Environment
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2
Situation
New features of Novell FTP (which makes use of pure-ftpd) have been introduced in OES 2 SP2 as well as in post-SP2 maintenance updates. This document discusses these features.
Resolution
1. Novell FTP features added in SP2:
a. pure-ftpd now has the ability to use pam_nam (true LUM) for pure-ftpd authentication, rather than using pam_ldap as was used in SP1 and prior. This feature should be put into place automatically as part of SP2 installation, but if there are concerns as to whether it has been set up, see KB 3503915.
b. pure-ftpd now allows a user to change directories to a NCP volume on another server (i.e. a "remote volume"). This is a feature which has existed for many years in NetWare FTP, but is new to OES Linux. To use this feature, add or set the following parameter in /etc/pure-ftpd/pure-ftpd.conf :
remote_server yes
Then users can use the syntax:
cd //server/volume_name/path
or, for example:
cd //Server1/SYS/public
Several important notes should be made about this feature:
- The remote server feature enables users to cd to remote NCP volumes (or reference such paths in other FTP commands), but it does not allow users to be automatically put (upon login) in remote NCP home directories. Remote home directory functionality may be added in a future OES release.
- Since this feature depends on changing to a path outside of the user's home directory, pure-ftpd's chroot feature cannot be in force for a user who wishes to do this. Typically this means pure-ftpd.conf should have "ChrootEveryone no ", but it is also possible to chroot some users and not others, with "TrustedGID nnn ". That setting causes any user who is not a member of the group with GID "nnn" to be chrooted.
- "remote_server yes" will automatically disable the "AutoRename" feature of pure-ftpd, even if pure-ftpd.conf contains "AutoRename yes". The AutoRename feature is not fully compatible with NCP/NSS volumes.
- The remote server feature is best used from a command-based FTP client, or some GUI FTP clients which allow the user to enter the exact syntax of a command. Some GUI FTP clients may not allow entry of such a command, and may not present links to accomplish this. Web Browsers are especially poorly suited to allow access to this feature.
For additional details of this feature, see the Online Documentation at https://www.novell.com/documentation/oes2/oes_implement_lx_nw/?page=/documentation/oes2/oes_implement_lx_nw/data/bn0rvzm.html
2. Post-OES2-SP2 updates, as of April 2010:
NOTE: The following features are available both for SLES 10 SP3 customers and OES 2 SP2 customers. For SLES 10 SP3, pure-ftpd-1.0.22-0.11.1 supplies these features. For OES 2 SP2, two updated packages are needed: pure-ftpd-1.0.22-0.11.1 and novell-pure-ftpd-config-1.0.0-17.1.
a. pure-ftpd now has the ability to ignore user's home directories and take them to a default common location instead. To make use of this feature, add or set the parameter in /etc/pure-ftpd/pure-ftpd.conf :
DefaultHomeDirectory /path
This will cause all users (except anonymous) to be placed in the common path as their home directory.
b. Novell has added enhanced scripts to make running multiple instances of pure-ftpd easier. This is especially handy for clustered FTP environments. These are optional scripts and they are not automatically used by the "standard" configuration set up by the "Novell FTP" pattern in OES. But modification to use these scripts is simple. Note that if using these new scripts, the /etc/init.d/pure-ftpd script, or the rcpure-ftpd command should not longer be used to start and stop pure-ftpd.
i. Turn off the standard method of starting pure-ftpd at boot time, with:
chkconfig pure-ftpd off
ii. Create multiple pure-ftpd.conf files (give them whatever file name or path locations needed to keep them unique, and to store them on the correct cluster resources, if applicable). Inside the configuration files, at least 2 settings need to be unique in each instance. These items and examples of their usage already exist in the files:
PIDFile : This file will track the unique Process ID of the individual instance. This information will be used later if / when it is necessary to stop that individual instance.
Bind : A unique Bind setting (combination of ip_address,port) must be given, so each instance of pure-ftpd will listen at a unique location.
ii. Then, the cluster scripts (or other method devised for starting the instances) can call the following scripts:
To start an instance:
/usr/sbin/pure-config.pl /full_path/of/conf_file
To stop an instance:
/usr/sbin/pure-ftpd-stop.pl /full_path/of/conf_file