Author: Kulbir Saini

by Kulbir Saini on Administration, Configuration, FTP, FTP Server, HowTo, Linux, Security, Server

How To: Configure Secure FTP Server (VSFTPD)

This post is totally dedicated to vsftpd configuration with uploads enabled. vsftpd stands for Very Secure FTP Daemon. It is shipped with almost all the latest Red Hat based OS. vsftpd for rpm based Linux distros can be downloaded from here. Also, one can install vsftpd by issuing ‘yum install vsftpd’ or ‘apt-get install vsftpd’ command. After installing vsftpd, you just need to start the vsftpd service.

[root@bordeaux saini]$ service vsftpd start [Enter]

And you are done. Your computer is now a FTP server. You can browse your ftp server by pointing your favourite browser to ftp://localhost/ or ftp://127.0.0.1/ or ftp://<IP_ADDRESS_OF_YOUR_MACHINE> .

If you see access denied or some error related to access. Issue ‘iptables –flush’ and ‘setenforce 0’ commands.

By default the files and directories in /var/ftp/ directory will be shown at ftp://localhost/ . Now, there are two ways to share your files on ftp.

1. Copy/move files that you want to share to /var/ftp/ directory.

2. Mount directories you want to share to /var/ftp/SharedDirName. Suppose you want to share /home/saini/Movies/ folder on your ftp, then follow the following steps:

Step 1

Login as root.

1
2

[saini@bordeaux saini]$ su [Enter]
Enter Password for root.

Step 2

Go to /var/ftp/ and create the directory that you want to share.

1
2

[root@bordeaux saini]$ cd /var/ftp/ [Enter]
[root@bordeaux ftp]$ mkdir SharedMovies [Enter]

Step 3

Bind the original directory to SharedMovies.

[root@bordeaux ftp]$ mount --bind /home/saini/Movies/ /var/ftp/SharedMovies/ [Enter]

If you browse your ftp now, you’ll see SharedMovies folder as well. You can remove default pub directory if you don’t like it.

The current ftp server will be a very basic one and will allow only downloads. Below we will see how to configure it so that others are allowed to upload files/directories to your server.

Step 1

Create a directory say ‘Upload’.

[root@bordeaux saini]$ mkdir Upload [Enter]

Note that this Upload directory can be anywhere either in your home directory or in /var/ftp/ or even on some other partitions.

Step 2

Change the ownership of Upload to ftp and change the permissions to 777.

1
2

[root@bordeaux saini]$ chown ftp:ftp Upload [Enter]
[root@bordeaux saini]$ chmod 777 Upload [Enter]

Step 3

If you created Upload at any place other than /var/ftp/ , then bind it to a dir in /var/ftp/ .

1
2

[root@bordeaux saini]$ mkdir /var/ftp/Uploads [Enter]
[root@bordeaux saini]$ mount --bind /home/saini/Upload/ /var/ftp/Uploads/ [Enter]

Step 4

Configure vsftpd.conf . The default configuration files for vsftpd lives in /etc/vsftpd/ . vsftpd.conf is configuration file for vsftpd.
Open /etc/vsftpd/vsftpd.conf in any editor and add/uncomment the following lines :

Lines to be added or uncomments in /etc/vsftpd/vsftpd.conf

1
2
3
4
5
6
7
8
9
10
11

anonymous_enable=YES
write_enable=YES
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
dirmessage_enable=YES
dirlist_enable=YES
no_anon_password=YES
file_open_mode=0777
guest_enable=YES

Save vsftpd.conf file and restart the vsftpd service with the command ‘service vsftpd restart’. Now anyone can upload files to your ftp server, but only to Upload folder.

There are certain more configurations which are related to restricting bandwidth, upload/download speed, connections etc.

1
2
3
4

max_per_ip=2 # Max no. of allowed connections per IP Address.
max_clients=3 # Max no. of different IP Addressed which are allowed to connect.
anon_max_rate=1097152 # Max bytes/sec a user can upload/download to/from your ftp server.
banner_file=/etc/vsftpd/ftp_banner # The file containing the welcome message to be displayed to the clients.

For more configuration options, refer man pages for vsftpd.conf and vsftpd.

Note :

  • Whenever you restart your computer, you have to bind the directories everytime, so that they are shown on the ftp server. To skip binding every time, write everything (all commands for binding) in a mount.sh file and run it whenever you restart your computer.
  • You can view my vsftpd.conf file here.
  • Sometime, uploaded files doesn’t have 777 permissions. You can run this shell script in background forever.

PS0 : Absence of compat-libstdc++-33(libstdc++.so.5) is breaking a large no. of applications in Fedora 7. Here’s a solution anyway.

 
by Kulbir Saini on Configuration, Drivers, Graphics, Hacks, HowTo, Installation, Java, Linux, NVIDIA, Screenshot

How To: Install and Configure Looking Glass 3D Desktop

I saw a video from Sun MicroSystems last year, in which they showed a demo version of a 3D desktop environment. It was really awesome and was the really 3D desktop environment. A lot of 3D desktop emulators are available currently like beryl, but they are not really 3D. Because one can’t go behind the windows, terminals etc. Believe me, Looking Glass 3D is far better than all vistas and beryls if only graphics are compared. Around two-three weeks when I was going through one of the tech magazines in library, I came across a topic which discussed desktop environments for Linux. I was surprised to see Project Looking Glass over there. Day before yesterday, I downloaded the Project Looking Glass 3D desktop environment for Linux from here.Project Looking Glass 3D desktop environment is a purely Java based desktop environment and it runs on top of Java virtual machine. It requires graphics card (at least on board). Here is a way to install nVidia drivers in Linux. The other requirement like processor and RAM are quite low and almost all systems can qualify for that. Looking Glass 3D is very easy to install. Below are the steps to install it on Fedora 7 (kernel-2.6.22.1-41.fc7, but the steps for other operating systems may be similar.

Step 1

Get lg3d–1-0-0-linux-i686-0612190943.bin from here.

Step 2

In a terminal switch to root user.

1
2

[saini@bordeaux saini]$ su [Enter]
Enter root password.

Step 3

Move the lg3d–1-0-0-linux-i686-0612190943.bin to /usr/share/ and go to directory /usr/share/

1
2

[root@bordeaux saini]$ mv lg3d--1-0-0-linux-i686-0612190943.bin /usr/share/ [Enter]
[root@bordeaux saini]$  cd /usr/share/ [Enter]

Step 4

Extract lg3d–1-0-0-linux-i686-0612190943.bin

[root@bordeaux share]$ bash  lg3d--1-0-0-linux-i686-0612190943.bin [Enter]

The files will be extracted to /usr/share/lg3d/

Step 5

Logout and login into root’s desktop environment and go to the directory /usr/share/lg3d/bin/ 

[root@bordeaux root$ cd /usr/share/lg3d/bin/ [Enter]

Step 6

Execute the following command.

[root@bordeaux bin]$ bash ./postinstall [Enter]

If this command doesn’t give any error, that means you have successfully installed the Looking Glass 3D desktop environment.

Now logout and on the login screen, choose Looking Glass as the desktop environment. Just login into your account and what you will see will be more than a surprise. Below are some screenshots of my Looking Glass 3D desktop. You can browse all my screenshots here .

PS0 : It may the best 3D desktop environment but is not really usable on slower machines especially with low end graphics cards.

Awesome Wallpaper in Looking Glass 3D 3D Clock in Looking Glass Four Desktops in Looking Glass Notes on Backside of VLC Media Player in Looking Glass

Trumplayer Album Art in Looking Glass I Can't Read Mails in Looking Glass Jumbled Directories in 3D in Looking Glass Random Directory 3D Tiles in Looking Glass

 
by Kulbir Saini on Bug, Fedora, Hacks, Java, Tips - Tricks

Bug: Strange libstdc++.so.5 Problem in Fedora 7

After installing jdk-6u2 for Linux from Sun Microsystems’ site, when I ran javaws it gave strange error that libstdc++.so.5 not found and it aborted. I searched for libstdc++.so.5 and it was not there in /usr/lib/ as expected. That implied something is wrong. As I installed jdk-6u2 from rpms, it should have given dependency error for the particular library, bit it didn’t. After searching for sometime I found that libstdc++.so.5 is provided by compat-libstdc++-33 package, which was not installed on my system. After I installing the particular package, everything worked fine.

It worked fine for Fedora Core 6 because compat-libstdc++-33 is provided by default in Fedora Core 6.

But its kind of strange that if libstdc++.so.5 and hence compat-libstdc++-33 is required for jdk-6u2 then why ‘rpm -ivh’ didn’t give dependency error.

 
by Kulbir Saini on Configuration, Hacks, HowTo, Linux, Spam, Tips - Tricks

How To: Configure Procmailrc to Reduce Spam

Last Monday in IIIT Linux Users Group (LUG) meeting, I gave a small presentation regarding how to configure .procmailrc to make very effective filters.

Procmail is a mail delivery agent or mail filter which is widely used on Unix systems to process incoming mails. It is automatically invoked by the mail transport agents like Sendmail whenever there is an incoming mail. Procmail has the power to process all the incoming mails based on the recipes provided by the user and deliver them to the provided destination(either a mail folder or email id or something else like a file or stdout and many more).

Procmail by default searches for a configuration file named .procmailrc in user’s home directory. All the recipes, global variables and other things are provided here by the user to let Procmail know what to do.

Here is an example .procmailrc

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

# .procmailrc 
 
PATH = $PATH
MAILDIR = $HOME/mail
DEFAULT = $HOME/mbox
SHELL = /bin/bash
 
# Backup for testing mode.
#:0 c # Uncomment for testing mode
#Backup
 
:0: # Spam mails should go to Spam folder
* ^(From|Cc|To).*(hi5.com|auctionit|newegg|voilin|mingle)
Spam
 
:0: # Spam mails should go to Spam folder
* ^Subject:.*(Goonj|Spam|Disarmed|Pictures|Re\. Pictures|Sperm|Penis|Viagra|Filename|voilin)
Spam
 
:0: # Mail from Fedora mailing list should go to Fedora
* ^(From|Cc|To).*(fedora-devel|fedorawiki-noreply|bugzilla)
Fedora
 
:0: # Mail from yum mailing list should go to Yum
* ^(From|Cc|To).*yum-devel*
Yum
 
:0: # Mail from/to lug should go to LUG folder
* ^(From|Cc|To).*lug@students.iiit.ac.in
LUG
 
:0: # Lost found mails should go to LostFound folder
* ^Subject:.*(lost|found)
LostFound
 
:0: # Mail from/to life should go to Life folder
* ^(From|Cc|To).*life@students*
Life
 
:0: # Birc mails should go to BIRC folder
* ^(From|Cc|To).*birc@students*
${HOME}/mbox
 
:0: # Mail from/to course should go to Courses folder
* ^(From|Cc|To).*(ec5303|cs3600|cs3150|cs3350|cs3155|cs4460|cs4110)
{
	:0 c
	! kulbirsaini25@gmail.com
 
	:0:
	Courses
}
 
:0: # Mail from/to clubs should go to Clubs folder
* ^(From|Cc|To).*(agents|campusgreen|campusgreenclub|cybergames|dpscm|guitar|music|nss|photography|quizzers|signet|sigops|videography|movie)
Clubs
 
:0: # Mail from/to clubs should go to Clubs folder
* ^Subject:.*(agents|campusgreen|dance|cybergames|dpscm|guitar|music|nss|photography|quizzers|signet|sigops|videography|movie)
Clubs
 
:0: # House mails should go to House folder
* ^Subject:.*(IBCT|House|Tournament|Champion|championship|Inter\ House|chess|cultural|basket|cricket|foot|ball|Physical|PEC|carrom|dumb|TT|IHFT)
House
 
:0: # Mails from Physical Education Center
* ^(From|Cc|To).*pec@iiit.ac.in
House
 
:0: # Returned mail transcriptions to Bounced folder
* ^Subject:.*(Returned mail: see transcript for details|could not deliver mail|bounced|could not send message for past)
Trash
 
:0: # Mails from TopCoder should go to TopCoder folder
* ^(From|Cc|To).*topcoder*
Trash
 
:0: # Default
* ^(From|Cc|To).*
{
	:0 c
	! kulbirsaini25@gmail.com
 
	:0:
	${HOME}/mbox
}

The top few lines are global variables which you need to declare so that Procmail can detect your default mailbox and mail folders, path etc.

These are configured in accordance with the Students mail server at IIIT-H. These global variable declarations are followed by the recipes which guide Procmail to process the incoming mails.

The usual syntax of a recipe is

1
2
3

:0 [flags] [: [lock-file]]
zero or more conditions
one action line or nested actions

Lets start with the conditions line with second recipe from above image. ‘*’ specifies the start of the action line. This ‘*’ is followed by a regular expression which Procmail egreps in the header by default. ‘^’ in regular expression species the start of the line. Then all the mail which are from/to/cced to mail ids which contain auctionit or newegg or violin . e.g. newegg@newegg.com. The condition can span only one line. You can’t write comment in the action line otherwise Procmail will treat it as a part of regular expression. Anywhere else all the characters that follows a ‘#’ in a line are treated as comments or are ignored by the Procmail while processing mails.

Then comes the action line. There can only be action line per recipe unless and until its not nested. Action line may be just a mail folder name or path (relative or absolute). Spam means that all the mails satisfying the regular expression in condition line will be delivered to the Spam mail folder.

The action lines can be nested as in the last recipe in the above image. Procmail can support any level of nesting but the nesting should be proper.

The action line may also be used to forward mails to some other email id. ‘!’ is used in starting of the line followed by the email id to forward the mail.

Now some tips about the first line in the recipe. ‘:0’ is must. But optional flags may be specified. The second ‘:’ asks Procmail to use a lock-file. The need of lock-file is because if your mail account is being swamped with a lot of mails. The Sendmail invokes one copy of Procmail per incoming mail. In that case if two or more Procmail processes try to write the same mail folder, there will be conflicts. So, using the second ‘:’ protect the same mail folder from being written by the two different Procmail processes.

Procmail processes .procmailrc in top-down fashion and stops whenever it finds a matching regular expression in any of the recipes. But you may make it work further buy using the flag ‘c’ as in last recipe. If flag ‘c’ is specified, it will create a carbon copy and give it to the both recipes.

I think thats enough. If you want to explore Procmail more, read man page ‘procmailrc’ and for example procmailrcs read ‘procmailex’ man page.

You can use my procmailrc if you are interested. Find it here.

 
by Kulbir Saini on Drivers, Fedora, Hacks, Hardware, HowTo, Internet, Wireless

How To: Configure Wireless with Ralink (rt2500) Level One WNC 0301 in Fedora 7

If you are searching for wireless lan configuration in Fedora Core 6, a detailed description is available here. Though Fedora 7 – Moonshine detect the Ralink rt2500 Level One WNC-0301 wireless lan card, the network doesn’t work properly with default drivers. You may be able to connect sometime, but some other time it may not function properly. Because ralink drivers are not yet stable. See the discussions here. So, here is a step by step complete reference to how to make it work properly.

Step 1: Download the latest CVS release of Ralink rt2500 drivers from here.

Step 2: Unload the kernel module for rt2500 drivers

[root@bordeaux kulbirsaini] rmmod rt2500pci [Enter]

Step 3: Go to the directory /lib/modules/2.6.21-1.3194.fc7/kernel/drivers/net/wireless/mac80211/rt2x00 and take backup of the current rt2500pci driver module.

[root@bordeaux rt2x00] mv rt2500pci.ko back.rt2500pci.ko [Enter]

Step 4: Untar the download driver tar ball and change to the directory ./rt2500-cvs-XXXXXXXXXX/Module/

1
2

[root@bordeaux Module] make [Enter]
[root@bordeaux Module] make install-fedora [Enter]

Step 5: Open /etc/modprobe.conf file and add a line

alias wlan0 rt2500

Save the file and load the rt2500 driver.

[root@bordeaux kulbirsaini] modprobe rt2500 [Enter]

Step 6: Go to the directory /etc/sysconfig/network-scripts/ and create a file named ifcfg-wmaster0. Copy the contents of ifcfg-wlan0 to the ifcfg-wmaster0. If you don’t have ifcfg-wlan0 file, then issue command ‘neat’ as root and add new wireless device with appropriate configurations and ifcfg-wlan0 will be created in the process.

Step 7: Activate the device, what else ???

PS1 : You can refer to my ifcfg-wlan0 and ifcfg-wmaster0 files.

PS2 : You can ask for more details on any issues in the any of the above steps.