forked from proftpd/proftpd
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug proftpd#1006 - Fixes in configure.in Bug proftpd#1022 - Docs upda…
…ted for mod_sql. Bug proftpd#1024 - Updated INSTALL, README and new READMEs and PFTEST files.
- Loading branch information
flood
committed
Feb 23, 2001
1 parent
ebcd69d
commit 341cd85
Showing
14 changed files
with
1,431 additions
and
499 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,77 +1,112 @@ | ||
| ProFTPD 1.2 README | ||
|
|
||
| ProFTPD 1.2.0 README | ||
| ==================== | ||
|
|
||
| Introduction | ||
| ------------ | ||
|
|
||
| ProFTPD is a highly configurable FTP daemon for Unix and Unix-like | ||
| operating systems. See the README.ports file for more details about | ||
| the platforms on which ProFTPD in known or thought to build and run. | ||
|
|
||
| ProFTPD grew from a desire for a secure and configurable FTP server. | ||
| It was inspired by a significant admiration of the Apache web server. | ||
| Unlike most other Unix ftp servers, it has not been derived from the old | ||
| BSD ftpd code base, but is a completely new design and implementation. | ||
|
|
||
| ProFTPD's extensive configurability provides systems adminstrators great | ||
| flexibility in user authentication and access controls, including virtual | ||
| ftp users and easy chroot() ftp sessions for individual users. | ||
|
|
||
| ProFTPD is popular with many service providers for delivering update | ||
| access to user web pages, without resorting to Unix shell accounts. | ||
|
|
||
| ProFTPD powers many well-known, high-volume anonymous FTP sites, including | ||
| debian.org, freshmeat.net, gnu.org, isc.org, kernel.org, perl.org, redhat.com, | ||
| slashdot.org and sourceforge.net. | ||
|
|
||
| ProFTPD is bundled with several Linux distributions, including | ||
| Conectiva and Trustix. | ||
|
|
||
|
|
||
| Latest Release | ||
| -------------- | ||
|
|
||
| ftp://ftp.proftpd.org/distrib/ | ||
| http://www.proftpd.org/ | ||
| http://pdd.sourceforge.net/mirrors.html | ||
|
|
||
|
|
||
|
|
||
| Major Features | ||
| -------------- | ||
|
|
||
| o A single main configuration file, with directives and directive groups | ||
| patterned after those of the Apache web server. | ||
|
|
||
| o Per directory ".ftpaccess" configuration similar to Apache's ".htaccess". | ||
|
|
||
| o Designed to run either as a stand-alone server or from inetd. | ||
|
|
||
| o Multiple virtual FTP servers and anonymous FTP services. | ||
|
|
||
| o Multiple passwd files. | ||
|
|
||
| o Shadow password support, including support for expired accounts. | ||
|
|
||
| o Multiple authentication methods, including PAM, LDAP and SQL. | ||
|
|
||
| o Virtual users. | ||
|
|
||
| o ProFTPD never executes any external program at any time. | ||
| There is no SITE EXEC command, and all file and directory listings | ||
| are generated internally, without using an external ls command. | ||
|
|
||
| o Anonymous FTP and other chroot directories do not require any specific | ||
| directory structure, executable programs or other system files. | ||
|
|
||
| o Modular architecture with an API that facilitates well structured | ||
| extensions to meet user needs. | ||
|
|
||
| o Visibility of directories or files controlled based on Unix style | ||
| permissions or user/group ownership. | ||
|
|
||
| o Logging and utmp/wtmp support. Logging is compatible with wu-ftpd, | ||
| and extended, customizable logging is available. | ||
|
|
||
| o If supported by the capabilities the host system, it can run as a | ||
| non-privileged user in stand-alone mode, thwarting attacks aimed at | ||
| exploiting "root" privileges. | ||
|
|
||
| o GPL source license. The source code is available to audit. | ||
|
|
||
|
|
||
|
|
||
| Documentation | ||
| ------------- | ||
|
|
||
| http://pdd.sourceforge.net/ | ||
| http://www.proftpd.org/docs/ | ||
|
|
||
|
|
||
|
|
||
| Installation Overview | ||
| --------------------- | ||
| URL: http://www.proftpd.org | ||
|
|
||
| INTRODUCTION | ||
| ************ | ||
|
|
||
|
|
||
| ProFTPD is a highly configurable ftp daemon for unix and unix-like | ||
| operating systems. Currently, the following operating systems are | ||
| supported: | ||
|
|
||
| !! NOTE: gcc and gmake are _required_ on all platforms, unless otherwise | ||
| indicated !! | ||
|
|
||
| Linux (recommend kernel 2.0.x or 2.2.x -- _glibc2 (libc6) required_) | ||
| BSDI 2.x (possibly) | ||
| BSDI 3.1 (tested -- use gmake instead of make) | ||
| BSDI 4.0 | ||
| IRIX 6.2 | ||
| IRIX 6.3 (native compiler or gcc) | ||
| IRIX 6.4 (tested) | ||
| Solaris 2.5.1 (see README.Solaris2.5x) | ||
| Solaris 2.6 (may get warnings) | ||
| Solaris 2.7 (may get warnings) | ||
| AIX 3.2 (native compiler) | ||
| AIX 4.2 (tested) | ||
| OpenBSD 2.2/2.3 (tested) | ||
| FreeBSD 2.2.7 (tested see NOTE) | ||
| FreeBSD 3.3 (see NOTE) | ||
| Digital UNIX 4.0A | ||
| DEC OFS/1 (native compiler) | ||
| MacOS X 1.02 | ||
|
|
||
| [ NOTE: FreeBSD 2.0 to 3.3-RELEASE has a libc bug involving | ||
| setpassent(). If you know you have a fixed libc you can | ||
| use the --enable-force-setpassent to use it with one of these | ||
| releases otherwise ProFTPD will use its internal persistent | ||
| password support. If you'd like more information the bug is | ||
| FreeBSD PR #14201. ] | ||
|
|
||
|
|
||
| ProFTPD is designed to be somewhat of a "drop-in" replacement for wu-ftpd. | ||
| Full online documentation is available at http://www.proftpd.org, | ||
| including a server configuration directive reference manual. | ||
|
|
||
|
|
||
| INSTALLATION | ||
| ************ | ||
|
|
||
| For detailed installation instructions, see the INSTALL file in the source | ||
| distribution. | ||
|
|
||
| 1. Configure the source distribution for your OS type by running the GNU | ||
| autoconf 'configure' script in the root source directory. | ||
|
|
||
| 2. If configure runs without a problem, simply type 'make' from the root | ||
| source directory to build the necessary binaries. You may need to tweak | ||
| config.h and/or Makefile to suit your needs. | ||
|
|
||
| 3. 'make install' to install proftpd. By default, the 'proftpd' binary | ||
| is installed into /usr/sbin. You can alter the default installation | ||
| directories by editing the top level Makefile. | ||
|
|
||
| 4. By default, proftpd looks for a single configuration file as | ||
| /usr/local/etc/proftpd.conf. Copy sample-configurations/basic.conf to | ||
| /usr/local/etc/proftpd.conf and modify to suit your needs. More advanced | ||
| configuration examples are also included. | ||
|
|
||
| 5. If you wish to run proftpd as a standalone daemon, you'll need to | ||
| modify your system startup rc scripts to start proftpd on boot. Make sure | ||
| you change the ServerType directive in /etc/proftpd.conf in order to tell | ||
| proftpd which mode it is running in. If you wish to run proftpd from | ||
| inetd (the default), you'll need to modify your /etc/inetd.conf file | ||
| appropriately, and restart the inetd super-server. | ||
|
|
||
| 6. All done! | ||
|
|
||
| For detailed installation instructions, see the INSTALL file in the root | ||
| directory of the source distribution. | ||
|
|
||
| The ProFTPD source distribution is designed to be configured using the | ||
| GNU autotools, so compiling and installing follows the familiar command | ||
| sequence of './configure ; make ; make install'. However, a significant | ||
| portion of ProFTPD's configurability is done at compile time, so it is | ||
| highly recommended that you read INSTALL and all the README.* files that | ||
| pertain to your platform and desired features before building the sources. | ||
|
|
||
| ProFTPD uses a single configuration file. A few examples are included in | ||
| the sample-configurations subdirectory of the source distribution. | ||
|
|
||
| On most systems, the inetd or xinetd configuration must be changed, | ||
| either to remove the current ftpd entry to run ProFTPD standalone, | ||
| or to change the current ftpd entry to use the proftpd daemon. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,140 @@ | ||
|
|
||
| ProFTPD 1.2.0 README.AIX | ||
| ======================== | ||
|
|
||
| Introduction | ||
| ------------ | ||
|
|
||
| There are two issues when compiling on AIX systems that can be worked | ||
| around using the proper configure command lines. | ||
|
|
||
| One problem involves the less than optimal default shared object search | ||
| path that the IBM linker inserts into executables. The second problem is | ||
| compilaton failure stemming from an incompatibility with the <string.h> | ||
| header file when the IBM compiler attempts to inline some string functions. | ||
|
|
||
|
|
||
|
|
||
| Executive Summary | ||
| ----------------- | ||
|
|
||
| If you are using the IBM xlc/cc compiler with the IBM ld linker: | ||
|
|
||
| % env CC=cc \ | ||
| CPPFLAGS='-U__STR__' \ | ||
| LDFLAGS='-blibpath:/usr/lib:/lib:/usr/local/lib' \ | ||
| ./configure ... | ||
|
|
||
|
|
||
| If you are using the GNU gcc compiler with the IBM ld linker: | ||
|
|
||
| % env CC=gcc \ | ||
| LDFLAGS='-Wl,-blibpath:/usr/lib:/lib:/usr/local/lib' \ | ||
| ./configure ... | ||
|
|
||
|
|
||
| If you are using the GNU gcc compiler with the GNU ld linker, | ||
| something like this ought to work (untested): | ||
|
|
||
| % env CC=gcc \ | ||
| LDFLAGS='-Wl,-rpath,/usr/lib,-rpath,/lib,-rpath,/usr/local/lib' \ | ||
| ./configure ... | ||
|
|
||
|
|
||
| Note that the library paths shown here are for example use only. | ||
| You may need to use different paths on your system, particularly when | ||
| linking with any optional libraries (e.g. krb5, ldap, mysql, etc.). | ||
|
|
||
|
|
||
|
|
||
| Linking with the IBM or GNU linker | ||
| ---------------------------------- | ||
|
|
||
| There is a potential security problem when using the IBM linker. | ||
| Unlike other Unix systems, by default the IBM linker automatically will | ||
| use the compile time library search path as the runtime shared library | ||
| search path. The use of relative paths in the runtime library search | ||
| path is an especially acute security problem for suid or sgid programs. | ||
| This default behavior is documented, so it is not considered a bug by IBM. | ||
| However, some suid programs that have shipped with AIX have included insecure | ||
| library search paths and are vulnerable to privilege elevation exploits. | ||
|
|
||
| This may not be such a serious a security problem for ProFTPD, since it | ||
| is not installed suid or sgid. Nonetheless, it is wise to configure the | ||
| runtime shared library search path with a reasonable setting. For instance, | ||
| consider potential problems from searching NFS mounted directories. | ||
|
|
||
| An existing AIX executable's library search path can be displayed: | ||
|
|
||
| % dump -H progname | ||
|
|
||
| The runtime library search patch should be specified explicitly at | ||
| build time using the -blibpath option: | ||
|
|
||
| % cc -blibpath:/usr/lib:/lib:/usr/local/lib | ||
|
|
||
| % gcc -Wl,-blibpath:/usr/lib:/lib:/usr/local/lib | ||
|
|
||
| See the ld documentation, not just that of xlc/cc, for further information | ||
| on the IBM linker flags. Alternatively, an insecure library search path | ||
| can be avoided using -bnolibpath, which causes the default path to be used | ||
| (either the value of the LIBPATH environment variable, if defined, or | ||
| /usr/lib:/lib, if not). | ||
|
|
||
| It has been reported that at least some versions of GNU ld (e.g. 2.9.1) | ||
| have emulated this default linking behavior on AIX platforms. However, | ||
| GNU ld uses -rpath to set the runtime library search path, rather than | ||
| the IBM ld -blibpath or the Sun ld -R options: | ||
|
|
||
| % gcc -Wl,-rpath,/usr/lib,-rpath,/lib,-rpath,/usr/local/lib | ||
|
|
||
| Again, consult the GNU ld documentation for further information. | ||
| Note that using the gcc compiler does not imply that it uses the GNU | ||
| ld linker. In fact, it is more common to use the IBM system linker. | ||
|
|
||
|
|
||
| The upshot of all this is that you should tell configure what to use | ||
| for the runtime shared library search path. This can be done by setting | ||
| LDFLAGS on the configure command line, possibly like this: | ||
|
|
||
| % env CC=cc LDFLAGS='-blibpath:/usr/lib:/lib:/usr/local/lib' \ | ||
| ./configure ... | ||
|
|
||
| % env CC=gcc LDFLAGS='-Wl,-blibpath:/usr/lib:/lib:/usr/local/lib' \ | ||
| ./configure ... | ||
|
|
||
|
|
||
| In addition to setting the runtime library search path during the original | ||
| software build, the IBM linker can relink an existing *unstripped* executable | ||
| using a new runtime library search path: | ||
|
|
||
| % cc -blibpath:/usr/lib:/lib:/usr/local/lib -lm -ldl \ | ||
| -o progname.new progname | ||
|
|
||
| % gcc -Wl,-blibpath:/usr/lib:/lib:/usr/local/lib -lm -ldl \ | ||
| -o progname.new progname | ||
|
|
||
| where the "-l" options refer to shared libraries, which can be determined | ||
| from the output of: | ||
|
|
||
| % dump -Hv progname | ||
|
|
||
| which displays shared library information. A basic proftpd executable | ||
| probably will not require any "-l" options at all. | ||
|
|
||
|
|
||
|
|
||
| Compiling with the IBM xlc/cc compiler | ||
| -------------------------------------- | ||
|
|
||
| There is a problem with the index and rindex macros defined in <string.h>. | ||
| Apparently, these are used as part of an attempt to inline string functions | ||
| when the __STR__ C preprocessor macro is defined. Conflicts with these | ||
| definitions will cause compilation failures. | ||
|
|
||
| The work-around is to undefine the __STR__ C preprocessor macro, which | ||
| is predefined by the IBM compiler. This can be done on the configure | ||
| command line by adding '-U__STR__' to the CPPFLAGS variable: | ||
|
|
||
| % env CC=cc CPPFLAGS='-U__STR__' ./configure ... | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
|
|
||
| ProFTPD 1.2 README.FreeBSD | ||
| ========================== | ||
|
|
||
| FreeBSD releases 2.0 through 3.3-RELEASE have a libc bug with setpassent(). | ||
| If you know that you have a fixed libc you can use the configure command line | ||
| option '--enable-force-setpassent' to use it with one of these fixed releases, | ||
| otherwise ProFTPD will use its internal persistent password support. If you | ||
| would like more information, this bug is described in FreeBSD PR #14201. | ||
|
|
Oops, something went wrong.