Thanks goes to Darren who provided the solution. I hope he wont mind but Im
going to just include the email that he sent with instructions so if someone
else runs into this problem. The only thing I hadnt done was to edit the
config/config.du4 file and make a change there. Don't see anything about that
in the INSTALL file.
thanks Darren,
dschen - Darren Schenebeck wrote:
> These are the instructions that I found for 2.6.0. The instructions work
> for me but I'm using the 2.6.0 instructions, you also have to have your
> /usr/local/lib/ftpd/ftpaccess file correct in order to allow the users to
> get in and actually move files. I don't know if this will help you or not.
>
> * Install wu-ftp:
>
> # cd wu-ftpd-2.6.0/src/makefiles
> # vi Makefile.du4
>
> add
>
> -DSECUREOSF to the IFLAGS line
> add
>
> -lsecurity to the LIBES line
>
> # cd ../config
> # vi config.du4
>
> add
>
> #include <sys/fcntl.h>
>
> # cd ../..
> # script wu-ftp.install
> # ./build du4
> # ./build install
> # ^d
>
> * Edit the /etc/inetd.conf file:
>
> # emacs /etc/inetd.conf&
>
> 1. Copy and then comment out the original ftp line.
> 2. Modify the inserted ftp line to look like the following:
>
> ftp stream tcp nowait root /usr/sbin/in.ftpd ftpd -a
>
> 3. Move the in.ftpd file to proper location.
>
> # mv /etc/in.ftpd /usr/sbin
>
> * Send a kill -HUP to the inetd process to make the change effective:
>
> # ps -ef | grep inetd
> # kill -1 pid
>
> * Make a directory that will contain configuration files.
>
> # cd /usr/local/lib
> # mkdir ftpd
>
> * Copy configuration files from aadmn1 to machine ftp is being installed to.
>
> # cd ftpd
> # rcp -p aadmn1:/usr/local/lib/ftpd/* .
>
> * Edit configuration files as needed (see sample at end).
>
> * Steps needed to allow guest ftp access to a particular directory while
> still
> having tnvt access. No traversing tree:
>
> 1. Add a line to ftpaccess to designate directory where users
> will have access
> to.
>
> guest-root /usr/users/ftp test1 FORCES TEST1 TO SPECIFIED
> DIR
>
> 2. Add a line to ftpaccess to allow uid access.
>
> allow-uid test1 UNBLOCKS
> SPECIFIED UIDS
>
> 3. Make sure the user's group is not in this statement.
>
> realgroup system ALLOWS SYSTEM GROUP REAL
> ACCESS
>
> 4. Build the directory structure under the directory where
> access is needed:
>
> # cd /usr/users/ftp
>
> # mkdir bin
> # chown root:daemon bin
> # chmod 111 bin
>
> 3. Build the contents of the /usr/users/ftp/bin directory:
>
> # cp -p /sbin/ls bin
> # chown root:bin bin/ls
> # chmod 111 bin/ls
>
> * Steps needed to allow ftp access only (no tnvt access):
>
> 1. Change passwd file entry to look like the following:
>
> ftp1aa:*:3397:999:ftpguest
> 1:/usr/users/ftp1aa/./:/etc/ftponly
>
> 2. Make sure "/etc/ftponly" is in etc/shells
>
> 3. Build the directory structure under the users account:
>
> # cd /usr/users/ftp1aa
> # mkdir etc bin
> # chown root:daemon etc bin
> # chmod 111 etc bin
>
> 4. Build the contents of the /usr/users/ftp1aa/bin directory:
>
> # cp -p /sbin/ls bin
> # chown root:bin bin/ls
> # chmod 111 bin/ls
>
> 5. Build the contents of the /usr/users/ftp1aa/etc directory:
>
> a. Create a scaled down version of a passwd file with
> the following entries:
>
> root:*:0:0::/:/etc/ftponly
> ftp1aa:*:3397:999::/usr/users/ftp1aa/./:/etc/ftponly
>
> b. Create a scaled down version of a group file with
> the following entries:
>
> root::0:root
> ftpguest::999:ftp1aa
>
> c. Set ownership and permissions:
>
> # chown root:daemon passwd group
> # chmod 444 passwd group
>
>
> d. Add some extra security touches:
>
> # cd /usr/users/ftp1aa
> # touch .rhosts .forward
> # chown root:root .rhosts .forward
> # chmod 400 .rhosts .forward
>
> * Sample ftpaccess file location /usr/local/lib/ftpd. This will force all
> users
> to be guest except for system users pajosa and rkrosa who will be real.
>
> class local real,guest *.acfw.in.us
> class remote real,guest *.acfw.in.us
>
> noretrieve /etc/passwd .login .profile .rhosts .cshrc .kshrc
> .forward
>
> log commands real,guest
>
> log transfers real,guest inbound,outbound
>
> chmod yes real
> rename yes real
> overwrite yes real
> umask yes real
> delete yes real
>
> chmod no guest
> rename no guest
> overwrite yes guest
> umask no guest
> delete no guest
>
> guestuser *
> FORCES ALL USERS TO BE GUEST
>
> realgroup system
> ALLOWS SYSTEM GROUP REAL ACCESS
>
> guest-root /usr/users/ftp test1 FORCES TEST1
> TO SPECIFIED DIR
>
> deny-uid %-999999
> BLOCKS ALL UIDS
>
> allow-uid ftp1aa test1 pajosa rkrosa UNBLOCKS SPECIFIED
> UIDS
>
> restricted-uid ftp1aa test1 NO
> TRAVERSING TREE
>
> unrestricted-uid pajosa rkrosa UNLIMITED
> TREE ACCESS
>
> * Sample ftphosts file located in /usr/local/lib/ftpd
>
> # host access file
> #
> # This file is needed to allow or deny access for guest users
>
> allow ftp1aa pete-joseph.acfw.in.us
>
> -----Original Message-----
> From: Darryl Cook [mailto:dlc_at_cs.appstate.edu]
> Sent: Friday, January 19, 2001 1:29 PM
> To: tru-64
> Subject: wu-ftpd 2.6.1
>
> I am having a little trouble getting wu-ftd 2.6.1 to install correctly.
> I have a DEC Alpha 2100A running DU4.0f. Everything configures fine but
> when I try to ftp to my site it rejects my username and password. We do
> run Enhanced Security. I found something in the docs that said to
> modify the ./src/makefiles/makefile.arch file for Enhanced Security
> and did that but still cant login. Anyone else run into this?
>
> darryl
Received on Fri Jan 19 2001 - 20:52:26 NZDT