Mailinglist Archive: proxy-suite (3 mails)
| < Previous | Next > |
Re: [proxy-suite] proxy-suite - problems at startup
- From: Marius Tomaschewski <mt@xxxxxxx>
- Date: Fri, 23 Apr 2004 10:37:08 +0000 (UTC)
- Message-id: <20040423103457.GD9294@xxxxxxx>
On Tue, Apr 20, 2004 at 04:19:22AM +0200, Ralf Ronneburger wrote:
> Hi Marius,
Hi!
> thanks for your reply, I did only today get to try this. Unfortunately
> that did not work out. Now I have a dir ftp-proxy writeable to
> nobody/nogroup in /var/log, but the ftp-proxys log to
> /var/lib/ftp-proxy-test1/rundir/var/log/ftp-proxy and they still don't
> want to start up at boot. Any other ideas?
No. Same idea, but better realization :-) :
Of course, you have to create all directories:
mkdir -m0750 /var/lib/ftp-proxy-test1/
mkdir -m0750 /var/lib/ftp-proxy-test1/rundir/
mkdir -m0750 /var/lib/ftp-proxy-test1/rundir/var/
mkdir -m0750 /var/lib/ftp-proxy-test1/rundir/var/log
mkdir -m0750 /var/lib/ftp-proxy-test1/rundir/var/log/ftp-proxy
chown -R $User /var/lib/ftp-proxy-test1/
chgrp -R $Group /var/lib/ftp-proxy-test1/
Or you change the configuration a little bit... Since
you are using:
ServerRoot /var/lib/ftp-proxy-test1
you can simplify the log path:
User ftpproxy
Group ftpproxy
LogDestination /log/test1.log
The proxy appends the LogDestination path to the
directory specified in ServerRoot.
mkdir -p -m0750 /var/lib/ftp-proxy-test1/
mkdir -p -m0750 /var/lib/ftp-proxy-test1/log/
mkdir -p -m0750 /var/lib/ftp-proxy-test1/etc/proxy-suite/
chown -R root /var/lib/ftp-proxy-test1/
chgrp -R root /var/lib/ftp-proxy-test1/
chown -R $User /var/lib/ftp-proxy-test1/log/
chgrp -R $Group /var/lib/ftp-proxy-test1/log/
The $ServerRoot/etc/proxy-suite/ is required for reload;
the proxy copies (as root, before chroot) its config to it.
This directory depends on compilation time configuration:
if you compiled the proxy to use /usr/local/etc/proxy-suite/
and not the /etc/proxy-suite/ (--sysconfdir=/etc as I do for
SuSE all packages), you have to create the
/usr/local/etc/proxy-suite/
bellow of the directory specified in ServerRoot.
See "ftp-proxy -h" for the default config file path.
Note: Don't use nobody, nogroup - there should be no
writeable (owned) files for them in the system!
If a daemon needs a user/group and writes files
owned by them, create a user/group for it.
The main chroot() directory should be read-only
for the daemon user/group (owned by root:root).
Kind regards,
Marius Tomaschewski <mt@xxxxxxx>
--
SUSE LINUX AG, Nuernberg -- Product Developement
PGP public key on: http://www.suse.de/~mt/mt.pgp
DF17 271A AD15 006A 5BB9 6C96 CA2F F3F7 373A 1CC0
> Hi Marius,
Hi!
> thanks for your reply, I did only today get to try this. Unfortunately
> that did not work out. Now I have a dir ftp-proxy writeable to
> nobody/nogroup in /var/log, but the ftp-proxys log to
> /var/lib/ftp-proxy-test1/rundir/var/log/ftp-proxy and they still don't
> want to start up at boot. Any other ideas?
No. Same idea, but better realization :-) :
Of course, you have to create all directories:
mkdir -m0750 /var/lib/ftp-proxy-test1/
mkdir -m0750 /var/lib/ftp-proxy-test1/rundir/
mkdir -m0750 /var/lib/ftp-proxy-test1/rundir/var/
mkdir -m0750 /var/lib/ftp-proxy-test1/rundir/var/log
mkdir -m0750 /var/lib/ftp-proxy-test1/rundir/var/log/ftp-proxy
chown -R $User /var/lib/ftp-proxy-test1/
chgrp -R $Group /var/lib/ftp-proxy-test1/
Or you change the configuration a little bit... Since
you are using:
ServerRoot /var/lib/ftp-proxy-test1
you can simplify the log path:
User ftpproxy
Group ftpproxy
LogDestination /log/test1.log
The proxy appends the LogDestination path to the
directory specified in ServerRoot.
mkdir -p -m0750 /var/lib/ftp-proxy-test1/
mkdir -p -m0750 /var/lib/ftp-proxy-test1/log/
mkdir -p -m0750 /var/lib/ftp-proxy-test1/etc/proxy-suite/
chown -R root /var/lib/ftp-proxy-test1/
chgrp -R root /var/lib/ftp-proxy-test1/
chown -R $User /var/lib/ftp-proxy-test1/log/
chgrp -R $Group /var/lib/ftp-proxy-test1/log/
The $ServerRoot/etc/proxy-suite/ is required for reload;
the proxy copies (as root, before chroot) its config to it.
This directory depends on compilation time configuration:
if you compiled the proxy to use /usr/local/etc/proxy-suite/
and not the /etc/proxy-suite/ (--sysconfdir=/etc as I do for
SuSE all packages), you have to create the
/usr/local/etc/proxy-suite/
bellow of the directory specified in ServerRoot.
See "ftp-proxy -h" for the default config file path.
Note: Don't use nobody, nogroup - there should be no
writeable (owned) files for them in the system!
If a daemon needs a user/group and writes files
owned by them, create a user/group for it.
The main chroot() directory should be read-only
for the daemon user/group (owned by root:root).
Kind regards,
Marius Tomaschewski <mt@xxxxxxx>
--
SUSE LINUX AG, Nuernberg -- Product Developement
PGP public key on: http://www.suse.de/~mt/mt.pgp
DF17 271A AD15 006A 5BB9 6C96 CA2F F3F7 373A 1CC0
| < Previous | Next > |