Highlighted
Absent Member.
Absent Member.
4204 views

Pure-FTP setup and NSS volumes

We'd like to user Pure-FTP and was wondering where you create the users. All FTP accounts will be for people outside the company, so no eDir integration is needed.

We'd also like to store the FTP site/files on an NSS volume. Is possible?
Labels (2)
0 Likes
8 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: Pure-FTP setup and NSS volumes

bertbrand;1925652 wrote:
We'd like to user Pure-FTP and was wondering where you create the users. All FTP accounts will be for people outside the company, so no eDir integration is needed.

We'd also like to store the FTP site/files on an NSS volume. Is possible?

I did just that about six months ago. I found these documents helpful.
Cool Solutions: Installing Pure-FTPd on SLES 10
LUM-enabling pure-ftpd: Quick and Easy
Setting a Common Root Directory for FTP Users using Pure-FTPd | Novell User Communities
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Pure-FTP setup and NSS volumes

KBOYLE wrote:
> bertbrand;1925652 Wrote:
>> We'd like to user Pure-FTP and was wondering where you create the users.
>> All FTP accounts will be for people outside the company, so no eDir
>> integration is needed.
>>
>> We'd also like to store the FTP site/files on an NSS volume. Is
>> possible?

> I did just that about six months ago. I found these documents helpful.
> 'Cool Solutions: Installing Pure-FTPd on SLES 10'
> (http://www.novell.com/coolsolutions/feature/18281.html)
> 'LUM-enabling pure-ftpd: Quick and Easy'
> (http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=3503915&sliceId=1&docTypeID=DT_TID_1_1&dialogID=42441683&stateId=0%200%2042443404)
> 'Setting a Common Root Directory for FTP Users using Pure-FTPd | Novell
> User Communities'
> (http://www.novell.com/communities/node/4744/setting-a-common-root-directory-ftp-users-using-pure-ftpd)
>
>

My opinion.

All possible if you mount your NSS volume as a NFS mount and use
traditional Linux rights.

I would setup 2 instances of pureftp in your scenario.

1: for eDir users only.
2: the other for Linux.

Of course this scenario requires the utmost security, lockdown your NFS
export and pureftp wisely.
Also you have to consider file case and how you export the NSS volume
for performance.

I would just go with eDir accounts and NSS if I were you and take
advantage of the rich file rights and eDir security.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Pure-FTP setup and NSS volumes

Thanks for the links. I've referred to and looked over, but still have issues.

here's how I created Linux ftp user:

useradd -g ftpgroup -s /usr/bin/false -d /media/nss/VOL1/FTP/ ftpuser

This is because I want all pure-ftp virtual users to have their own sub-dir under FTP.

I did a chown for ftpuser:ftpgroup on /media/nss/VOL1/FTP

here's how I created pure-ftp user:

pure-pw useradd testftp -u ftpuser -d /media/nss/VOL1/FTP/testftp

if I do pure-pw list or show, it shows what I want for home dir - /media/nss/VOL1/FTP/testftp. also has ftpuser and ftpgroup in show as well.

So when I try to access via FTP client, I get placed in '/' and permission denied when I try to change to /media/nss/VOL1/FTP/testftp.

I have a feeling something is not right with the ftpuser/ftpgroup rights.

any ideas?

thanks again

KBOYLE;1925707 wrote:
I did just that about six months ago. I found these documents helpful.
Cool Solutions: Installing Pure-FTPd on SLES 10
LUM-enabling pure-ftpd: Quick and Easy
Setting a Common Root Directory for FTP Users using Pure-FTPd | Novell User Communities
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Pure-FTP setup and NSS volumes

UPDATE

when I do 'ls -l' on FTP folder, it shows nobody and root as the owners. doing the chown seems to do nothing on NSS vol/dir. if I create a dummy folder in /root and chown to ftpuser:ftpgroup, it shows correctly.

so.... how do I chown on NSS vol?

thanks

bertbrand;1927152 wrote:
Thanks for the links. I've referred to and looked over, but still have issues.

here's how I created Linux ftp user:

useradd -g ftpgroup -s /usr/bin/false -d /media/nss/VOL1/FTP/ ftpuser

This is because I want all pure-ftp virtual users to have their own sub-dir under FTP.

I did a chown for ftpuser:ftpgroup on /media/nss/VOL1/FTP

here's how I created pure-ftp user:

pure-pw useradd testftp -u ftpuser -d /media/nss/VOL1/FTP/testftp

if I do pure-pw list or show, it shows what I want for home dir - /media/nss/VOL1/FTP/testftp. also has ftpuser and ftpgroup in show as well.

So when I try to access via FTP client, I get placed in '/' and permission denied when I try to change to /media/nss/VOL1/FTP/testftp.

I have a feeling something is not right with the ftpuser/ftpgroup rights.

any ideas?

thanks again
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Pure-FTP setup and NSS volumes

bertbrand schrieb:
> UPDATE
>
> when I do 'ls -l' on FTP folder, it shows nobody and root as the
> owners. doing the chown seems to do nothing on NSS vol/dir. if I
> create a dummy folder in /root and chown to ftpuser:ftpgroup, it shows
> correctly.
>
> so.... how do I chown on NSS vol?
>
> thanks
>
> bertbrand;1927152 Wrote:
>> Thanks for the links. I've referred to and looked over, but still have
>> issues.
>>
>> here's how I created Linux ftp user:
>>
>> useradd -g ftpgroup -s /usr/bin/false -d /media/nss/VOL1/FTP/ ftpuser
>>
>> This is because I want all pure-ftp virtual users to have their own
>> sub-dir under FTP.
>>
>> I did a chown for ftpuser:ftpgroup on /media/nss/VOL1/FTP
>>
>> here's how I created pure-ftp user:
>>
>> pure-pw useradd testftp -u ftpuser -d /media/nss/VOL1/FTP/testftp
>>
>> if I do pure-pw list or show, it shows what I want for home dir -
>> /media/nss/VOL1/FTP/testftp. also has ftpuser and ftpgroup in show as
>> well.
>>
>> So when I try to access via FTP client, I get placed in '/' and
>> permission denied when I try to change to /media/nss/VOL1/FTP/testftp.
>>
>> I have a feeling something is not right with the ftpuser/ftpgroup
>> rights.
>>
>> any ideas?


TID: 3503915
Dos this help?

I thing you have to create User "ftpuser" and Group "ftpgroup" in
Edirectory and LUM enable it.

Check if the are visible at Linux.

Examble:

namuserlist -x o=<Your org>
namgrouplist -x o=<Your org>


Then you can use tratitional Novell Tools (Novell Client) to change
permissions to this User/Group Combo.

Or you use the "rigths" command at Linux Console.

Example: rights -f /media/nss/VOL1/FTP/testftp -r rwfc trustee
ftpuser.engineer.acme_tree

Hope it helps
Thomas
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Pure-FTP setup and NSS volumes

thanks

I think this will help quite a bit. I was thinking that LUM enabling had something to do with it, but Novell tech said it's for eDir access to Linux stuff - not the other way around.

I'll try again tonight....

Thomas Reiß;1927236 wrote:
bertbrand schrieb:
> UPDATE
>
> when I do 'ls -l' on FTP folder, it shows nobody and root as the
> owners. doing the chown seems to do nothing on NSS vol/dir. if I
> create a dummy folder in /root and chown to ftpuser:ftpgroup, it shows
> correctly.
>
> so.... how do I chown on NSS vol?
>
> thanks
>
> bertbrand;1927152 Wrote:
>> Thanks for the links. I've referred to and looked over, but still have
>> issues.
>>
>> here's how I created Linux ftp user:
>>
>> useradd -g ftpgroup -s /usr/bin/false -d /media/nss/VOL1/FTP/ ftpuser
>>
>> This is because I want all pure-ftp virtual users to have their own
>> sub-dir under FTP.
>>
>> I did a chown for ftpuser:ftpgroup on /media/nss/VOL1/FTP
>>
>> here's how I created pure-ftp user:
>>
>> pure-pw useradd testftp -u ftpuser -d /media/nss/VOL1/FTP/testftp
>>
>> if I do pure-pw list or show, it shows what I want for home dir -
>> /media/nss/VOL1/FTP/testftp. also has ftpuser and ftpgroup in show as
>> well.
>>
>> So when I try to access via FTP client, I get placed in '/' and
>> permission denied when I try to change to /media/nss/VOL1/FTP/testftp.
>>
>> I have a feeling something is not right with the ftpuser/ftpgroup
>> rights.
>>
>> any ideas?


TID: 3503915
Dos this help?

I thing you have to create User "ftpuser" and Group "ftpgroup" in
Edirectory and LUM enable it.

Check if the are visible at Linux.

Examble:

namuserlist -x o=<Your org>
namgrouplist -x o=<Your org>


Then you can use tratitional Novell Tools (Novell Client) to change
permissions to this User/Group Combo.

Or you use the "rigths" command at Linux Console.

Example: rights -f /media/nss/VOL1/FTP/testftp -r rwfc trustee
ftpuser.engineer.acme_tree

Hope it helps
Thomas
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Pure-FTP setup and NSS volumes

Some items which may already be starting to become clear, but I'll cover just in case:

- You cannot access a NSS volume with a non-edir user (except root). So if you want users who are external to your company to access a NSS file system, you still have to create users for them in eDir and lum-enable those users. And give them trustee rights.

- It was suggested that "All [is] possible if you mount your NSS volume as a NFS mount and use traditional Linux rights." That is not correct. An NSS volume which is then shared / mounted through NFS still will control access via Novell trustee rights, not through traditional linux rights. Plus user IDs still have to be lum-enabled. You will see permissions in an ls -l listing of an NSS volume, but those are dummy values. They are not in control of access.

- Plus there are some ways (somewhat cosmetic, but still show-stoppers for some people) in which NFS and NSS don't play together too well, because they have very different designs. If you plan an implementation of NSS volumes shared via NFS, spend time testing your real world usage needs before you bet the farm on it.

- If someone really needs (1) some users to have access through traditional linux permissions, AND (2) some users to have access through Novell trustee rights, then you should take a NORMAL linux file system like ext3 and share it through NCP. That way, NCP clients would use trustee rights, but traditional linux processes like FTP would use traditional linux permissions.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Pure-FTP setup and NSS volumes

FIXED

Actually easy to set up. But because LUM was goofed up, I had a tough time getting it going.

Basically -

- LUM-enable the 'ftpuser' that pure-FTP will use for virtual connections. This is where I had issues. Once I pointed the Preferred LDAP server to this OES box, I was in business. This was the issue: Command "id <User_Name>" displays uid=0(root) gid=0(root) groups=0(root)

- get this TID (thanks Kevin) - Cool Solutions: Installing Pure-FTPd on SLES 10 .

- done

Cool part is via virtual pure-FTP users, you don't need to waste OES licenses (and $$$) setting up clients for FTP.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.