 2 From same IP: Unlimited |
200- | Max Sim Uploads: Unlimited Max Sim Downloads: Unlimited |
200- | Max Upload Speed: 0.0 K/s Max Download Speed: 0.0 K/s |
200- | Times Nuked: 0 Bytes Nuked: 0 MB |
200- | Weekly Allotment: 0 MB Messages Waiting: N |
200- | Time Limit: 0 minutes. (0 = Unlimited) |
200- | Tagline: Glftpd default user |
200- | Groups: |
200- | Priv Groups: |
200- +-----------------------------------------------------------------------+
200- | IP0: *@127.0.0.1 IP1: *@* |
200- | IP2: IP3: |
200- | IP4: IP5: |
200- | IP6: IP7: |
200- | IP8: IP9: |
200- +================================================= ======================+
200 Command Successful.
ftp>
and with this:
-groupcomment 1
-grpadd 1
-grpchange 1
located approximately at the end of glftpd.conf we can see that only users with admin flag has access to this comand. We can add this flag to specified other users:
site change USER flags +1
or just allow user with other flags to use this command (VERY BAD idea):
-grpadd 148
Flagname Flag Description
-------------------------------------------------------------
SITEOP 1 User is siteop.
GADMIN 2 User is Groupadmin of one of his/her groups
(doesn't work for private groups).
GLOCK 3 User cannot change group.
EXEMPT 4 Allows to log in when site is full. Also allows
user to do "site idle 0", which is the same as
having the idler flag. Also exempts the user
from the sim_xfers limit in config file.
COLOR 5 Enable/Disable the use of color (toggle with "site color").
DELETED 6 User is deleted.
USEREDIT 7 "Co-Siteop"
ANON 8 User is anonymous (per-session like login).
So to create new group u need access to GRPADD command. U can check if u have it with site help command:
230 User glftpd logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> site help
200- --=--------------------- Available SITE commands ---------------------=--
200- TAGLINE: Change Your Tagline
200- WKUP: Show Weektop Uploaders
200- WKDN: Show Weektop Downloaders
200- ALUP: Show Alltime Uploaders
200- ALDN: Show Alltime Downloaders
200- GPWK: Show Weektop Groups
200- GPMONTHUP: Show Month Top Groups
200- GPAL: Show Alltime Top Groups
200- GPWD: Show Weektop Group Downloaders
200- GPMONTHDN: Show Month Top Group Downloaders
200- GPAD: Show Alltime Top Group Downloaders
200- DAYUP: Today's Top Uploaders
200- DAYDN: Today's Top Downloaders
200- MONTHUP: Show MonthTop Uploaders
200- MONTHDN: Show MonthTop Downloaders
200- TRAFFIC: Show Site Traffic
200- REQUEST: Make a Request
200- REQFILLED: Mark a Request as Filled
200- WELCOME: Show Welcome Message
200- RULES: Show Site Rules
200- USER: Show Users On Site (Type username to see users stats)
200- NUKES: Show Nukes
200- UNNUKES: Show UnNukes
200- DUPE: Search Dupe Database
200- TIME: Show Local Time
200- NEW: Show Recent Dirs
200- GROUP: Join/Leave Groups
200- ONEL: Add/View Onliners
200- MSG: Send a Message
200- WHO: See who's online
200- COLOR: Toggle Color
200- SEEN: See when a user was last on
200- LASTON: Display stats of last users online
200- SEARCH: Locate a DIR on the site.
200- PASSWD: Change Password
200- VERS: Show Daemon Version
200- STAT: Show Statline
200- IDLE: Show Minimum and Maximum Idle Timeout
200- GINFO: Detailed nfo of Groups
200- USERS: List Users on Site
200- DELIP: SITE DELIP <yourownusername> # (delete your own IP's)
200- ADDIP: Add IP To a User
200- DELIP: Delete an IP From a User
200- ADDUSER: Add User
200- DELUSER: Delete User
200- READD: Readd Deleted User
200- CHANGE: Change Field For a User
200- GADDUSER: Add User and put him in a group
200- RENUSER: Rename User
200- CHPASS: Change Another User's Password
200- GRPADD: Add group
200- GRPDEL: Delete group
200- GRPNFO: Change Group nfo
200- GRPREN: Rename group
200- GRP: Show extended group info
200- CHGRP: Change a user's group
200- GRPCHANGE: Change group settings
200- CHGADMIN: Change the gadmin(s) for a group
200- LOGINS: Login Log
200- SYSLOG: Syslog Log of User Changes
200- UPDATE: Update DirLog Database
200- PURGE: Purge Deleted Users
200 Use "SITE HELP <command>" for syntax help.
ftp>
So to add group test execute:
ftp> site grpadd test
200 Group (test) successfully added.
to move existing user to this group:
ftp> site CHGRP mac test
200- 'mac' has been successfully added to 'test'
200 Command Successful.
to create new user and put him in an existing group:
ftp> site GADDUSER test newuser password *@127.0.0.1
200- User created, now adding IPs...
200- IP '*@127.0.0.1' successfully added to newuser.
200-
200 User (newuser) successfully added to group test.
ftp>
Also u can create description for a groups and mark some paths as private for specific users, flags or groups:
################################################## ##########################
# Private Groups: privgroup GROUPNAME GROUPDESC #
################################################## ##########################
privgroup STAFF My[:space:]Private[:space:]Group
################################################## ##########################
# PRIVPATHS: Directories should be uniquely named (no wildcards) #
################################################## ##########################
privpath /site/admins_only 1
privpath /site/privatedir 1 =STAFF
privpath /site/privatedir2 1 =TEST
privpath /site/privatedir3 1 =STAFF -yaro -mac
privpath /site/privatedir4 1 =STAFF -yaro -mac =TEST
plus how will my user will acess the ftp to upload or download the files
is there any clients or any other way
http://ubuntuforums.org/showthread.php?t=351841
http://en.wikipedia.org/wiki/List_of_FTP_clients