On 2014-01-13 Mon 14:52 PM |, Craig R. Skinner wrote:
> On 2014-01-11 Sat 18:35 PM |, Craig R. Skinner wrote:
> > $HOME of /var/spool/ftp instead of /home/ftp
> >
> > $SHELL of /sbin/nologin instead of /usr/bin/false
> >
> > 'useradd' instead of 'adduser', which sets a /home prefix
> >
> > Change the 'Directory Setup' section as the existing article duplicates
> > what's in the default /var/spool/ftp/, and set up a local OpenBSD ftp
> > mirror.
> >
>
> Whoops, evidence it works:
>
Anyone else?
Plain text result from the earlier diff:
----------------------------------------
Adding the FTP account
To start off, you need to have an ftp user account on your system. This account
should not have a usable password. Here we will set the login directory to the
pre-existing /var/spool/ftp, as hier(7) says: 'Commonly ~ftp; the anonymous ftp
root directory' but you can put it wherever you want, such as another disk
partition:
$ fgrep ftp /etc/fstab
/dev/sd3a /var/spool/ftp ffs rw,nodev,nosuid,softdep,noatime
0 2
When using anonymous ftp, the ftp daemon will chroot itself to the home
directory of the ftp user. To read up more on that, read the ftpd(8) and
chroot(2) man pages. Here is an example of adding the ftp user. I will do this
using useradd(8).
$ sudo useradd -v -c 'anonymous ftp' -d /var/spool/ftp -u 212121 -g =uid -s
/sbin/nologin ftp
$ sudo userinfo ftp
login ftp
passwd *************
uid 212121
groups ftp
change NEVER
class
gecos anonymous ftp
dir /var/spool/ftp
shell /sbin/nologin
expire NEVER
$ grep ^ftp /etc/group
ftp:*:212121:
Directory Setup
>From a default OpenBSD install, ftp's home directory is already there, and
>mostly pre-populated for anonymous ftp duties:
$ sudo ls -lAR /var/spool/ftp
total 12
dr-x--x--x 2 root wheel 512 Jul 30 18:52 bin
dr-x--x--x 2 root wheel 512 Jul 30 18:52 etc
d--x--x--x 2 root wheel 512 Jul 30 18:52 hidden
/var/spool/ftp/bin:
/var/spool/ftp/etc:
/var/spool/ftp/hidden:
All we need to do is add the public directory. In this example, we'll also set
up the directory structure for a local OpenBSD ftp mirror, for both i386 &
sparc64 machines:
$ sudo mkdir -p /var/spool/ftp/pub/OpenBSD/5.4/{i386,sparc64,packages}
$ sudo mkdir -p /var/spool/ftp/pub/OpenBSD/5.4/packages/{i386,sparc64}
$ sudo find /var/spool/ftp
/var/spool/ftp
/var/spool/ftp/bin
/var/spool/ftp/etc
/var/spool/ftp/hidden
/var/spool/ftp/pub
/var/spool/ftp/pub/OpenBSD
/var/spool/ftp/pub/OpenBSD/5.4
/var/spool/ftp/pub/OpenBSD/5.4/i386
/var/spool/ftp/pub/OpenBSD/5.4/sparc64
/var/spool/ftp/pub/OpenBSD/5.4/packages
/var/spool/ftp/pub/OpenBSD/5.4/packages/i386
/var/spool/ftp/pub/OpenBSD/5.4/packages/sparc64
Now we'll set the directory permissions so the ftp user can read, and the wheel
group can write (ftp get base tarballs and packages):
$ sudo chown -R root:wheel /var/spool/ftp/pub
$ sudo chmod 555 /var/spool/ftp/pub
$ sudo chmod -R 575 /var/spool/ftp/pub/OpenBSD/
