|
|
Post by tairus on Jul 17, 2007 4:31:09 GMT 7
Hi!
i have little problems with these modules on firmware v2.0.0.11.
Firmware works fine itself on my N5200 (not Pro), but both these modules giving me couple not serious problems:
1) after installing PUREFTPD in Status->System FTP service is shown as "Stopped", although FTP is running and anonymous access is blocked (normal user is not), which makes me guess that FTP is actually running and PUREFTPD is working as well.
So, problem is in FTP display status.
2) FTPAccess module settings are working until reboot or shutdown. After that all hidden previously folders are visible in FTP again.
i wonder, if it possible to fix these problems somehow?
Actually, problem 2 is more important. Problem 1 is just cosmetic bug which can be ignored if it's to hard(or no time) to fix it.
By the way, is it possible to integrate anonymous access block into FTPAccess module? Actually, anonymous access blocking is the only feature i need in PUREFTPD. I think, many other people are using PUREFTPD only because this feature.
thanks in advance!
|
|
|
|
Post by peterfu on Jul 17, 2007 11:50:31 GMT 7
I can comment on the PUREFTPD issue:
The main reason I have written PURFTPD was to disable anonymous login and to enable logging. To enable logging the the binary of pureftpd had to be recompiled and the server must be started with the correct options. As the original binary and the ftp start up script are in read only areas it was not possible to replace them and therefore the module works like that:
- if it starts it stops the original running pureftpd
- then it starts the new compiled binary with the new options
In reality the module start sections are done before the - in this case - server start actions and therefore the original pureftpd start script is not able to start the original pureftptd server cause the port 21 is already in use - this results then in displaying that the pureftpd server is not running.
I see no possibiliy to solve this small cosmetic issue.
If You want to only disable anonymous login, then it is also possible with the help of the META module. Install the META module, copy the rc.ftpd start script to the startup section of the META module and change the parameters of the server start to disable anonymous login - but then the server status in the Status -> System is also displayed as stopped.
In Detail after installing the META module:
Copy the file /img/bin/rc/rc.ftpd to /raid/data/module/META/system/etc/startup/new.ftpd
Changes in the new.ftpd script are:
Old code : cmd="./pure-ftpd -g /var/run/pure-ftpd.pid -B -lextauth:/var/run/ftpd.sock -AHM
New Code: cmd="./pure-ftpd -g /var/run/pure-ftpd.pid -B -lextauth:/var/run/ftpd.sock -AHE
Of course if You do this, then You should deinstall the PUREFTPD module before.
br
Peter
Added : this issue is also on other FW versions and not related to 2.0.0.11 only
|
|
|
|
Post by tairus on Jul 17, 2007 12:22:04 GMT 7
thanks, peterfu! i didn't look to precisely on old firmware since it was stock firmware. New version of firmware made me too suspicious i think. Since, in any case FTP status will be displayed as stopped, i don't see reason to make any changes on my side. So, i decided to use PUREFTPD as is  excuse me if i'm wrong, but i remember *nix filesystems support symbolic links. Isn't possible to hide original pureftpd binary by yours by using symbolic link? system will think it's original binary, will run it and display correct status. |
|
|
|
Post by peterfu on Jul 17, 2007 13:59:41 GMT 7
excuse me if i'm wrong, but i remember *nix filesystems support symbolic links. Isn't possible to hide original pureftpd binary by yours by using symbolic link? system will think it's original binary, will run it and display correct status. The original can't be replaced - not with a link and not with a new one - cause it's a read only area and can't be changed. The only way is to use the IMGDUP module (which makes a copy of the read only areas and then uses a symbolic link), but this one causes other sideeffects - may be I find a way in the future to update the FTP Status. br Peter |
|
|
|
Post by tairus on Jul 23, 2007 0:57:53 GMT 7
peterfu, can you add functionality of FTPAccess module to PUREFTPD? The problem is that system (2.0.0.11) recreates symbolic links in /raid/data/ftproot upon every reboot - it makes FTPAccess module useless  re-creating of shares has been done in file assemble_conf which is of course on read-only system and can not be modified. This file is included in rc.samba config which is also read-only. Some other utilities call rc.samba which recreates shares as well.. I think need add some kind of additional access list for pureftpd. daemon will check if share is in list then allow to see it and browse, if not then hide it and disable access. can you do this? as possible workaround it's possible to assign other dir to root for ftp , but i don't see where to assign it. |
|
|
|
Post by peterfu on Jul 23, 2007 3:01:36 GMT 7
Hi tairus, of course it would be possible to include the FTPAccess module in the PUREFTPD module, but this would not change anything, cause after each reboot the links are restored again. The FTPAccess module is a help for keeping non advanced FTP users away from directories, but due to the general setup any advanced user may move around and see the whole directory tree. The only possible solution - at least in my knowledge - to prevent users from moving around ist to jail them in their homedirectory as I have it described in this thread : thecususergroup.proboards106.com/index.cgi?action=display&board=n5200installations&thread=1180940756&page=1 , but then you have other disadvantages with shared directories.Jailed users are not allowed to follow links, on a open linux box You can solve this by mounting directories, but don't now if this would work on the N5200. I'm not sure where the home dir of the ftp users are set, but I assume it's done during authentication. What should work - but have not tested it - is to set a valid home dir of the users in the passwd file (as described in the above mentioned thread, but without changing the startup parameters) and use this then as new general ftp home dir. Then You should be able to define which links You want to have and which not - but as written above every user could do a cd to every directory which is not protected via ACL. But this must then be done every time a new user is generated. br Peter |
|
|
|
Post by tairus on Jul 24, 2007 1:33:19 GMT 7
thanks for advise, but i went by different way: - i used IMGDUP module to get write access to config - in place where ftproot is re-creating i added my script which deletes unwanted folders - i modified FTPAccess/www/index.htm file where i added creation of my script file (mentioned above) based on hidden folders. so, now, FTPAccess is working again. May be inner structure is not so beautiful as before but it works if somebody wants to know what i did in details then i can post it. |
|
