Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- ftp:server:webdav [2009/02/23 16:25] – gerald
+++ ftp:server:webdav [2024/02/29 13:36] (aktuell) – Externe Bearbeitung 127.0.0.1
@@ Zeile 20: / Zeile 20: @@
 Der gemeinsam zu nutzende Ordner liegt in unserem Beispiel unter ''/var/www/webserver/webdav/''
 ===== Webdav =====
@@ Zeile 40: / Zeile 38: @@
        </Location>
 </code>
+Evt. mod_auth_pam + mod_perl installieren:
+<code>
+apt-get install libapache2-mod-auth-pam
+apt-get install libapache2-mod-perl2
+</code>
 ===== FTP vsftpd =====
+[[http://de.linwiki.org/wiki/Linuxfibel_-_Netzwerk_Server_-_FTP_Server|Erklärung der Parameter]]
+Funktionierende ''/etc/vsftpd.conf'':
+<code>
+# Example config file /etc/vsftpd.conf
+#
+# The default compiled in settings are fairly paranoid. This sample file
+# loosens things up a bit, to make the ftp daemon more usable.
+# Please see vsftpd.conf.5 for all compiled in defaults.
+#
+# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
+# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
+# capabilities.
+#
+#
+# Run standalone?  vsftpd can run either from an inetd or as a standalone
+# daemon started from an initscript.
+listen=YES
+#
+# Run standalone with IPv6?
+# Like the listen parameter, except vsftpd will listen on an IPv6 socket
+# instead of an IPv4 one. This parameter and the listen parameter are mutually
+# exclusive.
+#listen_ipv6=YES
+#
+# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
+anonymous_enable=NO
+#
+# Uncomment this to allow local users to log in.
+local_enable=YES
+virtual_use_local_privs=YES
+#
+# Uncomment this to enable any form of FTP write command.
+write_enable=YES
+#
+# Default umask for local users is 077. You may wish to change this to 022,
+# if your users expect that (022 is used by most other ftpd's)
+local_umask=022
+#
+# Uncomment this to allow the anonymous FTP user to upload files. This only
+# has an effect if the above global write enable is activated. Also, you will
+# obviously need to create a directory writable by the FTP user.
+#anon_upload_enable=YES
+#
+# Uncomment this if you want the anonymous FTP user to be able to create
+# new directories.
+#anon_mkdir_write_enable=YES
+#
+# Activate directory messages - messages given to remote users when they
+# go into a certain directory.
+dirmessage_enable=YES
+#
+# Activate logging of uploads/downloads.
+xferlog_enable=YES
+#
+# Make sure PORT transfer connections originate from port 20 (ftp-data).
+connect_from_port_20=YES
+#
+# If you want, you can arrange for uploaded anonymous files to be owned by
+# a different user. Note! Using "root" for uploaded files is not
+# recommended!
+chown_uploads=YES
+chown_username=www-data
+#
+# You may override where the log file goes if you like. The default is shown
+# below.
+#xferlog_file=/var/log/vsftpd.log
+#
+# If you want, you can have your log file in standard ftpd xferlog format
+#xferlog_std_format=YES
+#
+# You may change the default value for timing out an idle session.
+idle_session_timeout=800
+#
+# You may change the default value for timing out a data connection.
+data_connection_timeout=180
+#
+# It is recommended that you define on your system a unique user which the
+# ftp server can use as a totally isolated and unprivileged user.
+#nopriv_user=ftpsecure
+#
+# Enable this and the server will recognise asynchronous ABOR requests. Not
+# recommended for security (the code is non-trivial). Not enabling it,
+# however, may confuse older FTP clients.
+#async_abor_enable=YES
+#
+# By default the server will pretend to allow ASCII mode but in fact ignore
+# the request. Turn on the below options to have the server actually do ASCII
+# mangling on files when in ASCII mode.
+# Beware that on some FTP servers, ASCII support allows a denial of service
+# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
+# predicted this attack and has always been safe, reporting the size of the
+# raw file.
+# ASCII mangling is a horrible feature of the protocol.
+#ascii_upload_enable=YES
+#ascii_download_enable=YES
+#
+# You may fully customise the login banner string:
+ftpd_banner=Welcome to Foto-und-Kind.de FTP service.
+#
+# You may specify a file of disallowed anonymous e-mail addresses. Apparently
+# useful for combatting certain DoS attacks.
+#deny_email_enable=YES
+# (default follows)
+#banned_email_file=/etc/vsftpd.banned_emails
+#
+# You may restrict local users to their home directories.  See the FAQ for
+# the possible risks in this before using chroot_local_user or
+# chroot_list_enable below.
+chroot_local_user=YES
+local_root=/var/www/webserver/bilder
+#
+# You may specify an explicit list of local users to chroot() to their home
+# directory. If chroot_local_user is YES, then this list becomes a list of
+# users to NOT chroot().
+#chroot_list_enable=YES
+# (default follows)
+#chroot_list_file=/etc/vsftpd.chroot_list
+#
+# You may activate the "-R" option to the builtin ls. This is disabled by
+# default to avoid remote users being able to cause excessive I/O on large
+# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+# the presence of the "-R" option, so there is a strong case for enabling it.
+#ls_recurse_enable=YES
+#
+#
+# Debian customization
+#
+# Some of vsftpd's settings don't fit the Debian filesystem layout by
+# default.  These settings are more Debian-friendly.
+#
+# This option should be the name of a directory which is empty.  Also, the
+# directory should not be writable by the ftp user. This directory is used
+# as a secure chroot() jail at times vsftpd does not require filesystem
+# access.
+secure_chroot_dir=/var/run/vsftpd
+#
+# This string is the name of the PAM service vsftpd will use.
+pam_service_name=vsftpd
+guest_enable=YES
+#
+# This option specifies the location of the RSA certificate to use for SSL
+# encrypted connections.
+rsa_cert_file=/etc/ssl/certs/vsftpd.pem
+#user_config_dir=/var/www/users-ftp
+#check_shell=NO
+#ftp_username=www-data
+#guest_username=nobody
+</code>
+Der Punkt ''pam_service_name=vsftpd'' bezieht sich darauf, welche Conf-Datei für die Authorisierung zuständig ist. Also:
+''/etc/pam.d/vsftpd''. Die sieht so aus:
+<code>
+# Standard behaviour for ftpd(8).
+#auth   required        pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
+auth    required        pam_pwdfile.so pwdfile /var/www/webdav-ftp-password
+account required        pam_permit.so
+# Note: vsftpd handles anonymous logins on its own.  Do not enable
+# pam_ftp.so.
+# Standard blurb.
+#@include common-account
+#@include common-session
+#@include common-auth
+#auth   required        pam_shells.so
+</code>
+Alles aufkommenieren und die beiden Zeilen einfügen. Dabei drauf achten, dass es das Modul ''pam_pwdfile.so'' auch wirklich gibt (siehe weiter unten).
+==== Probleme ====
+----
+Nach login: ''500 OOPS: cannot locate user entry''
+Er findet die Umgebungsvariablen des User nicht, weil es den User gar nicht gibt (nur virtuell).
+Wenn es den User in echt gibt, der in der Passwort-Datei steht, dann gehts...
+Lösung: ''/etc/vsftpd.conf'':
+<code>guest_enable=YES</code>
+----
+Nach login: ''500 OOPS: cannot change directory:/nonexistent''
+Geht auch nicht mit Usern, die wirklich existieren.
+Lösung: Folgendes darf **nicht** in der ''/etc/vsftpd.conf'' stehen:
+<code>
+ftp_username=nobody
+guest_username=nobody
+</code>
+Auskommentieren!
+----
-Problem: Zumindest bei meinem Debian gibt es keine Datei ''/lib(64)/security/pam_pwdfile.so''.
+Zumindest bei meinem Debian gibt es keine Datei ''/lib(64)/security/pam_pwdfile.so''.
 Das Paket wird nicht standardmässig installiert. Fehlermeldung von vsftpd gibt es keine; lediglich die /var/log/auth.log gibt einen Hinweis darauf.
@@ Zeile 51: / Zeile 253: @@
 <code>apt-get install libpam-pwdfile</code>
+{{tag>ftp-server WebDav}}

Nach oben

ftp/server/webdav.1235406304.txt.gz · Zuletzt geändert: 2024/02/29 13:35 (Externe Bearbeitung)

Übersicht Letzte Änderungen

Admin