Official Linux questions thread

IndyDDR's online socialization center: general topics not related to specific coverage areas

Moderator: Moderators

User avatar
Merk
Lady Banned Son of Switzerland
Lady Banned Son of Switzerland
Posts: 8274
Joined: Wed Feb 02, 2005 9:33 am
Location: Bloomington / Ft. Wayne
Contact:

Re: Official Linux questions thread

Post by Merk » Wed Apr 13, 2011 9:01 am

You see one of my big hangups is Apache because I honestly don't know shit about it. Here is what I'm instructed to put in my httpd.conf:

Code: Select all

 Listen ip_of_the_rt.example.com:80
 <VirtualHost ip_of_the_rt.example.com:80>
    ServerName rt.example.com
    ServerAdmin Email.Address@example.com
 
 
    DocumentRoot /opt/rt3/share/html
 
    AddDefaultCharset UTF-8
    PerlRequire /opt/rt3/bin/webmux.pl
 
 
    <Directory /opt/rt3/share/html>
        Order allow,deny
        Allow from all
 
        SetHandler perl-script
        PerlResponseHandler RT::Mason
    </Directory>
 </VirtualHost>

I have no idea how virtual hosts work. I put in some random IP (ie 192.168.5.201:80) in place of the "ip_of_the_rt.example.com:80" in the above line of code. But when I go to that IP in the web browser I get your standard 404.
Image

User avatar
MonMotha
Site Code Monkey
Site Code Monkey
Posts: 2505
Joined: Sun Jan 23, 2005 9:18 pm

Re: Official Linux questions thread

Post by MonMotha » Wed Apr 13, 2011 10:47 am

Use "<VitualHost *:80>" to get this "virtual host" to listen on port 80 of any and all interfaces Apache is willing to listen on (restricted by the rest of httpd.conf and probably defaulting to "everything").

Then just remove the "ServerName" line. That is to set up a name based virtual host which won't work if you attempt to access it by IP address.
A normality test:
+++ATH
If you are no longer connected to the internet, you need to apply more wax to your modem: it'll make it go faster.
If you find this funny, you're a nerd.
If neither of the above apply, you are normal. Congratulations.

User avatar
Merk
Lady Banned Son of Switzerland
Lady Banned Son of Switzerland
Posts: 8274
Joined: Wed Feb 02, 2005 9:33 am
Location: Bloomington / Ft. Wayne
Contact:

Re: Official Linux questions thread

Post by Merk » Wed Apr 13, 2011 11:31 am

Welp! I got it working.

Hot damn!
Image

User avatar
Merk
Lady Banned Son of Switzerland
Lady Banned Son of Switzerland
Posts: 8274
Joined: Wed Feb 02, 2005 9:33 am
Location: Bloomington / Ft. Wayne
Contact:

Re: Official Linux questions thread

Post by Merk » Wed Mar 11, 2015 5:05 pm

I feel like a real idiot fucker for asking this but I need to set up an FTP server on CentOS 7 and I am having a real birch of a time getting this working the way I want it to.

I've installed "vsftpd" as per every Google hit for "linux ftp server" and am at the point where I can log in as "mmerkler" and look around my server. The problem that I am running into is that I can't actually upload anything to this server. I keep getting a "553 Could Not Create File." error when trying to upload something.

Now, you would think this would just be a simple permissions issue, but holy shit it is impossible to figure this out. Here is the output of "ls -al" for the directory I'm trying to upload to:

Code: Select all

[root@voice-jabber ftp]# ls -al
total 4
drwxrwxrwx.  3 mmerkler mmerkler   16 Mar 11 17:20 .
drwxr-xr-x. 23 root     root     4096 Mar 11 17:20 ..
drwxrwxrwx.  2 mmerkler mmerkler    6 Jun  9  2014 pub
Am I missing something? Shouldn't this be a balls easy thing to accomplish? Is there another FTP solution that isn't vsftpd that I can use? In Windows-land I have no problem setting up Filezilla but this Linux stuff is not my expertise.

Downloading files is not a problem, I just get cockblocked on uploads.
Image

User avatar
Amp Divorax
Heavy
Heavy
Posts: 2922
Joined: Wed Feb 02, 2005 3:34 pm
Location: Near some arcade place that has the same initials as Drum and Bass

Re: Official Linux questions thread

Post by Amp Divorax » Wed Mar 11, 2015 6:43 pm

Merk wrote:I feel like a real idiot fucker for asking this but I need to set up an FTP server on CentOS 7 and I am having a real birch of a time getting this working the way I want it to.

I've installed "vsftpd" as per every Google hit for "linux ftp server" and am at the point where I can log in as "mmerkler" and look around my server. The problem that I am running into is that I can't actually upload anything to this server. I keep getting a "553 Could Not Create File." error when trying to upload something.

Now, you would think this would just be a simple permissions issue, but holy shit it is impossible to figure this out. Here is the output of "ls -al" for the directory I'm trying to upload to:

Code: Select all

[root@voice-jabber ftp]# ls -al
total 4
drwxrwxrwx.  3 mmerkler mmerkler   16 Mar 11 17:20 .
drwxr-xr-x. 23 root     root     4096 Mar 11 17:20 ..
drwxrwxrwx.  2 mmerkler mmerkler    6 Jun  9  2014 pub
Am I missing something? Shouldn't this be a balls easy thing to accomplish? Is there another FTP solution that isn't vsftpd that I can use? In Windows-land I have no problem setting up Filezilla but this Linux stuff is not my expertise.

Downloading files is not a problem, I just get cockblocked on uploads.
Have you tried http://www.rackspace.com/knowledge_cent ... ing-vsftpd by any chance? Also, you may want to check those rights as they look way too lenient. (When I see 777 permissions, it tends to scare me!)
Memorable 2016 quotes:
Ho wrote:You can break arcade games and I will fix YOU!

User avatar
MonMotha
Site Code Monkey
Site Code Monkey
Posts: 2505
Joined: Sun Jan 23, 2005 9:18 pm

Re: Official Linux questions thread

Post by MonMotha » Wed Mar 11, 2015 10:30 pm

Most FTP servers these days default to a read-only configuration since FTP is so ridiculously insecure and is commonly only used for essentially anonymous file serving outside of crappy "shared web hosting" providers who insist on still using it for some reason. Check the docs for vsftpd to see if you need to change that.

And yes, your permissions appear ridiculously lenient. You should fix them. In fact, vsftpd may have other safety checks to prevent things from going bonkers since 0777 permissions are almost never correct (even /tmp has the sticky bit set).

I will assume there's a reason you can't use something, anything, more secure than plain ol' FTP here...
A normality test:
+++ATH
If you are no longer connected to the internet, you need to apply more wax to your modem: it'll make it go faster.
If you find this funny, you're a nerd.
If neither of the above apply, you are normal. Congratulations.

User avatar
Merk
Lady Banned Son of Switzerland
Lady Banned Son of Switzerland
Posts: 8274
Joined: Wed Feb 02, 2005 9:33 am
Location: Bloomington / Ft. Wayne
Contact:

Re: Official Linux questions thread

Post by Merk » Thu Mar 12, 2015 8:20 am

Welp, figured it out. I ran a "service vsftpd status" and got a "SELinux is preventing /usr/bin/vsftpd from write access on the directory" error and figured that SELinux was the source of the cockblock.

I had to run:

Code: Select all

setsebool -P ftpd_full_access 1
After doing so I was able to upload my shit without issue. This is all test shit and I've immediately shut down the vsftpd service, don't worry, none of this is going into production :)

I have no idea what SELinux is because I am a big dumb Windows babby.
Image

User avatar
MonMotha
Site Code Monkey
Site Code Monkey
Posts: 2505
Joined: Sun Jan 23, 2005 9:18 pm

Re: Official Linux questions thread

Post by MonMotha » Thu Mar 12, 2015 1:26 pm

SELinux is yet another security mechanism you have now completely defeated (at least for vsftpd). Please don't be surprised when this box gets compromised.
A normality test:
+++ATH
If you are no longer connected to the internet, you need to apply more wax to your modem: it'll make it go faster.
If you find this funny, you're a nerd.
If neither of the above apply, you are normal. Congratulations.

User avatar
Merk
Lady Banned Son of Switzerland
Lady Banned Son of Switzerland
Posts: 8274
Joined: Wed Feb 02, 2005 9:33 am
Location: Bloomington / Ft. Wayne
Contact:

Re: Official Linux questions thread

Post by Merk » Thu Mar 12, 2015 1:52 pm

What would have been the best way to set this up, then? What would have been the best command to get SELinux to not cockblock FTP uploads?
Image

User avatar
MonMotha
Site Code Monkey
Site Code Monkey
Posts: 2505
Joined: Sun Jan 23, 2005 9:18 pm

Re: Official Linux questions thread

Post by MonMotha » Thu Mar 12, 2015 4:13 pm

Well, I'd start by taking a step back and re-evaluating your need for conventional FTP, if possible. There are numerous other ways to move files between UNIX-ish systems, most of which run over SSH, that are literally infinitely more secure since the security of FTP is essentially zero. FTP is fine for unauthenticated/anonymous transfers of public data, but it's really obsolete in terms of user-specific access scenarios. If you really need to use FTP for some reason, consider a VPN or IPSec.

Failing that, accept that you're one sniffed session away from having the user account in question completely compromised. What you then want to do is adjust the SELinux permissions for vsftpd to give it the filesystem access you need (read/write as a user) without giving it "everything", which is probably about what you did, though I don't know all the details of Redhat's SELinux policies.

Also, check your basic filesystem permissions. 0777 is basically never correct. That means any user on the system can do anything in that directory. Thus, if your homedir has 0777 permissions (rwxrwxrwx), compromising a DIFFERENT user account (say via a sniffed or MITM'd FTP session) will also get your user account compromised in short order or, at the minimum, all your data snarfed up and possibly deleted/overwritten.
A normality test:
+++ATH
If you are no longer connected to the internet, you need to apply more wax to your modem: it'll make it go faster.
If you find this funny, you're a nerd.
If neither of the above apply, you are normal. Congratulations.

User avatar
Merk
Lady Banned Son of Switzerland
Lady Banned Son of Switzerland
Posts: 8274
Joined: Wed Feb 02, 2005 9:33 am
Location: Bloomington / Ft. Wayne
Contact:

Re: Official Linux questions thread

Post by Merk » Fri Mar 13, 2015 1:38 pm

Yeah, full disclosure I could have just e-mailed the file the server needed to myself, logged into my e-mail from the Linux VM, and downloaded the file from my e-mail but that seems like an inelegant way of doing things, you know? I suppose it's better than using FTP though...

Anyway, it's times like this that I'm glad I'm not a Linux server admin because I sure as fuck don't know what I'm doing. Case in point, I was trying to get Wireshark running on my Linux VM and holy fuck they don't make installing Wireshark from source easy. Is everything in Linux like this? With Wireshark I couldn't just download the source and do a "./configure" -- I had to find install packages for a billion different fucking things. Don't have gcc? Try to guess the right yum package name. Don't have GTK3+? Good luck finding that package name! Don't have glib-2.0? Google the package name. Of course when I Google this shit I have to wade through a bunch of random forums and look at forum posts from 2007 with super outdated information.

And to make matters worse I don't know exactly what package I need until I run into an error after running "./configure" -- is this what they call dependency hell? Granted, it looks like there are 3rd-party installer packages out there but of course CentOS doesn't have one made for it since it comes standard with Red Hat.


In the end I just said "fuck it" and made a .pcap file using tcpdump, transferred the file to my Windows laptop and ran that shit off of there.
Image

User avatar
MonMotha
Site Code Monkey
Site Code Monkey
Posts: 2505
Joined: Sun Jan 23, 2005 9:18 pm

Re: Official Linux questions thread

Post by MonMotha » Fri Mar 13, 2015 5:52 pm

Why did you need to install wireshark from source? It's packaged in most distributions' repositories.
A normality test:
+++ATH
If you are no longer connected to the internet, you need to apply more wax to your modem: it'll make it go faster.
If you find this funny, you're a nerd.
If neither of the above apply, you are normal. Congratulations.

User avatar
Merk
Lady Banned Son of Switzerland
Lady Banned Son of Switzerland
Posts: 8274
Joined: Wed Feb 02, 2005 9:33 am
Location: Bloomington / Ft. Wayne
Contact:

Re: Official Linux questions thread

Post by Merk » Mon Mar 16, 2015 10:51 am

sighhhhhhhhhhhhhhhhhhh you're right. I totally forgot about the little "Software" application that comes with CentOS that lets you browse the yum repository.


This is why I'm a dumb piece of shit.
Image

User avatar
MonMotha
Site Code Monkey
Site Code Monkey
Posts: 2505
Joined: Sun Jan 23, 2005 9:18 pm

Re: Official Linux questions thread

Post by MonMotha » Mon Mar 16, 2015 4:22 pm

Glad you found it.

BTW, the solution I usually use when needing to dump files onto loosely-attached systems where I can't push the file to my account via SCP/SFTP is to dump it on an HTTP server I admin and pull it from said system. That's pretty rare, though. Usually, if I have the ability to do that, I have a shell account, and that's essentially always enough to use scp. If you need an scp client for Windows, PuTTY comes with a command line one (pscp). SecureFX (the file transfer counterpart to SecureCRT) also supports it. I've also heard of a program called WinSCP, but I've never used it.

You can also use a lot of UNIX-ish programs like rsync on Windows through SSH using PuTTY's pipe redirector called plink. It's commonly used with things like svn, git, etc. that like to use SSH as a transport.

Worst case, there's the old "pipe a tarball into an a ssh session" trick, but I must admit that's a little advanced for a UNIX novice.

If you can't tell, SSH is basically the remote access swiss army knife of the UNIX world, at this point.
A normality test:
+++ATH
If you are no longer connected to the internet, you need to apply more wax to your modem: it'll make it go faster.
If you find this funny, you're a nerd.
If neither of the above apply, you are normal. Congratulations.

User avatar
Amp Divorax
Heavy
Heavy
Posts: 2922
Joined: Wed Feb 02, 2005 3:34 pm
Location: Near some arcade place that has the same initials as Drum and Bass

Re: Official Linux questions thread

Post by Amp Divorax » Mon Mar 16, 2015 4:35 pm

MonMotha wrote:If you can't tell, SSH is basically the remote access swiss army knife of the UNIX world, at this point.
THIS! Also, don't get discouraged when it comes to Linux as while it is harder, once somebody can leverage it effectively they sometimes can get work done faster in a bash shell than with a GUI. (I've been using Linux for 15 years now and I have still just barely scratched the surface based on what I have read of the book "The Linux Programming Interface" thus far.)
Memorable 2016 quotes:
Ho wrote:You can break arcade games and I will fix YOU!

Post Reply