1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
$Id: rc.script.txt,v 1.1.6.1 2004/03/30 12:04:16 mt Exp $
SuSE FTP-Proxy -- run level script
Marius Tomaschewski <mt@suse.de>
This version provides a *sample* LSB run-level script for
(SuSE) Linux: rc.script. It allows you to start the proxy
in daemon mode in a chroot runtime enviroment as well as
in "normal" standalone / daemon mode.
It also creates the complete chroot environment for you.
The run-level script is very blown and tries to handle
some different settings, like LogDestination, PidFile,
TCPWrapper, LDAPServer, User, Group, Messages.
If you do not like this script, write your own one :-)
Note: this script needs case-sensitive config variable
names - do not try to use ``serverroot instead
of ``ServerRoot.
The script uses the ServerRoot chroot setting in the
ftp-proxy.conf configuration file and allows you to
use the built-in ftp-proxy to chroot mechanisms or via
external compartment tool by Marc Heuse.
The benefit of compartment usage is that compartment
cleanups the enviroment, does a chroot, changes the
group, sets kernel capabilities and _after_ all the
steps are done, executes the daemon inside of this
environment.
The daemon runs with in the chroot with dropped root
privileges, except of bind to a port lower than 1024
(server port) and is able to write to files owned by
himself (root).
If you decide to use the compartment tool, set (add)
the FTP_PROXY_CAPS variable to "yes".
The config steps in /etc/proxy-suite/ftp-proxy.conf:
* Set ``ServerType to 'standalone' (otherwise the
script refuses to start).
* Set a directory with ``ServerRoot, i.e. the
default directory '/var/lib/ftp-proxy/rundir'.
* Set a ``Group, the proxy should run as (i.e.
'ftpproxy').
* Set a ``User, the proxy should run as (i.e.
'ftpproxy').
* Set a ``LogDestination. The proxy supports logging
to a pipe - the script doesn't support it, so you
have to use a file (i.e. '/var/log/ftp-proxy.log')
or a syslog facility (i.e. 'daemon').
If you are using a file, allways set an absolute name;
both, the script and the ftp-proxy need this.
If you are using a syslog facility, you have to say
syslogd to create a log-socket inside of the chroot
environment - simply add it to the SYSLOGD_PARMS
variable in /etc/rc.config, i.e.:
SYSLOGD_PARMS="-a /var/lib/ftp-proxy/rundir/dev/log"
* Set a ``DestinationAddress _OR_ enable the new
transparent proxying feature with ``AllowTransProxy
(see TransProxy-Mini-Howto.txt).
* Make other settings you need/like...
That's all - now start the script with:
/sbin/rcftp-proxy chroot
and it will create a chroot enviroment for you with
all needed files (I hope ;-) inside. Now, you can
start the proxy with:
/sbin/rcftp-proxy start
and TEST if it does what you want - if not, read
the documentation and double-check your settings.
You can take a look into the configuration file inside
of the chroot environment (with the above settings it
is /var/lib/ftp-proxy/rundir/etc/proxy-suite/ftp-proxy.conf).
Some of your settings are not there (ServerRoot, User,
Group) if you are using compartment tool and not the
built-in chroot of the ftp-proxy (see above).
Please contact proxy-suite@suse.com if you have any ideas,
additions or corrections to this text, the script or the
ftp-proxy. You can also purchase support or consulting
services; contact solutions@suse.de or bsupport@suse.de.
Don't forget to have fun,
Your SuSE Team.
|
