기본 FTP서버대몬을 이용하여 anonymous FTP 만들기
2010.05.12 02:37
원문 : http://www.ischo.net -- 조인상 // 시스템 엔지니어
Writer : http://www.ischo.net -- ischo // System Engineer in Replubic Of Korea
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
본문 : http://www.ischo.net -- 조인상 //시스템 엔지니어
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
1. /etc/passwd 화일과 /etc/shadow 화일에 아래와 같이 ftp user에 대하여 정의한다.
/etc/passwd file:
ftp:x:30000:30000:Anonymous FTP:/export/ftp:/nosuchshell
/etc/shadow file:
ftp:NP:6445::::::
2. 아래의 shell script를 실행한다.
#!/bin/sh
# script to setup anonymous ftp area
#
# verify you are root
/usr/bin/id | grep -w 'uid=0' >/dev/null 2>&1
if [ "$?" != "0" ]; then
echo
exit 1
fi
# handle the optional command line argument
case $# in
# the default location for the anon ftp comes from the passwd file
0) ftphome="`getent passwd ftp | cut -d: -f6`"
;;
1) if [ "$1" = "start" ]; then
ftphome="`getent passwd ftp | cut -d: -f6`"
else
ftphome=$1
fi
;;
*) echo "Usage: $0 [anon-ftp-root]"
exit 1
;;
esac
if [ -z "${ftphome}" ]; then
echo "$0: ftphome must be non-null"
exit 2
fi
case ${ftphome} in
/*) # ok
;;
*) echo "$0: ftphome must be an absolute pathname"
exit 1
;;
esac
# This script assumes that ftphome is neither / nor /usr so ...
if [ -z "${ftphome}" -o "${ftphome}" = "/" -o "${ftphome}" = "/usr" ]; then
echo "$0: ftphome must be non-null and neither / or /usr"
exit 2
fi
# If ftphome does not exist but parent does, create ftphome
if [ ! -d ${ftphome} ]; then
# lack of -p below is intentional
mkdir ${ftphome}
fi
chown root ${ftphome}
chmod 555 ${ftphome}
echo Setting up anonymous ftp area ${ftphome}
# Ensure that the /usr directory exists
if [ ! -d ${ftphome}/usr ]; then
mkdir -p ${ftphome}/usr
fi
# Now set the ownership and modes to match the man page
chown root ${ftphome}/usr
chmod 555 ${ftphome}/usr
# Ensure that the /usr/bin directory exists
if [ ! -d ${ftphome}/usr/bin ]; then
mkdir -p ${ftphome}/usr/bin
fi
# Now set the ownership and modes to match the man page
chown root ${ftphome}/usr/bin
chmod 555 ${ftphome}/usr/bin
# this may not be the right thing to do
# but we need the bin -> usr/bin link
rm -f ${ftphome}/bin
ln -s usr/bin ${ftphome}/bin
# Ensure that the /usr/lib and /etc directories exist
if [ ! -d ${ftphome}/usr/lib ]; then
mkdir -p ${ftphome}/usr/lib
fi
chown root ${ftphome}/usr/lib
chmod 555 ${ftphome}/usr/lib
if [ ! -d ${ftphome}/etc ]; then
mkdir -p ${ftphome}/etc
fi
chown root ${ftphome}/etc
chmod 555 ${ftphome}/etc
# a list of all the commands that should be copied to ${ftphome}/usr/bin
# /usr/bin/ls is needed at a minimum.
ftpcmd="
/usr/bin/ls
"
# ${ftphome}/usr/lib needs to have all the libraries needed by the above
# commands, plus the runtime linker, and some name service libraries
# to resolve names. We just take all of them here.
ftplib="`ldd $ftpcmd | nawk '$3 ~ /lib/ { print $3 }' | sort | uniq`"
ftplib="$ftplib /usr/lib/nss_* /usr/lib/straddr* /usr/lib/libmp.so*"
ftplib="$ftplib /usr/lib/libnsl.so.1 /usr/lib/libsocket.so.1 /usr/lib/ld.so.1"
ftplib="`echo $ftplib | tr ' ' '0 | sort | uniq`"
cp ${ftplib} ${ftphome}/usr/lib
chmod 555 ${ftphome}/usr/lib/*
cp ${ftpcmd} ${ftphome}/usr/bin
chmod 111 ${ftphome}/usr/bin/*
# you also might want to have separate minimal versions of passwd and group
cp /etc/passwd /etc/group /etc/netconfig ${ftphome}/etc
chmod 444 ${ftphome}/etc/*
# need /etc/default/init for timezone to be correct
if [ ! -d ${ftphome}/etc/default ]; then
mkdir ${ftphome}/etc/default
fi
chown root ${ftphome}/etc/default
chmod 555 ${ftphome}/etc/default
cp /etc/default/init ${ftphome}/etc/default
chmod 444 ${ftphome}/etc/default/init
# Copy timezone database
mkdir -p ${ftphome}/usr/share/lib/zoneinfo
(cd ${ftphome}/usr/share/lib/zoneinfo
(cd /usr/share/lib/zoneinfo; find . -print | cpio -o) 2>/dev/null | cpio -imdu 2>/dev/null
find . -print | xargs chmod 555
find . -print | xargs chown root
)
# Ensure that the /dev directory exists
if [ ! -d ${ftphome}/dev ]; then
mkdir -p ${ftphome}/dev
fi
# make device nodes. ticotsord and udp are necessary for
# 'ls' to resolve NIS names.
for device in zero tcp udp ticotsord ticlts
do
line=`ls -lL /dev/${device} | sed -e 's/,//'`
major=`echo $line | awk '{print $5}'`
minor=`echo $line | awk '{print $6}'`
rm -f ${ftphome}/dev/${device}
mknod ${ftphome}/dev/${device} c ${major} ${minor}
done
chmod 666 ${ftphome}/dev/*
## Now set the ownership and modes
chown root ${ftphome}/dev
chmod 555 ${ftphome}/dev
# uncomment the below if you want a place for people to store things,
# but beware the security implications
#if [ ! -d ${ftphome}/pub ]; then
# mkdir -p ${ftphome}/pub
#fi
#chown ftp ${ftphome}/pub
#chmod 1777 ${ftphome}/pub
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
1. /etc/passwd 화일과 /etc/shadow 화일에 아래와 같이 ftp user에 대하여 정의한다.
/etc/passwd file:
ftp:x:30000:30000:Anonymous FTP:/export/ftp:/nosuchshell
/etc/shadow file:
ftp:NP:6445::::::
2. 아래의 shell script를 실행한다.
#!/bin/sh
# script to setup anonymous ftp area
#
# verify you are root
/usr/bin/id | grep -w 'uid=0' >/dev/null 2>&1
if [ "$?" != "0" ]; then
echo
exit 1
fi
# handle the optional command line argument
case $# in
# the default location for the anon ftp comes from the passwd file
0) ftphome="`getent passwd ftp | cut -d: -f6`"
;;
1) if [ "$1" = "start" ]; then
ftphome="`getent passwd ftp | cut -d: -f6`"
else
ftphome=$1
fi
;;
*) echo "Usage: $0 [anon-ftp-root]"
exit 1
;;
esac
if [ -z "${ftphome}" ]; then
echo "$0: ftphome must be non-null"
exit 2
fi
case ${ftphome} in
/*) # ok
;;
*) echo "$0: ftphome must be an absolute pathname"
exit 1
;;
esac
# This script assumes that ftphome is neither / nor /usr so ...
if [ -z "${ftphome}" -o "${ftphome}" = "/" -o "${ftphome}" = "/usr" ]; then
echo "$0: ftphome must be non-null and neither / or /usr"
exit 2
fi
# If ftphome does not exist but parent does, create ftphome
if [ ! -d ${ftphome} ]; then
# lack of -p below is intentional
mkdir ${ftphome}
fi
chown root ${ftphome}
chmod 555 ${ftphome}
echo Setting up anonymous ftp area ${ftphome}
# Ensure that the /usr directory exists
if [ ! -d ${ftphome}/usr ]; then
mkdir -p ${ftphome}/usr
fi
# Now set the ownership and modes to match the man page
chown root ${ftphome}/usr
chmod 555 ${ftphome}/usr
# Ensure that the /usr/bin directory exists
if [ ! -d ${ftphome}/usr/bin ]; then
mkdir -p ${ftphome}/usr/bin
fi
# Now set the ownership and modes to match the man page
chown root ${ftphome}/usr/bin
chmod 555 ${ftphome}/usr/bin
# this may not be the right thing to do
# but we need the bin -> usr/bin link
rm -f ${ftphome}/bin
ln -s usr/bin ${ftphome}/bin
# Ensure that the /usr/lib and /etc directories exist
if [ ! -d ${ftphome}/usr/lib ]; then
mkdir -p ${ftphome}/usr/lib
fi
chown root ${ftphome}/usr/lib
chmod 555 ${ftphome}/usr/lib
if [ ! -d ${ftphome}/etc ]; then
mkdir -p ${ftphome}/etc
fi
chown root ${ftphome}/etc
chmod 555 ${ftphome}/etc
# a list of all the commands that should be copied to ${ftphome}/usr/bin
# /usr/bin/ls is needed at a minimum.
ftpcmd="
/usr/bin/ls
"
# ${ftphome}/usr/lib needs to have all the libraries needed by the above
# commands, plus the runtime linker, and some name service libraries
# to resolve names. We just take all of them here.
ftplib="`ldd $ftpcmd | nawk '$3 ~ /lib/ { print $3 }' | sort | uniq`"
ftplib="$ftplib /usr/lib/nss_* /usr/lib/straddr* /usr/lib/libmp.so*"
ftplib="$ftplib /usr/lib/libnsl.so.1 /usr/lib/libsocket.so.1 /usr/lib/ld.so.1"
ftplib="`echo $ftplib | tr ' ' '0 | sort | uniq`"
cp ${ftplib} ${ftphome}/usr/lib
chmod 555 ${ftphome}/usr/lib/*
cp ${ftpcmd} ${ftphome}/usr/bin
chmod 111 ${ftphome}/usr/bin/*
# you also might want to have separate minimal versions of passwd and group
cp /etc/passwd /etc/group /etc/netconfig ${ftphome}/etc
chmod 444 ${ftphome}/etc/*
# need /etc/default/init for timezone to be correct
if [ ! -d ${ftphome}/etc/default ]; then
mkdir ${ftphome}/etc/default
fi
chown root ${ftphome}/etc/default
chmod 555 ${ftphome}/etc/default
cp /etc/default/init ${ftphome}/etc/default
chmod 444 ${ftphome}/etc/default/init
# Copy timezone database
mkdir -p ${ftphome}/usr/share/lib/zoneinfo
(cd ${ftphome}/usr/share/lib/zoneinfo
(cd /usr/share/lib/zoneinfo; find . -print | cpio -o) 2>/dev/null | cpio -imdu 2>/dev/null
find . -print | xargs chmod 555
find . -print | xargs chown root
)
# Ensure that the /dev directory exists
if [ ! -d ${ftphome}/dev ]; then
mkdir -p ${ftphome}/dev
fi
# make device nodes. ticotsord and udp are necessary for
# 'ls' to resolve NIS names.
for device in zero tcp udp ticotsord ticlts
do
line=`ls -lL /dev/${device} | sed -e 's/,//'`
major=`echo $line | awk '{print $5}'`
minor=`echo $line | awk '{print $6}'`
rm -f ${ftphome}/dev/${device}
mknod ${ftphome}/dev/${device} c ${major} ${minor}
done
chmod 666 ${ftphome}/dev/*
## Now set the ownership and modes
chown root ${ftphome}/dev
chmod 555 ${ftphome}/dev
# uncomment the below if you want a place for people to store things,
# but beware the security implications
#if [ ! -d ${ftphome}/pub ]; then
# mkdir -p ${ftphome}/pub
#fi
#chown ftp ${ftphome}/pub
#chmod 1777 ${ftphome}/pub
댓글 0
번호 | 제목 | 글쓴이 | 날짜 | 조회 수 |
---|---|---|---|---|
공지 | [공지] 게시자료 열람자유. 불펌금지입니다. | 조인상 | 2010.12.07 | 20168 |
93 | SUN T5140/T5240 서비스 매뉴얼 | 조인상 | 2010.12.22 | 0 |
92 | 베리타스 볼륨매니저 관리용 GUI tool | 조인상 | 2010.08.17 | 2 |
91 | bind 유틸 설치 | 조인상 | 2010.05.12 | 5543 |
90 | Setting MPxIO in Solaris | ischo | 2017.07.31 | 5642 |
89 | 여러가지 백업방법에 대한 설명 | 조인상 | 2010.05.12 | 5768 |
88 | cron에 의해 자동으로 ftp를 하여 화일을 송/수신 하게 하려면? | 조인상 | 2010.05.12 | 5774 |
87 | sendmail multi que setting | 조인상 | 2010.05.12 | 5800 |
86 | CDE에서 한글이 안나올 경우 | 조인상 | 2010.05.12 | 5939 |
85 | SDS로 구성한 볼륨에 디스크 교체하려고 할때 | 조인상 | 2010.05.12 | 6067 |
84 | CDE화면으로 로그인이 안될때... | 조인상 | 2010.05.12 | 6074 |
83 | 솔라리스에서의 디스크 이름 | 조인상 | 2010.05.12 | 6113 |
82 | RACK 전원코드의 V(볼트)내역 | 조인상 | 2010.05.12 | 6253 |
81 | SPARC 10의 / 파일시스템 용량제한 | 조인상 | 2010.05.12 | 6262 |
80 | vi편집기 이용하여 텍스트 암호화하기 | 조인상 | 2010.05.12 | 6328 |
79 | sendmail relay test site | 조인상 | 2010.05.12 | 6340 |
78 | 패치 오류 (error code) | 조인상 | 2010.05.12 | 6365 |
77 | 디스크에 Boot Block 만들기 | 조인상 | 2010.05.12 | 6377 |
76 | SUN 장비 CPU on/offline 확인하고 고치기. | 조인상 | 2010.05.12 | 6387 |
75 | cpio를 이용하여 증분백업하기 | 조인상 | 2010.05.12 | 6428 |
74 | Sun Performance And Tuning - Sparc & Solaris | 조인상 | 2010.05.12 | 6500 |