installing glFTPD

Talk about anything related to Gentoox or Gentoo.
Post Reply
dizyn
Newbie
Posts: 1
Joined: Tue Jun 20, 2006 4:08 pm
Contact:

installing glFTPD

Post by dizyn »

Hay guys.....

this is my 1st post and i am new to glFTPD, i haven't used it before this, can anyone help in its installation. and can suggest me some good tutorial.


thanks.
clpalmer
Power user
Posts: 288
Joined: Sat Jan 29, 2005 6:38 pm

Not the most straight forward daemon... =)

Post by clpalmer »

I run glftpd. It's not the most straight forward one to install, but pretty much everything you need should be in glftpd.conf. If you're not trying to set up too complicated a site (many users with different quotas, different permissions, different access, etc) it's not too hard to configure. the "privgroup" command should let you set up different private groups that control access to different paths on the site (different from normal groups I think). You can then set up "privpath"s that should be listed as relative to the "rootpath" that allow different groups access to different paths.

For example:

Say you have your "rootpath" set to "/opt/glftpd" and your data is in /opt/glftpd/site. Then you might have:

Code: Select all

privgroup   SITEADMINS      Site_Admins
privgroup   USERS           Normal_Users
privgroup   JOHN            John_Smith

privpath    /site/Admin     1 =SITEADMINS
privpath    /site/Upload    1 =SITEADMINS =USERS
privpath    /site/Download  1 =SITEADMINS =USERS
privpath    /site/John      =JOHN
The "1" just means users with the "1" flag (which are site admins) have access as well as users in the mentioned privgroups. Make sure to set up a privpath for every directory under root to make sure users don't see directories they don't have access to. Then just add the appropriate privgroup(s) to whatever users you want. The easiest way I found to edit/create/etc users is to just manually edit the files in /opt/glftpd/ftp-data/users/<username>. To add a privgroup, stick the line "PRIVATE <privgroupname>" in that users's file. (ie. PRIVATE SITEADMINS). You can also modify other user data directly in those files. If you add a new user by copying and renaming one of those files, you'll also have to edit /opt/glftpd/etc/passwd to create a password string for them. There's also site commands available to add/modify/etc users which might be better for account creation. You can find details in the docs for those, but to use them you log into the ftp site and then issue commands like "SITE ADDUSER ..." and whatnot. Haven't used those much. There also used to be a gui app available to manage glftpd. It handled translating all the gui options by logging into the site and issuing the appropraite site commands. Not sure if it still supports the new versions or what other similar programs are around, but they're handy if you aren't too familiar with glftpd.

Most of the other setup should be done when you emerge it. The only other steps you might have to do are to modify /etc/xinetd.d/glftpd to reflect the server args and port number you want and maybe add glftpd to /etc/services (not sure which is used for the port as I set it up ages ago).

My xinet.d/glftpd file is this:

Code: Select all

service glftpd
{
        flags = REUSE NAMEINARGS
        port = 23456
        socket_type = stream
        protocol = tcp
        user = root
        server = /usr/sbin/tcpd
        server_args = /opt/glftpd/bin/glftpd -l -i -z cert=/etc/glftpd-dsa.pem -o -r /opt/glftpd/glftpd.conf -s/opt/glftpd/bin/glstrings.bin
        type = UNLISTED
        wait = no
}
and my services file shows:

Code: Select all

glftpd            23456/tcp
As for other more complicated settings, you'll have to find a more detailed tutorial or docs and I can't help you there as I set it up ages ago and just use the basics =/

Let me know if you have any more specific questions and I'll try to help.
ajillusion
Newbie
Posts: 1
Joined: Thu Jun 28, 2007 10:22 pm

Post by ajillusion »

i tryed this but really got confused
any one can help me confire my server wid glftp
clpalmer
Power user
Posts: 288
Joined: Sat Jan 29, 2005 6:38 pm

Post by clpalmer »

What he just gave you is about as easy as it gets =) glftpd is a very powerful ftpd, but has a ton of features that you won't use, and are more geared to the warez scene (quotas, scripting, nukes, etc).

Basically just make your xinet.d/glftpd file look like his below. Add the line he shows to /etc/services and run "/etc/init.d/xinetd restart".

Then modify /etc/glftpd.conf. Make sure it has "shutdown 0" at the top so your site isn't closed. Then make sure "rootpath /opt/glftpd/site" is set. Then create whatever directories you want under /opt/glftpd/site. For example, create /opt/glftpd/site/upload and /opt/glftpd/site/download. Make sure to make upload writable w/ chmod.

Then further down in /etc/glftpd.conf there is a section for "privgroup" entries. Make at least "privgroup ADMIN" and also "privgroup USERS" if you want to give access to anyone else.

Then in the section for "privpath" entries, add an entry for each directory you create under /opt/glftpd/site. Every time you create a new directory in /opt/glfptd/site (not when you create subdirectories under them, just when you create in that directory) add a new privpath entry for it. Otherwise you lose the permissions control.

So for each directory, make an entry like "privpath /site/upload 1 =ADMIN =USERS" or "privpath /site/download 1 =ADMIN". Those would give access to the upload directory to anyone in ADMIN or USERS groups and to siteadmins. The download directory would only be accessible by people in ADMIN group or siteadmins, and people in USERS group wouldn't even see it. Notice the privpath entries are made relative to /opt/glftpd not /opt/glftpd/site.

Create new groups and new directories and make privgroup/privpath entries as you see fit to set up the desired directory structure of your site and to allow different groups to see different paths.

Once you've set that up how you want it, the next step is to create users and add them to specific groups. There used to be a nice windows utility that made configuring glftpd remotely quite easy. Dunno where that went or if there's a replacement, but I know when I last used it it was out of date already and not being updated. Might google for it. Other than that, you can just rename the default user file and then copy it as you see fit to add new users. In /opt/glftpd/ftp-data/users there should be a file for each user you want to create and it should be called whatever their username should be. A simple file is like this:

Code: Select all

USER god
GENERAL 0,0 -1 0 0
LOGINS 2 0 -1 -1
TIMEFRAME 0 0
FLAGS 1
TAGLINE 5i73 g0d
DIR /
ADDED 0 
EXPIRES 0
CREDITS 4940394 
RATIO 3 
ALLUP 451 2142312 2922 
ALLDN 77 1501936 600 
WKUP 452 2142913 2929 
WKDN 77 1501936 600 
DAYUP 452 2142913 2929 
DAYDN 77 1501936 600 
MONTHUP 451 2142312 2922 
MONTHDN 77 1501936 600 
NUKE 0 0 0 
TIME 89 1181103509 0 1023
PRIVATE ADMIN
PRIVATE USERS
IP *@*.*.*.*
You can ignore most stuff as it's pretty much all for ratios, credits, nuking, stats, etc, and not for basic use. The parts you care about are the USER, FLAGS, PRIVATE, IP and DIR entries.
- USER should be the username.
- FLAGS should be "1" only if you want that user to be a site admin.
- PRIVATE adds that user to a particular privgroup that you've set up. You can have multiple entries to add them to multiple groups.
- IP gives an IP mask to check against a user when he/she logs in. If you know at least part of the IP that a user will always use, then you can enter it to increase security on that account. Otherwise leave it as *'s to let them log in from anywhere.
- DIR sets the home directory of the user relative to /opt/glftpd/site

That should be it, except for a possible firewall problem. But even with a firewall, you should now be able to log in from the same box. Just "ftp localhost 23456" and you should connect. Change the port if you didn't use 23456 in the xinetd and services config above.
Post Reply