[gentoo-user] [OT] ProFTPd problem with anonymous access

[gentoo-user] [OT] ProFTPd problem with anonymous access

[Jake Moe]

[-- Attachment #1: Type: text/plain, Size: 2167 bytes --]

 Hello all,

I'm hoping someone on the list can help me out with a problem I'm having
(or at least point me in the direction of a RTFM).  I've got my laptop
set up as a local rsync and source mirror for a PC at work and another
laptop at home.  The laptop has /usr/portage shared anonymously, so
whatever distfile it's already downloaded, the other computers don't
need to go out to the Internet to retrieve.  This has been working for a
little while now.  However, recently I noticed that one of the local
computers were going out to the Internet to retrieve the newest
gentoo-sources, which I knew had already been downloaded on the mirror
laptop.  Looking further, I found that when I try to log into the laptop
as anonymous, I get a 530-Unable to set anonymous privileges error, and
in /var/log/messages, I see: ftp: Directory /usr/portage/ is not accessible.

This setup used to work for a while, but looking back through
/var/log/messages, it appears this started on 1 Sept.  Going back
through my emerge.log shows that the previous day, Portage had updated
wine, and installed bar.  Then later that day, I must have changed a USE
flag for hal, because then I see policykit being installed, then hal
being rebuilt.  Then I was trying to help a friend get data off a disk
their kids had wiped, so I installed testdisk, gpart and gparted.

The next day sees iputils, apache-tools, apache, docbook-xml-dtd-4.2,
and deskbar-applet being updated.  I was having troubles with the
upgrade-then-downgrade of dhcpcd and upgrade of gentoo-sources-2.6.35,
so later that day saw me unmasking dhcpcd-5.2.7 and re-upgrading that.

As far as I can tell, ProFTPd should be trying to access that folder
with the ftp account that Portage set up for me.  And permissions on
both /usr and /usr/portage give r-x to other.  So if I understand
correctly, it *should* be able to access that folder, at least
read-only.  Changing it to rwx for other doesn't fix it, either.

Attached is my proftpd.conf, as configured according to
http://www.gentoo-wiki.info/HOWTO_Setup_local_Portage_and_Package_Mirror
(and which had been worked previously).  Any help would be appreciated.

Jake Moe

[-- Attachment #2: proftpd.conf --]
[-- Type: text/plain, Size: 600 bytes --]

ServerName                      "aus10224"
ServerType                      standalone
DefaultServer                   on
RequireValidShell               off
AuthPAM                         off
AuthPAMConfig                   ftp
Port                            21
Umask                           022
MaxInstances                    30

User                            ftp
Group                           ftp
# These need to be changed to use the standard "ftp" user and group.

<Anonymous /usr/portage>
	User		ftp
	Group		ftp
	UserAlias	anonymous ftp
	<Limit WRITE>
		DenyAll
	</Limit>
</Anonymous>

Re: [gentoo-user] [OT] ProFTPd problem with anonymous access

[Adam Carter]

[-- Attachment #1: Type: text/plain, Size: 630 bytes --]

 Looking further, I found that when I try to log into the laptop

> as anonymous, I get a 530-Unable to set anonymous privileges error, and
> in /var/log/messages, I see: ftp: Directory /usr/portage/ is not
> accessible.
>
>
Have you tried su'ing to the ftp user to make sure you can still get to
/usr/portage via a shell?

Tried running strace against the ftpd?

BTW - http replicator works well for distfiles. It might just be easier to
use that.

http://webcache.googleusercontent.com/search?q=cache:BpP7JqMShS0J:www.gentoo-wiki.info/HOWTO_Download_Cache_for_LAN-Http-Replicator+http+replicator+gentoo&cd=4&hl=en&ct=clnk&gl=au

[-- Attachment #2: Type: text/html, Size: 1086 bytes --]

Re: [gentoo-user] [OT] ProFTPd problem with anonymous access

[Jake Moe]

 On 09/09/10 11:35, Adam Carter wrote:
>  Looking further, I found that when I try to log into the laptop
>
>> as anonymous, I get a 530-Unable to set anonymous privileges error, and
>> in /var/log/messages, I see: ftp: Directory /usr/portage/ is not
>> accessible.
>>
>>
> Have you tried su'ing to the ftp user to make sure you can still get to
> /usr/portage via a shell?
>
> Tried running strace against the ftpd?
>
> BTW - http replicator works well for distfiles. It might just be easier to
> use that.
>
> http://webcache.googleusercontent.com/search?q=cache:BpP7JqMShS0J:www.gentoo-wiki.info/HOWTO_Download_Cache_for_LAN-Http-Replicator+http+replicator+gentoo&cd=4&hl=en&ct=clnk&gl=au
>
1) I thought of that, but what password does Portage give it (if any)? 
If I change it, will it affect the use of my system at all?
2) Never used strace.  I was under the impression that it was a
debugger, and I don't know enough about programming to be able to
understand that.  But looking into it now, it appears it may be used
more simply to give a better idea of what's going on.  I'll give it a try.
3) I'll have a look at http replicator, thanks.

Jake Moe

Re: [gentoo-user] [OT] ProFTPd problem with anonymous access

[Adam Carter]

[-- Attachment #1: Type: text/plain, Size: 801 bytes --]

1) I thought of that, but what password does Portage give it (if any)?

If you su from root it wont ask for a password! But you'll have to make sure
the ftp has a real shell. It may have say /bin/false for security reasons.
In the short term changing it to bash is fine.

If I change it, will it affect the use of my system at all?
> 2) Never used strace.  I was under the impression that it was a
> debugger, and I don't know enough about programming to be able to
> understand that.  But looking into it now, it appears it may be used
> more simply to give a better idea of what's going on.  I'll give it a try.
>

Its mostly unrecognisable to me, but sometimes I find useful information in
there, such as a failed attempt to open a file.


> 3) I'll have a look at http replicator, thanks.
>
> NP.

[-- Attachment #2: Type: text/html, Size: 1193 bytes --]