Tag Archives: vsftp

Using mount with bind to access usb drive via vsFTP

Info Links, Linux, Raspberry Pi, Raspberry Pi Server, Server, , , , , ,

I have a USB stick plugged into my Raspberry Pi for external storage, mostly to put music on for the Sockso Music Server to get at. But I wanted to use it a bit more for generic storage. FTP is great, you can get to it from any machine and the command line for it is the same on Win or Linux. So I can walk up to any machine, not have to install a thing and reach into a folder with FTP.

For instance, I have an infected Windows Machine, I don’t dare stick a USB stick in it. Instead I go to the command line, ftp to the Raspberry Pi and grab the tools I need from there.

The Issue

The issue was that I tried to symlink from the ftp directory to the USB drive. vsFTP will not follow symlinks for security reasons.

The Solution

Mount the directory you want under the FTP directory using bind. /media/sda is the USB stick mount point and the whole thing gets mounted under the FTP dir using…

sudo mount --bind /media/sda/ /home/ftpuser/usb-drive/

Resources

FTP on Raspberry Pi. An easy way to make shared folders

Alternatives to FTP

https://radu.cotescu.com/vsftpd-and-symbolic-links/

FTP on Raspberry Pi. An easy way to make shared folders

Linux, Raspberry Pi, Raspberry Pi Server, Server, , , , , , , , ,

The idea with FTP is to have folders that can be reachable between Linux and Windows, locally and remotely and easily. FTP is not secure, but it can be made secure, that info can be found on the web. For now I am covering the basics of FTP here.

For most things that I need to do, I don’t need the files to be secure anyways, 90% of the time nothing critical is going back and forth across remotely. If it is I would use a secure method of sending files via SSH via SFTP or an SSHFS.

FTP is an old protocol but it just plain works and is compatible with Windows, Linux and Mac. I have tried WebDAV in the past but it is compatible to only a degree with various Windows operating systems. I have had a hard time getting it working correctly on versions of Windows beyond XP, resorting in installing patches to Windows and etc. Generally not easy to implement.

I was also looking at FTP as a native tool typical of server installs. I have experimented with cloud setups such as OwnCloud and Sparkleshare, but with FTP I was looking for something simple and quick to setup, no special software, no mySQL databases running on the Raspberry Pi, no special software on client PCs, that sort of thing.

vsFTP

sudo apt-get install vsftpd

Edit the configuration file

Back it up first then do an edit.

sudo cp /etc/vsftpd.conf /etc/vsftpd.orig
sudo nano /etc/vsftpd.conf

uncomment local_enable = YES

uncomment write_enable = YES

Find this and check that it is set this way…

local_umask=022

Enabling PASV

I have read online that enabling the PASV capability for FTP is a good idea. Frequently when I have FTP’d to various ISP’s sites I have seen them operate in PASV mode. So it stands to reason that if the pro’s are have it set up that way it may have it’s advantages.

Add the following lines to the /etc/vsftp.conf file.

pasv_enable= Yes
pasv_min_port=40000
pasv_max_port=40100

There is nothing magic about the numbers of the port range other than they should be unused by anything else that your setup might require and generally I have seen high numbers used commonly. To work out side of your local network you must enable port forwarding of the range of port numbers through your router configuration.

Changes to vsFTP

With the newer versions of vsFTP there is a change that has occurred since I wrote my previous post about vsFTP (  http://oils-of-life.com/blog/linux/server/additional-utilities-for-a-linux-server/ )

The change has to do with the fact that the root directory of the user has to be non-writable and I have read online that it is best to make it owned by root as well. This is covered below, after the section on adding a user. You need to have a user first before modifying their permissions!

FTP User

To create an FTP user, create it in a way that it does not have a login shell. So that someone who can log in to the FTP account can’t execute shell commands. The line /sbin/nologin may not be in the /etc/shell file and in that case it needs to be added in there. The user basically has to be jailed in their directory and has to have no login shell.

sudo useradd -m -s /sbin/nologin -d /home/user user

I added Documents, public_html directories to the /home/user as well. Then made the users root folder /home/user, owned by root and nonwritable.

cd /home/user
chown user:user Documents
chown user:user public_html

chown root:root /home/user
Make Root of user non writable
sudo chmod a-w /home/user

FTPing on the PC

Now that ftp is set up on the server you will want to be able to connect to it!

Options for connecting…

Command Line, WIndows and Linux

ftp yoursite.com

That gets you into FTP via the command line. The command prompt will now start with ftp> ,that is how you know that you are within the ftp command shell.

It is archaic, but worth knowing when you have to stick a file up or pull it down right at the command line. The commands the ftp prompt accepts are basic, but good enough to get most work done. Type help at the prompt to get a list of commands.

Via Folders

Linux

Just enter the location of the ftp server right into the top of the directory folder and you will be prompted for a password and taken there.

Windows
Windows7/Vista:
  1. Open Computer by clicking the “Start” button, and then clicking Computer.
  2. Right-click anywhere in the folder, and then click Add a Network Location.
  3. In the wizard, select Choose a custom network location, and then click Next.
  4. To use a name and password, clear the Log on anonymously check box.

From: https://www.google.com/search?q=connect+to+ftp+windows+7&ie=utf-8&oe=utf-8

 

 

Additional utilities for a Linux Server

Server, , , , , ,

vsftp

Sometimes it is nice to have an ftp server, you might have Samba and ownCloud, but sometimes you really need ftp to do something. It is the right tool at the right time and I can’t imagine running a server without FTP installed.

sudo apt-get install vsftpd
Edit the configuration file

Back it up first then do an edit

sudo cp /etc/vsftpd.conf /etc/vsftpd.orig
sudo nano /etc/vsftpd.conf

uncomment local_enable = YES

uncomment write_enable = YES

In this manner you will be able to read and write to your home directory. With SSH and FTP you can do just about anything remotely to your server. You can ( put ) FTP a file up to your home and move it anywhere and in the opposite direction also ( get ).

For example I downloaded the zip file for the OwnCloud Music App on a Windows computer, then FTP’d it the Linux server into my home directory and moved and unzipped it in the proper directory using SSH. Zip/unzip is not loaded by default with the Ubuntu Server disc, to get it see below.

This is powerful and with that power comes danger. You don’t want anyone to be able to SSH and FTP in, so be careful when opening these ports. I get “hits” on port 22 for SSH a lot, I don’t even open port 21 for FTP outside of my LAN. When I mean hits, I mean I can see IP addresses come in on my routers log that are from outside the US, by looking them up, or browsing to them. Sometimes using a ping command to the IP a return will come from another IP. These cyber-criminals try to get in on open ports.

vsftp website…

https://security.appspot.com/vsftpd.html

Zip/unzip is not loaded by default with the Ubuntu Server disc

Zipping and unzipping files from the CLI is an important thing to be able to do.To get it…

sudo apt-get install zip unzip

More info on how to use it….

http://askubuntu.com/questions/86849/how-to-unzip-a-zip-file-from-the-terminal

 

dos2unix

Editing shell or config files on a Windows machine, presents you with the CR-LF and LF issue, for Win and UNIX respectively. Scripts won’t run, problems happen with config files when they are not in the right format. Frequently I encounter this when I coy and paste some code from the Web into eMacs or Notepad, then save it on the Linux server. Then I need to execute dos2unix on it to make it run right.

UNIX and DOS endlines

I had a brain dead moment where I forgot about the entire UNIX and DOS endline thing when I was working on getting the server to auto shutdown.
So when I grabbed the autosuspend script with copy and paste and I brought it into eMacs in Windows, saved it to my /files/public folder on the server and tried to execute it. Lots of $’\r’: command not found.

The solution is to use dos2unix to convert the endlines, if you don’t have it, just do…

sudo apt-get install dos2unix

Then do dos2unix filename and it will modify it in place. Which is good but beware of this default behavior. It does have other options, which can be explored using dos2unix –help.

It’s one and only job is to remove CR-LF (Carriage Return-Line Feed )and just leaving LF ( Line Feed ) as UNIX/Linux wants it to be. If a file acts screwy when brought in from Windows it is most likely this issue. I even had to do it on the autosuspend.conf file!

You can always check a file with the command

cat -e filename

BAD example…

#!/bin/bash^M$
 ^M$
 # Source the configuration file^M$
 . /etc/autosuspend.conf^M$
 ^M$

GOOD example….

#!/bin/bash$
 # Source the configuration file$
 . /etc/autosuspend.conf$
 $

The caret M$ is DOS, $ is UNIX.

Emails using ssmtp

It is great that CRON and other applications send an email to the root on a Linux server, which can be read simply by using mailx from the CLI. But, what if you are not logging into the machine very often at all. Using ssmtp might work well for those situations. Even my Netgear N150 router has something similar as far as sending email. On the router, you input email account settings on it and will email you the log file and other information you would like at regular intervals. Ssmtp may be of interest to me with regards to the server at some point and I have noted it for reference.

It would be interesting and a great idea to have the server be able to send emails of certain things, issues it may be encountering.

This looks interesting, I might do this at some point….

How to send email alerts from Ubuntu Server using ssmtp