One more issue
Polytropon
freebsd at edvax.de
Thu May 21 11:37:47 UTC 2015
On Wed, 20 May 2015 22:42:43 -0700, Jeffry Killen wrote:
> I installed apache24 from ports.
>
> added the requisite line to rc.conf to start apache on boot.
>
> I ran servic apache24 start to start the server.
>
> from another machine I established an ftp connection to the
> doc root and attempted to edit the default index.html page.
>
> The ftp client informed me I couldn't edit the page, and I realized
> that the ownership of the doc root needed to be changed to ftp
> user.
No, that sounds wrong. The user "ftp" is the anonymous (!) FTP
user (the one without a name and a password). You probably don't
want to give that user access to document files.
Do you have ftpd (FreeBSD's FTP server) running, or do you use
something different?
See the file /etc/ftpusers - it contains those _not_ allowed to
run FTP connections: "root" and "ftp" commonly are the two top
entries. Make sure that they are there, if you have to use FTP.
Which means: Using FTP today is a bad idea, no matter what "reason"
you might mention... :-)
> SO, via ssh I attempted to login via su and the root password
> was refused.
The users which are allowed to "su root" have to be member of
the "wheel" group. Check /etc/group for the relevant entries.
Use "pw groupmod" to add the user, if required.
> I went to the monitor attached to the server and attempted to log in
> as root. I kept getting refusals.
SSH logins for root are usually disallowed. There's an option
named "PermitRootLogin yes" in /etc/ssh/sshd_config which can
be set. However, it's encouraged not to do this, and instead
to use a normal user login + wheel group + su.
Also have a look at the "sudo" and "super" tools, available
via ports.
> I ended up having to dig up how to boot into single user mode to
> change root password. That I did. Now I can log in as root or
> su as usual.
This indicates a password mismatch rather than a "normal" permission
problem.
> The point is that I did not fool around with the password file.
> Something else altered or corrupted it. Hopefully I don't now
> have a root kit hanging around.
That's worth checking. It's also good to have backups of the
relevant files and the databases generated from them.
> I am conderned about having to be connected to the internet
> so ports can fetch anything it sees fit. (this is why I had avoided
> using ports in the past).
That's no big deal, and no big difference between ports and
packages. Make sure you read about system security, and also
make sure you have a firewall in place, just in case. Also
know about your log files, for example /var/log/auth.log.
In case you're running a FTP server, use /var/log/ftpd.log.
> What services do I have to allow to and from the internet that
> are secure with respect to hosts.allow and tcpwrappers, for the sake
> of ports?
Ports are usually obtained with the "fetch" program, using FTP
or HTTP, depending on how the port's distfiles are being
provided.
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions
mailing list