Intranets-Talk

I've been using Vim for about 2 years now, mostly because I can't figure out how to exit it

MyBook World Edition (Blue Rings) - My Set Up - Part 2

As promised, I'm back on the second part of the setting up steps for my MyBook World Edition Blue Rings. In my last post I was planning to go through installing the vsftpd FTP server, LightHttpd web server and registering with DynDns - all in one go. Due to my crazy schedule I will have to break this into several sessions - so for now, we'll only look at installing the vsftpd FTP server.

I would suggest going through the instructions below at least once - to get the whole picture of the involved steps - before doing any changes to your machine.

Installing the vsftpd FTP server

Scope: what we want to achieve here - is to install the vsftpd FTP sever and set it up so that the local users will be able to connect through a FTP client, access their shares and have read/write access enabled. Also, we want to prevent those users to view and access the whole system or other users folders. The admin (you!) should have unrestricted access when using the FTP service.

If you followed the steps in my first part you should now have the Optware package installed - if not, you can go back to Part 1 and see how to install the Optware package. Once that's done, fire up Putty and connect to your NAS. Become root (su-) - than issue:

sudo ipkg install vsftpd

After the install is complete, we'll need to edit inetd.conf (in the /etc folder) to add a line. To open inetd.conf for editing, we'll use nano:

sudo /opt/bin/nano /etc/inetd.conf

...and add the following line:

ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf

Ctrl+O to save, than Ctrl+X to exit. Boom. During install, vsftpd created a user called "ftpsecure" (vsftpd will run as a non-privileged user). We'll need to add this user to the passwd file, so let's open the file:

pss1

Add this line at the end of the file:

ftpsecure:x:108:99:Operator:/var:/bin/sh

... where 108 is the unique User ID for the user ftpsecure on MY machine.

To find out the ID for YOUR ftpsecure user, exit passwd (Ctrl-x), and type in the shell:

id ftpsecure

That will return the User ID for the ftpsecure user. Now let's go back to the passwd file.

Inside this file, you should also see other users that have accounts on the machine, along with the paths to their shares. If not, you can add them. In order to do that you'll need to find out their user ID. Same syntax as above:

id username

In my case, this is what I get back, and now I know that my user ID is 1003.

uid=1003(JOHN) gid=1003(JOHN) groups= 1003(JOHN)

If you closed the passwd file, let's open it again:

pss1

The way you add your users here and point to their shares - it's like this:

JOHN:x:1003:1003:Linux User,,,:/shares/internal/JOHN:/bin/sh

...each user on a single line. Like I said, this step (addig users in to the passwd file) should not be necessary - this is just in case you don't see them in there. And of course, those users and shares have to exist. Also note that usernames are in capital letters, and my shares are set up using names that match user's names. Once you're done adding users, you can save and close the file.

Now let's take a quick trip to the vsftpd.chroot_list file:

sudo /opt/bin/nano /opt/etc/vsftpd.chroot_list

In here, we'll also add users. The rules are: usernames are in capital letters, they have to exist (ex: a login account on your machine), and each have to be on a single line. Like this:

#JOHN
TOMMY
ALLEN

If you don't have any other users set up on your machine, just write your user name . The reason we are adding user names to this file it's because we'll need to "jail" them inside their folder when they'll connect to the FTP server. Most likely you will not want your users to wander all over system when connected. Also notice that my username (JOHN in this case) - has "#" in front of it. This way, we are telling the server to allow me to see my folder/share as well as the whole system when I will connect to the FTP service - so I will not be "jailed" to my folder. Save and close the file.

Ok, almost there; let's have a closer look at vsftpd.conf - where you can set various options for vsftpd. Open up vsftpd.conf:

sudo /opt/bin/nano /opt/etc/vsftpd.conf

There are quite a few options in there and I will not go through all of them, just the ones that are relevant to our example here. Look for the settings below and match them with mine:

anonymous_enable=NO
local_enable=YES
write_enable=YES
connect_from_port_20=YES
ftpd_banner=Welcome to the John's FTP box!
chroot_list_enable=YES
chroot_list_file=/opt/etc/vsftpd.chroot_list
ls_recurse_enable=YES
listen= NO

Now, vsftpd is controlled by inetd, which in turn it's controlled by S30network (I know, I know..). So let's restart the whole thing:

/etc/init.d/S30network restart

Check if vsftpd is running:

ps -ef|grep vsftpd

You should get something similar to:

JOHN 6261 6219 1 17:38 pts/0 00:00:00 grep vsftpd

Go grab Filezilla and log in. If you're running into issues, you can drop me a line and I will try to help. Until next time, have fun tuning up your fresh vsftpd install.