LRivas@oxiquim.cl escribió:
Holases
Eso, que tengo varias máquinas SuSE y me interesaría tener un YOU (con un ftp server) dentro de mi red, imagino que debe estar constantemente sincronizandose con alguno de los YOU legales... alguien sabe como hacer esto?
Gracias Leo
Algún día lo tendré escrito como debe ser y se lo pasaré a los de susemania.org, pero mientras ... te lo paso tal y como lo tengo. Espero que te valga: Puesta en marcha del servidor FTP con vsftpd para entrada como anonymous (para montar un servidor YOU) ========================================================================== Instalamos el paquete vsftpd Instalamos el paquete ftpdir Podemos ver si están instalados de esta manera: --- jupiter:/srv/ftp # rpm -qa | grep ftp yast2-tftp-server-2.8.5-23 lukemftp-1.5-480 vsftpd-1.2.0-48 ftpdir-2003.6.12-46 jupiter:/srv/ftp # --- Configuramos el servidor editando el archivo /etc/vsftpd.conf (con ### la líneas modificadas respecto al origunal) El contenido es: --- # Example config file /etc/vsftpd.conf # # The default compiled in settings are very paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # # If you dont change anything here you will have a minimum setup for an # anonymus FTP server. # General Settings # # Uncomment this to enable any form of FTP write command. # #write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. # dirmessage_enable=YES # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. # #nopriv_user=ftpsecure ### nopriv_user=ftp ### # # You may fully customise the login banner string: # #ftpd_banner="Welcome to FOOBAR FTP service." ### ftpd_banner="Bienvenido al servicio FTP" ### # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. # #ls_recurse_enable=YES # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. # #deny_email_enable=YES # # (default follows) # #banned_email_file=/etc/vsftpd.banned_emails # # If enabled, all user and group information in # directory listings will be displayed as "ftp". # #hide_ids=YES # Local FTP user Settings # # Uncomment this to allow local users to log in. # #local_enable=YES ### local_enable=YES ### # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) # #local_umask=022 ### local_umask=022 ### # # Uncomment to put local users in a chroot() jail in their home directory # after login. # #chroot_local_user=YES ### chroot_local_user=YES ### # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). # #chroot_list_enable=YES # # (default follows) # #chroot_list_file=/etc/vsftpd.chroot_list # # The maximum data transfer rate permitted, in bytes per second, for # local authenticated users. The default is 0 (unlimited). # #local_max_rate=7200 # Anonymus FTP user Settings # # Allow anonymous FTP? # anonymous_enable=YES # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. # #anon_upload_enable=YES # # Default umask for anonymus users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) # #anon_umask=022 # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. # #anon_mkdir_write_enable=YES # # Uncomment this to enable anonymus FTP users to perform other write operations # like deletion and renaming. # #anon_other_write_enable=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! # #chown_uploads=YES #chown_username=whoever # # The maximum data transfer rate permitted, in bytes per second, for anonymous # authenticated users. The default is 0 (unlimited). # #anon_max_rate=7200 # Log Settings # # Activate logging of uploads/downloads. # xferlog_enable=YES # # You may override where the log file goes if you like. The default is shown # below. # #xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format # #xferlog_std_format=YES # # Uncomment this to log all FTP requests and responses. This only works if # xferlog_std_format is not enabled. Beware, it will create a huge amount of data # in your logfile. # #log_ftp_protocol=YES # # Uncomment this to enable session status information in the system process listing. # #setproctitle_enable=YES # Transfer Settings # # Make sure PORT transfer connections originate from port 20 (ftp-data). # connect_from_port_20=YES # # You may change the default value for timing out an idle session. # #idle_session_timeout=600 ### idle_session_timeout=300 ### # # You may change the default value for timing out a data connection. # #data_connection_timeout=120 # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. # #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that turning on ascii_download_enable enables malicious remote parties # to consume your I/O resources, by issuing the command "SIZE /big/file" in # ASCII mode. # These ASCII options are split into upload and download because you may wish # to enable ASCII uploads (to prevent uploaded scripts etc. from breaking), # without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be # on the client anyway.. # #ascii_upload_enable=YES #ascii_download_enable=YES # # Set to NO if you want to disallow the PASV method of obtaining a data # connection. # #pasv_enable=NO # PAM setting. Do NOT change this unless you know what you do! # pam_service_name=vsftpd # Set listen=YES if you want vsftpd to run standalone # # listen=YES --- Tras ello editamos el /etc/xinetd.conf para que se lanze el servicio (con YaST-Servicios_de_Red-Servicios_de_red_(inetd) elegimos activar activamos la linea correspondiente a vsftpd y ya está. Para ver que el servicio está levantado podemos hacer: --- jupiter:/etc # netstat -nl | grep 21 tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN unix 2 [ ACC ] STREAM LISTENING 2130 /var/run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 6621 /tmp/.X11-unix/X0 jupiter:/etc # --- efectivamente nuestro servidor está escuchando por el puerto 21. Como en /etc/vsftpd.conf hemos elegido el usuario ftp como propietario del "demonio", la raiz del servidor ftp la tendremos en: /srv/ftp Ya tenemos el servidor ftp para acceso anónimo y de usuarios locales Script para bajarse las actualizaciones de SuSE ================================================ Nos creamos (en /home/admin/util por ejemplo) el archivo "mirror_update_9.0.sh" con permisos 744 El contenido del archivo anterior, para bajarse el soft de la versión 9.0 es: --- cd /srv/ftp/pub wget -m ftp://ftp.gwdg.de/pub/linux/suse/ftp.suse.com/suse/i386/update/9.0 --- Esto nos dejará las actualizaciones de SuSE 9.0 en /srv/ftp/pub/ftp.gwdg.de/pub/linux/suse/ftp.suse.com/suse/i386/update/9.0 Podemos modificar el /etc/crontab para bajarnos las actualizaciones todas las semanas. Bastaría añadir la siguiente línea: --- 30 6 * * 4 root /home/admin/util/mirror_update_9.0.sh --- para hacerlos todos los jueves a las 6:30 Para facilitar el acceso a las actualizaciones en nuestro servidor ftp podemos crear el siguiente enlace: --- jupiter:/home/admin # cd /srv/ftp/pub/ jupiter:/srv/ftp/pub # mkdir dist jupiter:/srv/ftp/pub # cd dist jupiter:/srv/ftp/pub/dist # ln -s ../ftp.gwdg.de/pub/linux/suse/ftp.suse.com/suse suse jupiter:/srv/ftp/pub/dist # ls . .. suse jupiter:/srv/ftp/pub/dist # --- De esta forma para que cualquiera pueda bajarse las actualizaciones de SuSE desde nuestro servidor, ha de hacer las siguientes modificaciones en su sistema: editar el archivo /etc/youservers añadiendo nuestro servidor. Por ejemplo: --- jupiter:/etc # cat youservers # This file is read by the YaST Online Update (YOU) to build the list of servers # used for getting updates. It may contain URLs to the base directories where # an update tree is located. # # This file is not overwritten with the list from the master server as it was # the case with /etc/suseservers in previous YOU versions. /etc/suseservers is # obsolete. # # Examples: # #ftp://ftp.suse.com/pub/suse #cd:/// #dir:///var/lib/YaST2/you/mnt ftp://jupiter.midominio/pub/dist/suse --- Por otro lado en el archivo /etc/sysconfig/onlineupdate cambiamos la línea YAST2_LOADFTPSERVER="yes" por YAST2_LOADFTPSERVER="no" A partir de ahí ya podemos utilizar muestro servidor para obtener las actualizaciones del sistema (hemos de ejecutar SuSEconfig para que estos cambios surjan efecto).