new FTP Server: BetaFTPD

Stuff that has yet to be sorted into a category.
Message
Author
User avatar
papaschtroumpf
Posts: 250
Joined: Fri 17 Jun 2005, 04:23

new FTP Server: BetaFTPD

#1 Post by papaschtroumpf »

I could not get gtkftpd, the current FTP Server in puppy to work properly for me. It seems that others were also having problems with it so I decided to look for an alternative. My primary goal was to make transfer of files on my LAN easy rather than putting an emphasis on running a high traffic secure server (puppy is not really designed for that).
Dragging and dropping files from a Windows Explorer window make FTP a viable alternative to LinNeighbourhood for those that are having problem with it.

I decided to use BetaFTPD and built version 0.0.8pre17 which is supposed to be better and more stable than the latest official release of 0.0.7
I had to modify the source to make it build on my machine, so I will make a sourcerer package once I know how.
In the process I and others on this board that tested the early port found a number of potential security risks that I wasn't willing to leave in the software, so I made a number of changes to improve security.
I would now feel comfortable using it for anonymous ftp on my own machine, although I wouldn't claim it is as "industrial strength" as some of the much larger alternatives like wu-ftpd, pure-ftpd, vs-ftpd, etc...

EDITED AGAIN: now version betaftpd-0.0.8pre17-pup-4
This is a security enhanced version:
- users only have access to their home directory,
- fixed a bug that could reset the "download only" mode for anonymous when changing logging state.
- tweaked some file permissions
- now denies shell access to user "ftp"
- new and improved manual with example of use (thanks Nathan F. for html formatting)


To make starting/stopping/configuring the server more easily I wrote a "Control Center" application accessible from the start menu:



Here's the text version of the help file. The package contains an nicer html verion, and I am planning on transfer Nathan F/'s even prettier version to the wiki. I just didn;t want the help file to end up larger than the app itself because of too many pictures.

Code: Select all

	     **** BetaFTPD 0.0.pre17-pup-4 for puppy linux ****
 
Overview:
=========

BetaFTPD is a single-threaded FTP daemon.

The single-threadedness makes it faster than most other FTP daemons (contrary
to common belief), and makes it extremely light on memory. Although it lacks
a few functions (which you probably won't miss).
Version 0.0.18pre17 is more stable than the latest official release (0.0.7)

Homepage: http://betaftpd.sourceforge.net/
Original by Steinar H. Gunderson <sgunderson@bigfoot.com>
Port to puppy linux, download-only mode and Control Center by papaschtroumpf.

Use of *any* FTP Server can present a security risk if your computer is
open to the Internet. Use at your own risk.



Usage:
======

(if you are new to FTP, you may want to scroll down to the "Why an FTP Server?"
tutorial section below)

The original BetaFTPD has no command line options. To keep the program small, all 
options were built-in at compile time. This modified version has one optional 
command line argument to restrict anonymous ftp to download only, and one to
restrict FTP access to each users' home directory.

In its simplest form, just run the betaftpd executable to start the server. It
will run as a daemon and run in the background.

puppy linux includes a BetaFTPD Control Center available in the menu for most
Windows Managers (under Networking). You can also start the control center
manually by running the betaftpd-cc script.

The BetaFTPD Control Center allows you to:
- see the current server status
- start / stop the server
- enable / disable Anonymous FTP access
- change full or download-only Anonymous access
- enable / disable logging of file transfers
- view this help file

You can access the shared directories with any FTP client or most modern
browsers (Windows Explorer, Firefox, ...), most of them through drag and drop.

The file transfer log is in /var/log/xferlog and is in the following format:
date xfer_time peer_address xfer_size filename b _ iN/oUT a owner ftp 0 *



Shared directories:
===================

All user can have access to their own home directory by logging in with their
puppy linux username and password. Note the following limitations however:
- for security reasons root cannot log in as an FTP user
- for security reasons users with a blank password cannot log in
- for security reasons the special user "ftp" does not have shell access

If you create a user for FTP access only, it is recommended that you don't
grant that user shell access for improved security. This can be done by
passing the -s /usr/bin/deny_sh option to add user as follows:

     adduser -h /root/ftphomes/user -r /usr/bin/deny_sh user

In addition to user directories, the home directory of special user "ftp" 
is shared to all anonymous users. That "ftp" user can be activated through
the Control Center.

Upload is allowed in all shared directories, allowing two way transfer of files.
However the Control Center has an option to disallow upload/delete for
anonymous users.
For added security, users only have FTP access to their own home directory.

Note that betaftpd support a "non-root" mode, and you may find references to it
if you look for it on the Internet. Support for it is somehwat experimental
and has been disabled in the puppy build. The Control Center requires that the 
FTP server be ran by the root user.



Why an FTP server?
==================

FTP is one of the oldest and most common way for transferring files over the
Internet. An FTP client connects to a server and can request and sometimes 
upload files to the server. There are many kinds of FTP clients. Some are
command line base, requiring you to know shell-like FTP commands, others have
a nice graphical interface, others are "transparent": you drag and drop files
between a browser and a lcoal folder wihtout knowing that you are actually 
doing an FTP transfer. Internet Explorer in Windows and Konqueror on linux 
have very good drag and dropp FTP implementations.
You need a user and password to log into an FTP server, however some servers
have a "special" user called "anonymous" that doesn't have a password. The 
server will prompt you for a password but you can enter anything, although 
net etiquette often dictate that you should enter your email address.

BetaFTPD can be used in a variety of ways:

1) User specific access:
For example you want to share files with a friend halfway accross the world,
but those files are too big to email: you can create an account for your friend
on your puppy machine as follows:
   adduser -h /root/friend friend
you will be prompted for a password for user "friend" (you could call him Bob,
Mom or Fido), and when the process completes, you will have a /root/friend 
directory. Put the files that you intend to share with him in that directory.
Start BetaFTPD (or more precisely the Control Center) from the start menu and
click "Start FTP server". If you don't want anonymous access (see below) make
sure that you click on the "Disable Anon" button.
Your friend can then type "ftp://xxx.xxx.xxx.xxx" in his browser or his 
favorite FTP client, where xxx.xxx.xxx.xxx is the Internet address of your
computer and log in with the user name "friend" and the password you assigned
to it. (If you are beind a broadband router you will need to configure it to
allow port 21 and possibly forward it to the puppy machine. How to do this is
outside of the scope of this document).
Note that your friend can also upload files to /root/friend.
Unless you want your friend to have shell access also, it is recommended that
you create the account with the -r /usr/sbin.deny_sh (see "Shared Directories")

2) Access for everyone
Let's say that you're a budding music composer, or artist or programmer and 
want to share the fruit of your labor with the rest of the world: you can't
create a user account for every person in the world! What you need to do is
allow anonymous access to your server: simply click "Enable Anon".
A new window appears prompting you for the password for the anonymous (or 
"ftp") user. Once the user is created, the files in /root/ftp will be shared
to anyone that cares to look! The BetaFTPD offers to open a rox window to
let you see the contents of that folder, just in case you want to check.

Pay close attention to the status of the anonymous access shown in the Control 
Center: if it says "FULL Anonymous FTP access is available for /root/ftp" it
means that not only anyone can log in and download your files, but anyone can
also log in and upload whatever they feel like. This is dangerous! you could
end up unknowingly hosting pornographic or copyrighted material placed there
by one of the anonymous users for other anonymous users to retrieve.
What you want to do to prevent this (believe me, you do) is change anonymous
access to only allow downloading by pressing the "Download-only" button.

You may even want to press the "Enable Log" button to get a log of each transfer
in and out of your machine. Press the "View Xfer log" button to see the log. The
first line shows you what its format is (or see "Usage" above).

3) LAN file transfer
The examples above assume that you can and are willing to share part of your
computer over the Internet. There is one safer application that is quite useful:
Since just about every operating system has an FTP client, you can use FTP to
transfer files between multiple computers with different operating systems on 
your home network. This is when allowing "full access" for anonymous users is
OK: some clients can be configured to automatically attempt anonymous access and
you won't be prompted for a user name or password (the "transparent" clients like
Konqueror and Windows Explorer work that way). You can then drag and drop files
in and out ofthe "repository" in /root/ftp on your puppy machine.

If the other machines on your network are mostly windows machines, you may want
to look at using Samba, the windows "network neighbourhod" protocol, for example
using LinNeighbourhood which is also available for puppy.

 


Under the hood:
===============
For puppy linux, BetaFTPD was compiled with the following options:

--enable-upload so that you can upload files to the server

--enable-xferlog to provide a log of all transfers. If the log file doesn't
exist when the program is started, it will not log anything. That's what
is used in the Control Center to enable and disable logging.

--enable-fork the server runs silently in the background, "daemon-style"

--enable-shadow to support user passwords

In addition the code was modified to add the -restrict option to disallow
anonymous uploads/deletes. Another option, -contain, was added to restrict 
user navigation to their home directories instead of full machine access as
in the orginal server.

These commands are believed to be fully compliant with RFC959 and RFC1123:
PORT, PASV, USER, PASS, CWD, CDUP, QUIT, DELE*, PWD, SYST, NOOP, STOR*, APPE*,
ABOR, RNFR*, RNTO*, MKD*, RMD*, ALLO*, REIN, ACCT, HELP, STAT and MODE.
The * denotes a command that is disabled when -restrict is used.

These commands are not implemented at all: SMNT, STOU and SITE.

I also spent a lot of time trying to make a "good" pupGet package and it should play nice with the pupGet installer and will automatically install a menu entry in the "Networking" section of the menu for fvwm95, jwm and icewm. It will also uninstall the menu entries automatically when the package is removed.

I decided to make this a PupGet package rather than a DotPup mostly because it will be even more straightforward to have an official unleashed built from it and I hope this makes it in future releases instead of gtkftpd.

Please report any problems with the software here.
Attachments
betaftpd-0.0.8pre17.tar.gz
This is a PupGet package.
Download, launch the PupGet installer, choose &quot;install alien package&quot; and browse to where you saved the downlaoded file.
Should be very easy to make an Unleashed packet to build this in the liveCD.
(32.62 KiB) Downloaded 3572 times
Last edited by papaschtroumpf on Sun 03 Jul 2005, 11:34, edited 12 times in total.
Mandriva LE 2005 user and puppy newbie

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#2 Post by Nathan F »

Thanks for all the work you put into this, papaschtroumpf. Will try it out and hopefully give it a good test. I hope everyone appreciates how much you've contributed since you joined the forum.

Nathan

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#3 Post by Nathan F »

Installed and gave it a brief test last night. So far so good. Will give it a fuller test when I have time and post my thoughts. For now, I can say that yes it works and the control center makes it very easy to figure out. This is right in line with the work Barry has done for things like the setup wizards and such, making it feel a whole lot more "integrated" than a lot of things we can currently add. That part (the control center) makes a good model for how to make a package for Puppy. Thanks again.

Nathan

User avatar
papaschtroumpf
Posts: 250
Joined: Fri 17 Jun 2005, 04:23

#4 Post by papaschtroumpf »

Thanks for the kind words.
The Control Center is modelled after Barry's Wizards so it's not surprising they feel similar :D
Mandriva LE 2005 user and puppy newbie

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#5 Post by Nathan F »

Just to see, I tried the server out over the internet using anonymous ftp from several other computers. I agree wholeheartedly that this is risky, as I was able to upload and even delete files right out of the ~/ftp directory using IE from the local library. This is obviously not acceptable for a public server, but as you said that wasn't your purpose.

I'm going to play around with file permissions and see if that changes anything. There may be someone crazy enough to want to run a public ftp server and I think all possibilities should be explored. (I'm crazy enough to be running Monkey on port 80 from the machine I'm using to write this.)

This does work really well as a simple means to transfer files from a Puppy pc to some other OS, and I intend to use it for that purpose as soon as I actually have my network setup. For now I'm re-firewalling port 21 and I'm a little iffy on using anonymous at all.

Nathan

User avatar
papaschtroumpf
Posts: 250
Joined: Fri 17 Jun 2005, 04:23

#6 Post by papaschtroumpf »

I meant to play with permissions too, maybe you can make the files not writable, let me know how that works for you.

I could recompile the server without the --enable-upload option and make two versions available, one that allows upload and one that doesn't. Heck. the Control Center could decide on the fly which one to run based on user preference (but all users would either have upload or download enabled/disabled and it would double the space used). I could also see if I can add a command line option and "branch off" the code.

Also remember that you can share any user, so create an account called "rover" as follows:
adduser -h /root/bob bob
and enter a password when prompted.

You can now have a trusted user (friend, family...) log in as bob with the right pasword and they have access to the bob home directory.
Mandriva LE 2005 user and puppy newbie

User avatar
papaschtroumpf
Posts: 250
Joined: Fri 17 Jun 2005, 04:23

#7 Post by papaschtroumpf »

The bad news: I lied!
I broke support for non-anonymous users somewhere along the way. I needed to compile it with --enable-shadow

The good news: I hacked the code
Since I needed to fix the item above, I took a crack at adding a command line option to restrict anonymous users from uploading files. other (passworded) users DO have upload rights.

it works fine from the command line, i just need to add support for the new option in the Control Center.

... stay tuned!
Mandriva LE 2005 user and puppy newbie

User avatar
papaschtroumpf
Posts: 250
Joined: Fri 17 Jun 2005, 04:23

#8 Post by papaschtroumpf »

All done!

I updated the top post with the new version / new help file and new screenshot

In the process of working on the new version I discovered a bug in the control panel that caused it to sometimes not be able to stop the server process, so you should use the new version instead.

Changelog would look like this:
- fixed a bug that sometimes prevented the control center to determine the pid of the server, which would then cause it to be unable to stop and restart the server when options where changed
- now compiled with --enabled-shadow which means that users other than "ftp" now work properly
- added a command line option to the server (-restrict) to restrict upload of file by anonymous users and updated the control center to take advantage of that new options (the new "full access / download only buttons)
- updated help file with the new features
- added a symlink so that either man beatftpd or man BetaFTPD will bring up the help file.
- betaftpd was ran through upx before packaging
Mandriva LE 2005 user and puppy newbie

User avatar
papaschtroumpf
Posts: 250
Joined: Fri 17 Jun 2005, 04:23

#9 Post by papaschtroumpf »

darn! while packaging up the code for upload, I realized that the -restrict option may not restrict the DELEte command, because it was not included in the --enable-upload build flag.
I need to test it to confirm. May have to release yet another version.
Mandriva LE 2005 user and puppy newbie

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#10 Post by Nathan F »

Watching this closely for the final version.........

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#11 Post by Nathan F »

:shock: another wrinkle. I uninstalled and reinstalled with the new version, everything O.K. so far. Problem-upon starting the control center, up pops the OLD control center. I checked and I did have the new version, so there must be something I have to manually delete?

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#12 Post by Nathan F »

Answering my own question-the new options don't showe up until anon is enabled. :lol:

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#13 Post by Nathan F »

New version does allow me to disable upload, however as you warned I can still delete using anonymous. Sorry to put you through all this, but I think you're getting really close to where you want to be now. Giving it a test with a full user soon.

PS-changing file permissions didn't seem to work for me.

User avatar
papaschtroumpf
Posts: 250
Joined: Fri 17 Jun 2005, 04:23

#14 Post by papaschtroumpf »

This is really weird, the original betaftpd code would allow the following commands, even when compiled to disable uploads:
DELE delete file
RMD remove directory
MKD make directory
RNFR/RNTO rename file

The STOU and ALLO commands are not implemented so there is no worries about those (ALLO is accepted but does nothing).

I will build a new version of betaftpd that disallows those commands for anonymous users when the -restrict option is used.
Mandriva LE 2005 user and puppy newbie

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#15 Post by Nathan F »

Yes, I forgot to mention that it allowed me to make new directories.

User avatar
papaschtroumpf
Posts: 250
Joined: Fri 17 Jun 2005, 04:23

#16 Post by papaschtroumpf »

uploaded betaftpd-0.0.8pre17-pup-3

Now restricts the commands listed in a previous post when in "download-only" mode.
Also updated the help file
Mandriva LE 2005 user and puppy newbie

Guest

#17 Post by Guest »

This is the source package for betaftpd-0.0.8pre17-pup-3.
You shouldn't need this if you're just a user, use the compiled version at the top of this thread. I'm mostly putting it here to be in a place where I won't loose it and if someone wants to check my work or add new features.
The Control Center is not included in this archive since it's only a shell script and can be retrieved from the tarball in the top post of this thread.

Do not run ./configure unless you really intend to change the config options since the puppy build doesn't use the default configuration.

I think I marked all my changed with "papaschtroumpf". I also added a README.puppy in the doc directory and removed the Debian directory from the package I started from.
Attachments
betaftpd-0.0.8pre17-pup-3.src.tar.gz
(87.68 KiB) Downloaded 930 times

User avatar
papaschtroumpf
Posts: 250
Joined: Fri 17 Jun 2005, 04:23

#18 Post by papaschtroumpf »

Guest above was me. forgot to log in before posting :oops:
Mandriva LE 2005 user and puppy newbie

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#19 Post by Nathan F »

All of the features above seem to be working now! Thanks a million. I'm going to give this some heavy-duty testing sending files back and forth with a friend back in Ohio, will post my findings. Preliminarily I'd say this should at least be in the unleashed suite, but it's probably a good candidate to replace gtkftpd.

Barry, I hope you're watching this thread.

Nathan :lol:

User avatar
papaschtroumpf
Posts: 250
Joined: Fri 17 Jun 2005, 04:23

#20 Post by papaschtroumpf »

It works "as is" as an unleashed, that's why I released it as a pupGet rather than a DotPup. It doesn't show up in the menus and doesn't have a description in the package chooser though.
I works even better if you first register it in packages.txt and add a menu entry for it in each WM, before you start ./createpuppy.
The reason for this is that Unleashed packages are supposed to be "preregistered".

I use the following script to do it (the script gets ran from the puppy-unleashed directory but assumes there is a directory one step above it with the contents of the tarball. The reason I did this is that I can make changes to the files without having to repack them)

Code: Select all

echo " ...adding betaftpd, registering in packages.txt  and fixing menu entries"

  cp -rf ../betaftpd-0.0.8pre17 packages

  FVWM95RC="packages/fvwm95-2.0.43f/root0/.fvwm95rc"
  if [ -f $FVWM95RC ] ; then
    # if somehow the script got ran multiple times we could keep adding
    # more instances: don't do that
    grep "/usr/sbin/betaftpd-cc" $FVWM95RC
    if [ $? -ne 0 ] ;then
      cp -f $FVWM95RC /tmp/DOTfvwm95.ftpd.backup
      EDITTEXT="s/^\(.\+Exec LinPopUp\)/#+ \"BetaFTPD FTP server%pc-2x.xpm%\" Exec exec \/usr\/sbin\/betaftpd-cc\n\1/"
      sed -e "$EDITTEXT" $FVWM95RC >/tmp/betaftpdinstall.tmp
      mv -f /tmp/betaftpdinstall.tmp $FVWM95RC
    fi
    sync
  fi

  
  ### register ourselves in the jwm menu
  # we place ourselves immediately beofre the LinPopUp menu item
  # The menu item will bring up the BetaFTPD Control Center
  JWMRC="packages/jwm-0.23/root/.jwmrc"
  if [ -f $JWMRC ] ; then
    # if somehow the script got ran multiple times we could keep adding
    # more instances: don't do that
    grep "/usr/sbin/betaftpd-cc" $JWMRC
    if [ $? -ne 0 ] ;then
      cp -f $JWMRC /tmp/DOTjwm.ftpd.backup
      EDITTEXT="s/^\(.\+Program label=\"LinPopUp Samba messaging.\+$\)/<Program label=\"BetaFTPD FTP server\" icon=\"pc-2x.xpm\">exec \/usr\/sbin\/betaftpd-cc<\/Program>\n\1/"
      sed -e "$EDITTEXT" $JWMRC >/tmp/betaftpdinstall.tmp
      mv -f /tmp/betaftpdinstall.tmp $JWMRC
    fi
    sync
  fi



  ### register ourselves in the icewm menu if it's there
  # (there currently isn't an unleashed but I made my own)
  # we place ourselves immediately before the LinPopUp menu item
  # The menu item will bring up the BetaFTPD Control Center
  ICEWMMENU="packages/icewm_full-1.2.20/root/local/share/icewm/menu"
  if [ -f $ICEWMMENU ] ; then
    # if somehow the script got ran multiple times we could keep adding
    # more instances: don't do that
    grep "/usr/sbin/betaftpd-cc" $ICEWMMENU
    if [ $? -ne 0 ] ;then
      cp -f $ICEWMMENU /tmp/icewmmenu.ftpd.backup
      EDITTEXT="s/^\(.\+prog \"LinPopUp Samba messaging.\+$\)/\tprog \"BetaFTPD FTP Server\" pc-2x \/usr\/sbin\/betaftpd-cc\n\1/"
      sed -e "$EDITTEXT" $ICEWMMENU >/tmp/betaftpdinstall.tmp
      mv -f /tmp/betaftpdinstall.tmp $ICEWMMENU
    fi
  sync
  fi

Mandriva LE 2005 user and puppy newbie

Post Reply