Installing SafeTP Server on Redhat 7.0 This information was kindly contributed by one of our users to help other redhat 7 users until we incorporate the necessary changes in the install script. It hasn't been verified for completeness, so please use with caution. --------------------------------------------------------------------------- dan: you probably already know this, but just a head's up that your sc/install.pl will not work on redhat 7.x's new inetd (now called xinetd) setup. xinetd uses non-standard files. this has pro's and con's, but the point with sftpd is that the sc/install.pl bombs out trying to find and alter lines in the /etc/inetd.conf, which does not exist for rh7 users. furthermore, while redhat's new xinetd daemon does utilize the /etc/services file as before, it does *not* recognize the old "alias" function of the /etc/services file. so you can't put ftp 21/tcp safetp a third item on the line, 'safetp' as an alias for 'ftp'. moreover, as mentioned above, there is no /etc/inetd.conf. instead, every line that would have been in /etc/inetd.conf is now a separate file in /etc/xinetd.d. the *name* of that file is actually insignificant: the "service" line in that file *is* significant, and tells xinetd what service that file refers to. finally, redhat's upgrade system adds some more complexities for users who installed safetp before the upgrade to 7.0: for those users upgrading their systems, redhat provides a translation program (called /usr/sbin/inetdconvert) which it auto-runs during the upgrade. this program attempts to translate all active /etc/inetd.conf lines into the /etc/xinetd.d/* files. however, inetdconvert doesn't work quite right for the safetp service. so, in the end, here's what needs to be done differently on a redhat 7.x system (for those fresh-installs and for those upgrading): ---- 1) read and follow the instructions in the install.txt and compile.txt files in the sftpd-1.46 or later source directory, up to where it says, '3. Run the install script.' in the install.txt file. 2) now, i am going to assume you have no /etc/inetd.conf file, since you're running redhat 7.0 or higher. if you have such a file already, and it has a line in it for ftp (perhaps because you upgraded from 6.2 or something, i don't know why), then you can skip this step entirely and go to 3), below. (what happens to the /etc/inetd.conf file is entirely inconsequential. BUT, the sc/install.pl script *needs* one to be there or the install script will bum out and not finish to completion.) now, using a simple text editor like emacs or pico or vi, etc., create an /etc/inetd.conf file whose contents are simply the following single line with no spaces at the beginning of the line: ftp stream tcp nowait root /usr/sbin/tcpd wu.ftpd now you are ready to run the install script. 3) go back to install.txt and continue with '3. Run the install script.'. 4) during the script run, it will ask you for some info. accept the defaults except when it asks you: After installing, do a full (interactive) test? [y] > for this, hit 'n', because things won't be running yet when the script completes so you won't be able to test things. 5) now, edit your /etc/services lines slightly, so that you have 2 entries looking exactly like this (that is, only 2 items per line. nothing more on each line): ftp 21/tcp raw-ftp 351/tcp 6) assuming the wu-ftpd rpm is installed and that's your ftp server, then you should already have an /etc/xinetd.d/wu-ftpd file which looks like this: # default: on # description: The wu-ftpd FTP server serves FTP connections. It # uses normal, unencrypted usernames and passwords for # authentication. service ftp { socket_type = stream wait = no user = root server = /usr/sbin/in.ftpd server_args = -l -a log_on_success += DURATION USERID log_on_failure += USERID nice = 10 } you need to change the service ftp line to read: service raw-ftp 7) you need to create an /etc/xinetd.d/safetp file that says: service ftp { socket_type = stream protocol = tcp wait = no user = safetp server = /home/safetp/sftpd server_args = -f351 -s -y/home/safetp disable = no } 8) note i haven't used the '-8' or '-9' args in the server_args line above but they can be added later by the admin. if you didn't upgrade to redhat 7.x from an earlier edition, but just installed it cleanly, then go straight to step 11). otherwise, continue with step 9) below. =========================================================================== NOTES FOR PEOPLE WHO CONVERTED OVER TO REDHAT 7.0 *AFTER* INSTALLING SAFETP: 9) there will already be an /etc/xinetd.d/safetp file there, created automatically by the installation program and /usr/sbin/inetdconvert. however, it will have translated over the command line arguments with an extra 'sftpd' in it, like this: server_args = sftpd -f351 -s -y/home/safetp this will confuse sftp because there is an extraneous argument in there relating to the syntax of the old /etc/inetd.conf file. this extra argument needs to be removed. make sure you take out the 'sftpd' so that the line looks like this: server_args = -f351 -s -y/home/safetp 10) the upgrade may have auto-converted the /etc/inetd.conf and thus made an /etc/xinetd.d/raw-ftp file for you. this MUST be removed. not just renamed. all you need is the /etc/xinetd.d/wu-ftpd and /etc/xinetd.d/safetp files mentioned above. =========================================================================== 11) after this you can go on with the rest of your sc/install.pl or in manual install, they can re-start their xinetd ('/etc/rc.d/initd/xinetd restart') and they should be up and running and can test the system with ftp's or telnet's to the appropriate ports 21 and 351, as usual. dan, hope this helps you and/or anyone else who may need the info. feel free to put it (or any editted/augmented version with improvements, etc., to your liking) up on your web site in the interim for users of redhat7 if you want.. Jeff Stern Social Science Computing Services University of California, Irvine Irvine, CA 92697-5100 USA