Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 29 Jul 2014, 07:00
All times are UTC - 4
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Unsorted
new FTP Server: BetaFTPD
Moderators: deshlab, Flash, GuestToo, Ian, JohnMurga, Lobster
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 4 [46 Posts]   Goto page: 1, 2, 3, 4 Next
Author Message
papaschtroumpf


Joined: 17 Jun 2005
Posts: 250

PostPosted: Tue 28 Jun 2005, 03:30    Post subject:  new FTP Server: BetaFTPD  

I could not get gtkftpd, the current FTP Server in puppy to work properly for me. It seems that others were also having problems with it so I decided to look for an alternative. My primary goal was to make transfer of files on my LAN easy rather than putting an emphasis on running a high traffic secure server (puppy is not really designed for that).
Dragging and dropping files from a Windows Explorer window make FTP a viable alternative to LinNeighbourhood for those that are having problem with it.

I decided to use BetaFTPD and built version 0.0.8pre17 which is supposed to be better and more stable than the latest official release of 0.0.7
I had to modify the source to make it build on my machine, so I will make a sourcerer package once I know how.
In the process I and others on this board that tested the early port found a number of potential security risks that I wasn't willing to leave in the software, so I made a number of changes to improve security.
I would now feel comfortable using it for anonymous ftp on my own machine, although I wouldn't claim it is as "industrial strength" as some of the much larger alternatives like wu-ftpd, pure-ftpd, vs-ftpd, etc...

EDITED AGAIN: now version betaftpd-0.0.8pre17-pup-4
This is a security enhanced version:
- users only have access to their home directory,
- fixed a bug that could reset the "download only" mode for anonymous when changing logging state.
- tweaked some file permissions
- now denies shell access to user "ftp"
- new and improved manual with example of use (thanks Nathan F. for html formatting)


To make starting/stopping/configuring the server more easily I wrote a "Control Center" application accessible from the start menu:



Here's the text version of the help file. The package contains an nicer html verion, and I am planning on transfer Nathan F/'s even prettier version to the wiki. I just didn;t want the help file to end up larger than the app itself because of too many pictures.
Code:

        **** BetaFTPD 0.0.pre17-pup-4 for puppy linux ****
 
Overview:
=========

BetaFTPD is a single-threaded FTP daemon.

The single-threadedness makes it faster than most other FTP daemons (contrary
to common belief), and makes it extremely light on memory. Although it lacks
a few functions (which you probably won't miss).
Version 0.0.18pre17 is more stable than the latest official release (0.0.7)

Homepage: http://betaftpd.sourceforge.net/
Original by Steinar H. Gunderson <sgunderson@bigfoot.com>
Port to puppy linux, download-only mode and Control Center by papaschtroumpf.

Use of *any* FTP Server can present a security risk if your computer is
open to the Internet. Use at your own risk.



Usage:
======

(if you are new to FTP, you may want to scroll down to the "Why an FTP Server?"
tutorial section below)

The original BetaFTPD has no command line options. To keep the program small, all
options were built-in at compile time. This modified version has one optional
command line argument to restrict anonymous ftp to download only, and one to
restrict FTP access to each users' home directory.

In its simplest form, just run the betaftpd executable to start the server. It
will run as a daemon and run in the background.

puppy linux includes a BetaFTPD Control Center available in the menu for most
Windows Managers (under Networking). You can also start the control center
manually by running the betaftpd-cc script.

The BetaFTPD Control Center allows you to:
- see the current server status
- start / stop the server
- enable / disable Anonymous FTP access
- change full or download-only Anonymous access
- enable / disable logging of file transfers
- view this help file

You can access the shared directories with any FTP client or most modern
browsers (Windows Explorer, Firefox, ...), most of them through drag and drop.

The file transfer log is in /var/log/xferlog and is in the following format:
date xfer_time peer_address xfer_size filename b _ iN/oUT a owner ftp 0 *



Shared directories:
===================

All user can have access to their own home directory by logging in with their
puppy linux username and password. Note the following limitations however:
- for security reasons root cannot log in as an FTP user
- for security reasons users with a blank password cannot log in
- for security reasons the special user "ftp" does not have shell access

If you create a user for FTP access only, it is recommended that you don't
grant that user shell access for improved security. This can be done by
passing the -s /usr/bin/deny_sh option to add user as follows:

     adduser -h /root/ftphomes/user -r /usr/bin/deny_sh user

In addition to user directories, the home directory of special user "ftp"
is shared to all anonymous users. That "ftp" user can be activated through
the Control Center.

Upload is allowed in all shared directories, allowing two way transfer of files.
However the Control Center has an option to disallow upload/delete for
anonymous users.
For added security, users only have FTP access to their own home directory.

Note that betaftpd support a "non-root" mode, and you may find references to it
if you look for it on the Internet. Support for it is somehwat experimental
and has been disabled in the puppy build. The Control Center requires that the
FTP server be ran by the root user.



Why an FTP server?
==================

FTP is one of the oldest and most common way for transferring files over the
Internet. An FTP client connects to a server and can request and sometimes
upload files to the server. There are many kinds of FTP clients. Some are
command line base, requiring you to know shell-like FTP commands, others have
a nice graphical interface, others are "transparent": you drag and drop files
between a browser and a lcoal folder wihtout knowing that you are actually
doing an FTP transfer. Internet Explorer in Windows and Konqueror on linux
have very good drag and dropp FTP implementations.
You need a user and password to log into an FTP server, however some servers
have a "special" user called "anonymous" that doesn't have a password. The
server will prompt you for a password but you can enter anything, although
net etiquette often dictate that you should enter your email address.

BetaFTPD can be used in a variety of ways:

1) User specific access:
For example you want to share files with a friend halfway accross the world,
but those files are too big to email: you can create an account for your friend
on your puppy machine as follows:
   adduser -h /root/friend friend
you will be prompted for a password for user "friend" (you could call him Bob,
Mom or Fido), and when the process completes, you will have a /root/friend
directory. Put the files that you intend to share with him in that directory.
Start BetaFTPD (or more precisely the Control Center) from the start menu and
click "Start FTP server". If you don't want anonymous access (see below) make
sure that you click on the "Disable Anon" button.
Your friend can then type "ftp://xxx.xxx.xxx.xxx" in his browser or his
favorite FTP client, where xxx.xxx.xxx.xxx is the Internet address of your
computer and log in with the user name "friend" and the password you assigned
to it. (If you are beind a broadband router you will need to configure it to
allow port 21 and possibly forward it to the puppy machine. How to do this is
outside of the scope of this document).
Note that your friend can also upload files to /root/friend.
Unless you want your friend to have shell access also, it is recommended that
you create the account with the -r /usr/sbin.deny_sh (see "Shared Directories")

2) Access for everyone
Let's say that you're a budding music composer, or artist or programmer and
want to share the fruit of your labor with the rest of the world: you can't
create a user account for every person in the world! What you need to do is
allow anonymous access to your server: simply click "Enable Anon".
A new window appears prompting you for the password for the anonymous (or
"ftp") user. Once the user is created, the files in /root/ftp will be shared
to anyone that cares to look! The BetaFTPD offers to open a rox window to
let you see the contents of that folder, just in case you want to check.

Pay close attention to the status of the anonymous access shown in the Control
Center: if it says "FULL Anonymous FTP access is available for /root/ftp" it
means that not only anyone can log in and download your files, but anyone can
also log in and upload whatever they feel like. This is dangerous! you could
end up unknowingly hosting pornographic or copyrighted material placed there
by one of the anonymous users for other anonymous users to retrieve.
What you want to do to prevent this (believe me, you do) is change anonymous
access to only allow downloading by pressing the "Download-only" button.

You may even want to press the "Enable Log" button to get a log of each transfer
in and out of your machine. Press the "View Xfer log" button to see the log. The
first line shows you what its format is (or see "Usage" above).

3) LAN file transfer
The examples above assume that you can and are willing to share part of your
computer over the Internet. There is one safer application that is quite useful:
Since just about every operating system has an FTP client, you can use FTP to
transfer files between multiple computers with different operating systems on
your home network. This is when allowing "full access" for anonymous users is
OK: some clients can be configured to automatically attempt anonymous access and
you won't be prompted for a user name or password (the "transparent" clients like
Konqueror and Windows Explorer work that way). You can then drag and drop files
in and out ofthe "repository" in /root/ftp on your puppy machine.

If the other machines on your network are mostly windows machines, you may want
to look at using Samba, the windows "network neighbourhod" protocol, for example
using LinNeighbourhood which is also available for puppy.

 


Under the hood:
===============
For puppy linux, BetaFTPD was compiled with the following options:

--enable-upload so that you can upload files to the server

--enable-xferlog to provide a log of all transfers. If the log file doesn't
exist when the program is started, it will not log anything. That's what
is used in the Control Center to enable and disable logging.

--enable-fork the server runs silently in the background, "daemon-style"

--enable-shadow to support user passwords

In addition the code was modified to add the -restrict option to disallow
anonymous uploads/deletes. Another option, -contain, was added to restrict
user navigation to their home directories instead of full machine access as
in the orginal server.

These commands are believed to be fully compliant with RFC959 and RFC1123:
PORT, PASV, USER, PASS, CWD, CDUP, QUIT, DELE*, PWD, SYST, NOOP, STOR*, APPE*,
ABOR, RNFR*, RNTO*, MKD*, RMD*, ALLO*, REIN, ACCT, HELP, STAT and MODE.
The * denotes a command that is disabled when -restrict is used.

These commands are not implemented at all: SMNT, STOU and SITE.



I also spent a lot of time trying to make a "good" pupGet package and it should play nice with the pupGet installer and will automatically install a menu entry in the "Networking" section of the menu for fvwm95, jwm and icewm. It will also uninstall the menu entries automatically when the package is removed.

I decided to make this a PupGet package rather than a DotPup mostly because it will be even more straightforward to have an official unleashed built from it and I hope this makes it in future releases instead of gtkftpd.

Please report any problems with the software here.
betaftpd-0.0.8pre17.tar.gz
Description  This is a PupGet package.
Download, launch the PupGet installer, choose "install alien package" and browse to where you saved the downlaoded file.
Should be very easy to make an Unleashed packet to build this in the liveCD.
gz

 Download 
Filename  betaftpd-0.0.8pre17.tar.gz 
Filesize  32.62 KB 
Downloaded  2803 Time(s) 

_________________
Mandriva LE 2005 user and puppy newbie

Last edited by papaschtroumpf on Sun 03 Jul 2005, 07:34; edited 12 times in total
Back to top
View user's profile Send private message 
Nathan F


Joined: 08 Jun 2005
Posts: 1760
Location: Wadsworth, OH (occasionally home)

PostPosted: Wed 29 Jun 2005, 00:01    Post subject:  

Thanks for all the work you put into this, papaschtroumpf. Will try it out and hopefully give it a good test. I hope everyone appreciates how much you've contributed since you joined the forum.

Nathan
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger 
Nathan F


Joined: 08 Jun 2005
Posts: 1760
Location: Wadsworth, OH (occasionally home)

PostPosted: Wed 29 Jun 2005, 15:24    Post subject:  

Installed and gave it a brief test last night. So far so good. Will give it a fuller test when I have time and post my thoughts. For now, I can say that yes it works and the control center makes it very easy to figure out. This is right in line with the work Barry has done for things like the setup wizards and such, making it feel a whole lot more "integrated" than a lot of things we can currently add. That part (the control center) makes a good model for how to make a package for Puppy. Thanks again.

Nathan
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger 
papaschtroumpf


Joined: 17 Jun 2005
Posts: 250

PostPosted: Wed 29 Jun 2005, 17:02    Post subject:  

Thanks for the kind words.
The Control Center is modelled after Barry's Wizards so it's not surprising they feel similar Very Happy

_________________
Mandriva LE 2005 user and puppy newbie
Back to top
View user's profile Send private message 
Nathan F


Joined: 08 Jun 2005
Posts: 1760
Location: Wadsworth, OH (occasionally home)

PostPosted: Wed 29 Jun 2005, 20:20    Post subject:  

Just to see, I tried the server out over the internet using anonymous ftp from several other computers. I agree wholeheartedly that this is risky, as I was able to upload and even delete files right out of the ~/ftp directory using IE from the local library. This is obviously not acceptable for a public server, but as you said that wasn't your purpose.

I'm going to play around with file permissions and see if that changes anything. There may be someone crazy enough to want to run a public ftp server and I think all possibilities should be explored. (I'm crazy enough to be running Monkey on port 80 from the machine I'm using to write this.)

This does work really well as a simple means to transfer files from a Puppy pc to some other OS, and I intend to use it for that purpose as soon as I actually have my network setup. For now I'm re-firewalling port 21 and I'm a little iffy on using anonymous at all.

Nathan
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger 
papaschtroumpf


Joined: 17 Jun 2005
Posts: 250

PostPosted: Wed 29 Jun 2005, 21:28    Post subject:  

I meant to play with permissions too, maybe you can make the files not writable, let me know how that works for you.

I could recompile the server without the --enable-upload option and make two versions available, one that allows upload and one that doesn't. Heck. the Control Center could decide on the fly which one to run based on user preference (but all users would either have upload or download enabled/disabled and it would double the space used). I could also see if I can add a command line option and "branch off" the code.

Also remember that you can share any user, so create an account called "rover" as follows:
adduser -h /root/bob bob
and enter a password when prompted.

You can now have a trusted user (friend, family...) log in as bob with the right pasword and they have access to the bob home directory.

_________________
Mandriva LE 2005 user and puppy newbie
Back to top
View user's profile Send private message 
papaschtroumpf


Joined: 17 Jun 2005
Posts: 250

PostPosted: Thu 30 Jun 2005, 01:16    Post subject:  

The bad news: I lied!
I broke support for non-anonymous users somewhere along the way. I needed to compile it with --enable-shadow

The good news: I hacked the code
Since I needed to fix the item above, I took a crack at adding a command line option to restrict anonymous users from uploading files. other (passworded) users DO have upload rights.

it works fine from the command line, i just need to add support for the new option in the Control Center.

... stay tuned!

_________________
Mandriva LE 2005 user and puppy newbie
Back to top
View user's profile Send private message 
papaschtroumpf


Joined: 17 Jun 2005
Posts: 250

PostPosted: Thu 30 Jun 2005, 03:24    Post subject:  

All done!

I updated the top post with the new version / new help file and new screenshot

In the process of working on the new version I discovered a bug in the control panel that caused it to sometimes not be able to stop the server process, so you should use the new version instead.

Changelog would look like this:
- fixed a bug that sometimes prevented the control center to determine the pid of the server, which would then cause it to be unable to stop and restart the server when options where changed
- now compiled with --enabled-shadow which means that users other than "ftp" now work properly
- added a command line option to the server (-restrict) to restrict upload of file by anonymous users and updated the control center to take advantage of that new options (the new "full access / download only buttons)
- updated help file with the new features
- added a symlink so that either man beatftpd or man BetaFTPD will bring up the help file.
- betaftpd was ran through upx before packaging

_________________
Mandriva LE 2005 user and puppy newbie
Back to top
View user's profile Send private message 
papaschtroumpf


Joined: 17 Jun 2005
Posts: 250

PostPosted: Thu 30 Jun 2005, 10:35    Post subject:  

darn! while packaging up the code for upload, I realized that the -restrict option may not restrict the DELEte command, because it was not included in the --enable-upload build flag.
I need to test it to confirm. May have to release yet another version.

_________________
Mandriva LE 2005 user and puppy newbie
Back to top
View user's profile Send private message 
Nathan F


Joined: 08 Jun 2005
Posts: 1760
Location: Wadsworth, OH (occasionally home)

PostPosted: Thu 30 Jun 2005, 11:13    Post subject:  

Watching this closely for the final version.........
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger 
Nathan F


Joined: 08 Jun 2005
Posts: 1760
Location: Wadsworth, OH (occasionally home)

PostPosted: Thu 30 Jun 2005, 11:41    Post subject:  

Shocked another wrinkle. I uninstalled and reinstalled with the new version, everything O.K. so far. Problem-upon starting the control center, up pops the OLD control center. I checked and I did have the new version, so there must be something I have to manually delete?
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger 
Nathan F


Joined: 08 Jun 2005
Posts: 1760
Location: Wadsworth, OH (occasionally home)

PostPosted: Thu 30 Jun 2005, 11:45    Post subject:  

Answering my own question-the new options don't showe up until anon is enabled. Laughing
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger 
Nathan F


Joined: 08 Jun 2005
Posts: 1760
Location: Wadsworth, OH (occasionally home)

PostPosted: Thu 30 Jun 2005, 12:05    Post subject:  

New version does allow me to disable upload, however as you warned I can still delete using anonymous. Sorry to put you through all this, but I think you're getting really close to where you want to be now. Giving it a test with a full user soon.

PS-changing file permissions didn't seem to work for me.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger 
papaschtroumpf


Joined: 17 Jun 2005
Posts: 250

PostPosted: Thu 30 Jun 2005, 13:12    Post subject:  

This is really weird, the original betaftpd code would allow the following commands, even when compiled to disable uploads:
DELE delete file
RMD remove directory
MKD make directory
RNFR/RNTO rename file

The STOU and ALLO commands are not implemented so there is no worries about those (ALLO is accepted but does nothing).

I will build a new version of betaftpd that disallows those commands for anonymous users when the -restrict option is used.

_________________
Mandriva LE 2005 user and puppy newbie
Back to top
View user's profile Send private message 
Nathan F


Joined: 08 Jun 2005
Posts: 1760
Location: Wadsworth, OH (occasionally home)

PostPosted: Thu 30 Jun 2005, 13:23    Post subject:  

Yes, I forgot to mention that it allowed me to make new directories.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger 
Display posts from previous:   Sort by:   
Page 1 of 4 [46 Posts]   Goto page: 1, 2, 3, 4 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Unsorted
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1190s ][ Queries: 13 (0.0135s) ][ GZIP on ]