Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 21 May 2015 13:37:43 +0200
From:      Polytropon <>
To:        Jeffry Killen <>
Subject:   Re: One more issue
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Wed, 20 May 2015 22:42:43 -0700, Jeffry Killen wrote:
> I installed apache24 from ports.
> added the requisite line to rc.conf to start apache on boot.
> I ran servic apache24 start to start the server.
> from another machine I established an ftp connection to the
> doc root and attempted to edit the default index.html page.
> The ftp client informed me I couldn't edit the page, and I realized
> that the ownership of the doc root needed to be changed to ftp
> user.

No, that sounds wrong. The user "ftp" is the anonymous (!) FTP
user (the one without a name and a password). You probably don't
want to give that user access to document files.

Do you have ftpd (FreeBSD's FTP server) running, or do you use
something different?

See the file /etc/ftpusers - it contains those _not_ allowed to
run FTP connections: "root" and "ftp" commonly are the two top
entries. Make sure that they are there, if you have to use FTP.
Which means: Using FTP today is a bad idea, no matter what "reason"
you might mention... :-)

> SO, via ssh I attempted to login via su and the root password
> was refused.

The users which are allowed to "su root" have to be member of
the "wheel" group. Check /etc/group for the relevant entries.
Use "pw groupmod" to add the user, if required.

> I went to the monitor attached to the server and attempted to log in
> as root. I kept getting refusals.

SSH logins for root are usually disallowed. There's an option
named "PermitRootLogin yes" in /etc/ssh/sshd_config which can
be set. However, it's encouraged not to do this, and instead
to use a normal user login + wheel group + su.

Also have a look at the "sudo" and "super" tools, available
via ports.

> I ended up having to dig up how to boot into single user mode to
> change root password. That I did. Now I can log in as root or
> su as usual.

This indicates a password mismatch rather than a "normal" permission

> The point is that I did not fool around with the password file.
> Something else altered or corrupted it. Hopefully I don't now
> have a root kit hanging around.

That's worth checking. It's also good to have backups of the
relevant files and the databases generated from them.

> I am conderned about having to be connected to the internet
> so ports can fetch anything it sees fit. (this is why I had avoided
> using ports in the past).

That's no big deal, and no big difference between ports and
packages. Make sure you read about system security, and also
make sure you have a firewall in place, just in case. Also
know about your log files, for example /var/log/auth.log.
In case you're running a FTP server, use /var/log/ftpd.log.

> What services do I have to allow to and from the internet that
> are secure with respect to hosts.allow and tcpwrappers, for the sake
> of ports?

Ports are usually obtained with the "fetch" program, using FTP
or HTTP, depending on how the port's distfiles are being

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

Want to link to this message? Use this URL: <>