在SL6 x86_64上托pipeproftpd时,我有一个有趣的问题。 从源代码编译时,proftpd可执行文件将忽略HideGroupfunction。 但是,当我通过rpm安装epel的旧版本时,这个HideGroupfunction工作得很好。 为什么从source / tar安装mod_core的这个特性会被忽略,但是在从epel / rpm安装的时候会得到这个特性呢?
我在“/ var / ftp /”中有一个名为“pictures”的目录,我不希望它对匿名用户可见。 所以我有隐藏组中的隐藏,但它被忽略! 任何想法为什么? 这里有一些debugging信息。
[robertk@bunsy ~]$ ll /var/ftp/ total 40 drwxrwxr-x. 3 bobby bobby 20480 Jul 27 11:10 pictures drwxr-xr-x. 7 root root 4096 Dec 20 2013 pub d-wx-wx--x 2 ftp ftp 4096 Dec 20 2013 uploads -rw-r--r-- 1 root root 224 Dec 20 2013 welcome.msg -rw-r--r-- 1 root root 224 Dec 20 2013 welcome.msg.rpmnew -rw-r--r--. 1 root root 1283 Jul 23 17:18 welcome.msg.rpmsave [robertk@bunsy ~]$ 这是我的源代码“configuration”。
[root@bunsy proftpd-1.3.5a]# ./configure --prefix=/opt/proftpd-1.3.5a/ --enable-cap --enable-dso --enable-nls --enable-shadow
而当我在非守护程序详细模式下运行proftpd时,吐出这个:
[root@bunsy proftpd-1.3.5a]# /opt/proftpd-1.3.5a/sbin/proftpd -d 10 -n -DANONYMOUS_FTP -c /usr/local/etc/proftpd.conf ... : in dir_check_full(): path = '/', fullpath = '/var/ftp/'. : retrieved GID 45755 for group 'bobby' : HideGroup 'root' is not a known/valid group, ignoring : dispatching POST_CMD command 'PASS (hidden)' to mod_cap : mod_cap/1.1: uid = 14, euid = 14, gid = 50, egid = 50 : mod_cap/1.1: capabilities '= cap_chown,cap_setgid,cap_setuid,cap_net_bind_service+ep cap_mac_override+ei' : dispatching POST_CMD command 'PASS (hidden)' to mod_delay : dispatching POST_CMD command 'PASS (hidden)' to mod_log : dispatching POST_CMD command 'PASS (hidden)' to mod_ls : dispatching POST_CMD command 'PASS (hidden)' to mod_auth : RELINQUISH PRIVS at mod_auth.c:1963 : dispatching POST_CMD command 'PASS (hidden)' to mod_rlimit : dispatching POST_CMD command 'PASS (hidden)' to mod_xfer : dispatching POST_CMD command 'PASS (hidden)' to mod_core : dispatching LOG_CMD command 'PASS (hidden)' to mod_log : dispatching LOG_CMD command 'PASS (hidden)' to mod_auth : ANON ftp: Login successful. : dispatching PRE_CMD command 'SYST' to mod_core : dispatching PRE_CMD command 'SYST' to mod_core : dispatching CMD command 'SYST' to mod_core : dispatching LOG_CMD command 'SYST' to mod_log : dispatching PRE_CMD command 'FEAT' to mod_core : dispatching PRE_CMD command 'FEAT' to mod_core : dispatching CMD command 'FEAT' to mod_core : in dir_check_full(): path = '/', fullpath = '/var/ftp/'. : HideGroup 'bobby' is not a known/valid group, ignoring : dispatching LOG_CMD command 'FEAT' to mod_log : dispatching PRE_CMD command 'PWD' to mod_core : dispatching PRE_CMD command 'PWD' to mod_core : dispatching CMD command 'PWD' to mod_core : in dir_check_full(): path = '/', fullpath = '/var/ftp/'. : HideGroup 'bobby' is not a known/valid group, ignoring : dispatching LOG_CMD command 'PWD' to mod_log : dispatching PRE_CMD command 'EPSV' to mod_core : dispatching PRE_CMD command 'EPSV' to mod_core : dispatching CMD command 'EPSV' to mod_core : in dir_check_full(): path = '/', fullpath = '/var/ftp/'. : HideGroup 'bobby' is not a known/valid group, ignoring : Entering Extended Passive Mode (|||25228|) : dispatching LOG_CMD command 'EPSV' to mod_log : dispatching PRE_CMD command 'LIST' to mod_core : dispatching PRE_CMD command 'LIST' to mod_core : dispatching CMD command 'LIST' to mod_ls : passive data connection opened - local : 137.78.60.158:25228 : passive data connection opened - remote : 128.149.252.79:50071 : in dir_check_full(): path = '/', fullpath = '/var/ftp/'. : HideGroup 'bobby' is not a known/valid group, ignoring : in dir_check_full(): path = '/igspush', fullpath = '/var/ftp/igspush'. : HideGroup 'bobby' is not a known/valid group, ignoring : in dir_check_full(): path = '/pub', fullpath = '/var/ftp/pub'. : HideGroup 'bobby' is not a known/valid group, ignoring : in dir_check_full(): path = '/uploads', fullpath = '/var/ftp/uploads'. : HideGroup 'bobby' is not a known/valid group, ignoring : in dir_check_full(): path = '/welcome.msg', fullpath = '/var/ftp/welcome.msg'. : HideGroup 'bobby' is not a known/valid group, ignoring : in dir_check_full(): path = '/welcome.msg.rpmnew', fullpath = '/var/ftp/welcome.msg.rpmnew'. : HideGroup 'bobby' is not a known/valid group, ignoring : in dir_check_full(): path = '/welcome.msg.rpmsave', fullpath = '/var/ftp/welcome.msg.rpmsave'.
(请注意,我已经从详细输出模式中删除了完整的服务器名称,IP,时间等,以节省此视图的空间)
这里是我的proftpd.conf中的ANONYMOUS_FTP块的configuration
<Anonymous ~ftp> User ftp Group ftp # We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp # Do not allow blank "passwords" # AnonRejectPasswords ^$ | ([ \t\n\r\f]) # Maximum clients with message MaxClients 100 "Sorry, max of users reached (%m) -- try again later" MaxClientsPerUser 20 "Sorry, max clients for this user reached (%m) -- try again later" # Put the user into /pub right after login #DefaultChdir /pub # We want 'welcome.msg' displayed at login, '.message' displayed in # each newly chdired directory and tell users to read README* files. #DisplayLogin /welcome.msg DisplayChdir .message #DisplayReadme README* # Cosmetic option to make all files appear to be owned by user "ftp" DirFakeUser on ftp DirFakeGroup on ftp # Limit WRITE everywhere in the anonymous chroot <Limit WRITE STOR SITE_CHMOD> DenyAll </Limit> # Allow logins (for anonymous) since they are disabled above. <Limit LOGIN> Order deny,allow Deny from .com Deny from <some ip> Deny from <some ip> Allow from all </Limit> HideNoAccess on HideGroup bobby HideGroup root #HideGroup 45755 <Limit ALL> IgnoreHidden on </Limit> #ShowSymlinks off # Don't write anonymous accesses to the system wtmp file (good idea!) WtmpLog off # Logging for the anonymous transfers ExtendedLog /var/log/proftpd/access.log WRITE,READ default ExtendedLog /var/log/proftpd/auth.log AUTH auth </Anonymous>
当我运行指向相同的/usr/local/etc/proftpd.conf的proftpd(从epel通过rpm(yum)安装),事情工作得很好!
任何想法,我忽略了这个问题?
什么:
$ proftpd -V
显示通过rpm(yum)从epel安装的proftpd ? 上述命令发出的事情之一是用于该proftpd二进制文件的编译时选项列表。 通过比较你的configure命令选项和epel版本的configure命令选项,你可能会发现罪魁祸首。