# HOW-TO GLFTPD 2.01  - Configurations

## HeXiLeD

HOW TO GLFTPD INSTALL , SETUP & UPDATE:

*** Since the almighty godlike #glftpd efnet people are so amazingly helpful i decided to create an how to install glftpd.

*** PLEASE note that you should always read the official docs and have some unix/linux knowledge prior to start the

*** instalation. It does not matter how easy the HOWTO will make things because even if you copy and past everything

*** here and you manage to get glftpd working; you will need to understand how things work to setup your own settings in glftpd

*** I strongly recomend that you do not use any sort of package unix/linux management (apt-get, emerge, yum, pacman,

*** etc) to install glftpd. While there is technicly nothing wrong about doing the install that way you will however

*** be limited in the usage of glftpd regarding its secure versatilities and custom management that will be pre-set

*** by default by your package manager which in some cases (if not all) you canŽt really modify to secure at your own

*** preferences. I also advise to create a unique and restricted user to run ONLY glftpd and that you do a jail

*** install under that user. However creating a user is purely optional and not required.

GENERAL NOTES:

THIS HOWTO is not gentoo specific and can be used with any other unix/linux distro

***   <--- means my comments

  $   <--- means unix normal user without root rights

  #   <--- means root (admin) rights

 //   <--- commented lines on configuration files which will be ignore by the system

           lines with nothing behind mean glftpd install settings

*** If you decide to create a specific user for glftpd do it now. You must be root to create users

*** This is optional and not required. It fits the purpose of securing glftpd shell even more !!!

*** You can skip this step if you want if not; you must be root to create a user. see bellow how.

```
# adduser
```

*** If you created the new user enter his new directory; if not; just ignore this part.

```
# cd /home/<username>
```

*** Download glftpd binary install package:

```
# wget http://www.glftpd.com/files/glftpd-LNX_2.01.tgz
```

*** Extract the archive:

*** example :(tar -zxvf glftp-XXX.x.xx.tgz )

```
# tar -zxvf glftpd-LNX_2.01.tgz
```

***  Enter in the extracted glftpd directory.

```
# cd glftpd-LNX_2.01/
```

*** Install the application.

*** You must be root to install glftpd ( ~ # )!

```
*** ROOT means ADMIN. You must have administrator rights

*** At this point if you are not root ( # ) you must gain access.

*** Type ¨su¨ or ¨sudo -i¨ to get root rights
```

```
$ su

Password:********
```

```
# ./installgl.sh

             ###  #     ##### ##### ####  ####        ###   

            #   # #     #       #   #   # #   #      #   #  

            #     #     ###     #   #   # #   #         #   

            #  ## #     #       #   ####  #   #        #    

            #   # #     #       #   #     #   #       #     

             ###  ##### #       #   #     ####       #####  

                  --== WE MAKE FILES TRANSFER ==--

     -----------------------------------------------------------

                  GLFTPD INSTALLER v2.0.1 (linux)

          Originally done by jehsom and dn.

          Made ready for the new era by turranius and psxc.  

     -----------------------------------------------------------

Before we begin: If this installer fails on your system, please

let the devs know. You find us on irc (efnet) in #glftpd. Thank you.

Also, any bugs found in glftpd itself should be reported either to

the board @ http://www.glftpd.com, in the irc channel, or both.

Press <enter> to continue. 

```

1. TCPD SETUP:

--------------

```
Do you wish to use tcpd? If you are not sure then you should not

use it. If you decided to change this at a later time, please

search for tcpd in glftpd.docs for the required changes.

Use tcpd? [Y]es [N]o:
```

*** If you choose YES and you dont have tcpc installed you will get the following:

*** What is tcpd @ http://en.wikipedia.org/wiki/TCP_Wrapper

```
It seems you don't have tcpd installed, install it and try

again, or select not to use it next time.  Aborting.
```

*** Go back to ./installgl.sh

*** If you choose NO

```
Use tcpd? [Y]es [N]o: 

Installing glftpd without tcpd.
```

2. JAIL SETUP:

--------------

```
Do you want to run glftpd in a "Jailed" environment?  In this

environment a private directory will be created and glftpd will

be installed inside.  Regular shell users will not be able to get

inside this private directory.  The glftpd.conf is also moved

inside for added security and a new group will be created so

you and other users you specify can access glftpd through the shell.

Use a jailed environment? [Y]es [N]o: yes
```

*** I strongly advise that you use JAIL !!! This is help secure your server

*** Say yes! info @ http://en.wikipedia.org/wiki/FreeBSD_jail

```
Creating the jailed environment.

Please enter the private directory to install glftpd inside [/jail]: /home/ftpd
```

*** If you get the following output:

```
Please enter the private directory to install glftpd inside [/jail]: /home/ftpd

Path already exists. [D]elete it, [A]bort, [T]ry again, [I]gnore? 
```

*** If you get this output: Path already exists. [D]elete it, [A]bort, [T]ry again, [I]gnore?

*** Ignore it or Delete to continue. If you abort; then go back to ./installgl.sh and restart the install

*** Ignore will continue. Delete will re-create it

```
Do you want to create a private group?  If you say no then only root will

be able to access glftpd.  Otherwise you can add other shell users to the

group so they can access glftpd from the shell.

Use a private group? [Y]es [No]: y
```

*** The use of a private group will be of your choice. The more people have access to

*** glftpd box shell group the less secure it will be. Setting to yes will output the following:

```
What would you like your private group to be called? [glftpd]:
```

*** Press enter for default choice or use your own

*** If you get: 

```
Warning: Group already exists with the following users: peter, roy, kyle

What would you like to do: [D]elete it, [A]bort, [T]ry again, [I]gnore? 
```

*** Choose according to your liking.

```
Creating private group . . . Done. ( or ) Setting Permissions on /ftpd . . . Done.
```

*** If the group did not exist and or had no users before you will be asked the following:

```
Who should have access to glftpd? (separate with ,):
```

*** Choose which users that have shell access to the box where glftpd runs; to have access 

*** and be added to glftpd users group.

*** I added user peter and tester. Peter had a shell account in that box and tester did not.

```
Warning: user tester does not exist. Adding anyway.

Setting permissions on /home/ftpd . . . Done.
```

3. GLFTPD BASE SETUP:

---------------------

```
Please enter the directory inside /home/ftpd to install glftpd to [/glftpd]:
```

*** you can choose any name you want. Just press enter if you want /glftpd.

*** The private directory must start with a "/"

```
Copying glftpd files to /ftpd/glftpd . . . Done.

Copying required binaries to /ftpd/glftpd/bin:

All binaries successfully copied.

Making glftpd's /dev/null , /dev/zero & /dev/urandom . . . Done.
```

4. SERVICE SETUP & MULTI-INSTALL:

---------------------------------

*** THIS IS OPTIONAL. IF YOU ARE UNEXPERIENCED JUST PRESS ENTER TO SKIP THIS 

```
Enter a service name for glftpd. This name will be used as the

service name mapped to the port in /etc/services, the name

used in your (x)inetd settings, and the name of your config-file.

NOTE: If you (wish to) have multiple instances of glftpd on the

same box, you *must* to change this.

Press <enter> for the default (ftpd)> 
```

*** If you want to choose your service name other than the default one 

*** You will get the following output:

```
You did not choose the default servicename for glftpd. If you plan on

having more than one instance of glftpd, you should change the ipc_key.

The ipc_key can be anything you want, but it must be unique. To make

things easy in this installer, you will be provided with 10 choices.

1: 0x0000BABE   2: 0xDEADBABE   3: 0x00C0FFEE  4: 0x12345678

5: 0x87654321   6: 0xBEEFBABE   7: 0xBADCOFEE  8: 0x0000BEEF

9: 0xDEADBEEF   0: 0x0000DEAD (default)
```

*** This setting also demands to be specified in glftpd.conf. Check the docs or my 

*** glftpd.conf example for this setting. 

*** You may choose any of these keys or quit the install and restart ./install.sh 

*** once  you get to ¨4. SERVICE SETUP & MULTI-INSTALL ¨  go with the default option and 

*** press enter or if you choose to use a ipc_key because you might want to run other glftpd 

*** servers in the same box later on you can go with choice ¨0¨ (default) 

*** This setting is optional !!

***  If the service already existed replace it. (y). If it did not exist you will be sent to step 5.

```
The service "glftpd" already exists in /etc/services.

Replace it? (y/n)> y
```

5. COMPILING SOURCES & COPYING LIBS:

------------------------------------

```
modifying source (bin/sources/glconf.h) ... OK.

Compiling source files in /ftpd/glftpd/bin/sources to /ftpd/glftpd/bin:

   ansi2gl .. OK.

   dirlogclean .. OK.

   dirloglist .. OK.

   dirlogscanner .. OK.

   dirlogsearch .. OK.

 dupeadd .. OK.

   dupecheck .. OK.

   dupediradd .. OK.

   dupelist .. OK.

   dupescan .. OK.

   flysfv .. OK.

   ftpwho .. OK.

   glupdate .. OK.

   killghost .. OK.

   nukelogclean .. OK.

   nukelogscanner .. OK.

   olddirclean2 .. OK.

   undupe .. OK.

   userstat .. OK.

   weektop .. OK.

All source files successfully compiled.

Copying required shared library files:

   ld-linux.so.2: OK

   libacl.so.1: OK

   libattr.so.1: OK

   libncurses.so.5: OK

   libselinux.so.1: OK

   libsepol.so.1: OK

   libcrypt.so.1: OK

   libc.so.6: OK

   libdl.so.2: OK

   libm.so.6: OK

   libpthread.so.0: OK

   librt.so.1: OK

   libcrypto.so.0.9.8: OK

   libssl.so.0.9.8: OK

   libz.so.1: OK

Copying your system's run-time library linker(s):

(NOTE: Searches can take a couple of minutes, please be patient.)

   ld-linux.so.2: OK

Configuring the shared library cache . . . Done.

```

6. PORT AND SYSTEM SETUP:

-------------------------

```
Enter the port you would like glftpd to listen on [1337]:
```

*** You can just press enter to accecpt this port or simply choose your own port. Lets change it to 2121

*** NOTE: Do not initially put your ftpd on port 21...stick it on a really high port so you know it works

*** You will also have to add this port number to /etc/services or your /etc/xinetd.d/glftpd>

*** Check my xinetd.d-glftpd.txt example !

```
Setting userfile permissions . . . Done.

Setting groupfile permissions . . . Done.

Adding glftpd service to /etc/services (as glftpd) . . . Done.

Copying glftpd.conf to /server/glftpd.conf . . . Done.

Do you want to use [I]netd or [X]inetd
```

*** The choice is yours. Lets go with with Xinetd. It offers a more secure extension to or version of inetd

*** http://en.wikipedia.org/wiki/Inetd vs http://en.wikipedia.org/wiki/Xinetd

```
Do you wish to use European weeks? European weeks starts with a Monday.

This is for glftpd's 'reset' binary (see docs for more info) [Y/N]:
```

*** Choose according to your liking. 

```
Fixing (potential) localtime problems ...

  Creating /ftpd/glftpd/etc/localtime

  Creating /ftpd/glftpd/usr/lib/zoneinfo

  Creating /ftpd/glftpd/usr/share/zoneinfo

Done.
```

7. SSL/TLS SETUP:

-----------------

```
We will now create a certificate for SSL/TLS support. This step is

required.

 

Please specify location, inside /home/ftpd/glftpd

to install the cert (ftpd-dsa.pem) [/etc]: 
```

*** Leave it like this to have the ssl certificates inside glftpd root install

*** If you wish glftpd to use commun ssl certificates also used for other appplications

*** You can specify other ssl certificates in glftpd.conf 

```
Please specify a generic name for this certificate.

This can be any name but should say something about the ftp server

like the name for it perhaps (press enter for glftpd):
```

*** Lets use the name that you used for the server 

```
Using servbase:  glftpd Using openssl: /usr/bin/openssl

Please wait while creating certificate... (will take time!)

1024 semi-random bytes loaded

Generating DSA parameters, 1024 bit long prime

This could take some time

..+.+......+......+....+.+.+...+..+..........+.......+....+..

..+.+.....+....+.......+..................+.............+....

1024 semi-random bytes loaded

Generating DH parameters, 1024 bit long safe prime, generator 2

This is going to take a long time

1024 semi-random bytes loaded

Generating DH parameters, 1024 bit long safe prime, generator 2

This is going to take a long time

.....................................+.......................+

.....................................+.......................+

.....................................+.......................+

Generating DSA key, 1024 bits

Moving ftpd-dsa.pem to /ftpd/glftpd/etc . . . Done

-> IMPORTANT !!!!

-> If you get TLS errors of any kind, read instructions in README.TLS

-> included in this package!

```

8. STARTING GLFTPD:

-------------------

```
Copying /etc/resolv.conf to /ftpd/glftpd/etc/resolv.conf . . . Done.

Testing entries in resolv.conf (can take time):

Testing 192.168.2.1 . . . OK.

Configuring xinetd for glftpd . . . Done.

Restarting xinetd . . . Success.

If your system is using RH 7.3, you MUST restart xinetd MANUALLY!

Adding crontab entry to tabulate site stats nightly . . . Done.

chmod'ing the site/ dir . . . Done.
```

9. FINISH:

----------

C

```
ongratulations, glFtpD has been installed. Scroll up and note any errors

that needs fixing. ./installgl.debug contains a log of the installation process.

To get your site running, you must edit /jail/glftpd.conf according to

the instructions in /server/setup/docs/glftpd.docs.

For help, visit #glftpd on EFnet AFTER you've read (not skimmed) the docs/faq.

After configuring glftpd, visit the following websites for additional

scripts to give your site some style!:

        Turranius - http://www.grandis.nu/glftpd

        Jehsoms - http://runslinux.net/

        dn's and ip's - http://www.chimera-coding.com

        D-ViBE's collection - http://www.glftpd.at

The official glftpd homepage is located at http://www.glftpd.com

                                 Thanks for your support!

                                 the glFtpD team
```

A - CREATING A NEW SSL CERTIFICATE

*** In case you wish to modify anything about your ssl certificate such as RSA vs DSA or it´s amount of bits

*** Inside glftpd install directory you will find a file called ¨create_server_key.sh¨. execute it.

```
# ./create_server_key.sh

create_server_key.sh v1.0 by Slask&HoE

Usage: ./create_server_key.sh [rsa] info

info - can be any word, and it should inform the client

       about the server he is logging in (for example servername)

rsa - if you dont specify this then DSA key will be created

certificate is for 900 days and is self-signed
```

B - UPDATING TO GLFTPD  2.01.1 (psxc-beta) 

*** GLFTPd update to non public release of glFTPd 2.01.1 (psxc-beta)

```
*** CHANGES:

*** compiled against OpenSSL 0.9.8e (fbsd 6.2) - OpenSSL 0.9.8c (linux)

*** added support for VIA Padlock (only in VIA CPU's)

*** added new option in glftpd.conf - 'denysecurexfers <user/group/flag>' - this will deny crypted transfers
```

*** available @ ftp://pzs-ng:pzs-ng@ftp.pzs-ng.com:21021/gl-psxc/

*** Full GLFTPD all versions docs and some scripts mirror @

*** user: glftpd  | password: glftpd2.1.1 | host: gnix.myftp.org  | port: 65535 | ssl/tls: ON

*** note: max simbultaneos logins:  10 |  max same simultaneous ip logins: 2 

*** Enter glftpd chroot glftpd install

```
# cd /home/ftpd/glftpd
```

*** Proceed to download

*** For linux  use the following. For OSX & OBSD check: ftp://pzs-ng:pzs-ng@ftp.pzs-ng.com:21021/gl-psxc/

```
# wget ftp://pzs-ng:pzs-ng@ftp.pzs-ng.com:21021/gl-psxc/glftpd_v2.01.1-psxc.tgz
```

*** Extract the package:

```
# tar -zxvf glftpd_v2.01.1-psxc.tgz

glftpd_v2.01.1-psxc

glftpd_v2.01.1-psxc/glftpd-fbsd

glftpd_v2.01.1-psxc/README

glftpd_v2.01.1-psxc/glftpd-lnx

glftpd_v2.01.1-psxc/glftpd_padlock_test.txt
```

*** Copy and rename glftpd-lnx to ¨BIN/¨ directory. Note that  you will replace the old glftpd 2.01 which 

*** is 1.4M size by the new glftpd  2.01.1 (psxc-beta); which is 2M size.

*** Before we replace the old glftpd lets make a backup.

```
# mv bin/glftpd bin/glftd-old
```

*** Now lets copy the new glftpd  2.01.1 (psxc-beta) to the bin/ directory

```
# cp glftpd_v2.01.1-psxc/glftpd-lnx bin/glftpd
```

*** Lets also replace glconf.h to the newer glconf.h

```
# wget ftp://pzs-ng:pzs-ng@ftp.pzs-ng.com:21021/gl-psxc/glconf.h

# mv glconf.h bin/sources/glconf.h
```

C - CRONTAB ENTRY

*** edit crontab and add the following according to your settings and paths !!

```
# nano /etc/crontab

// GLFTPD

// 'reset' bin every night at midnight

0 0 * * *  /home/ftpd/glftpd/bin/reset -r /home/ftpd/glftpd/glftpd.conf >/home/ftpd/glftpd/ftp-data/logs/reset.log 2>&1
```

D - SETTING XINETD

*** Notes:

```
#   The following switches can be used in inetd.conf:

#  -B            This will only allow connections from the port bouncer

#                (connecting from localhost [127.0.0.1] will still work)

#  -b            This allows connections from a port bouncer or direct connections.

#  -e            This will use european week (Mon-Sun) when modifying stats

#  -l            Logs new dirs,deleted dirs,nukes,unnukes,logins,logouts to

#                /glftpd/ftp-data/logs/glftpd.log and login.log in ascii.

#  -L            Works just like -l, but it will always log creation and

#                deletion of directories to glftpd.log. The -l option only logs

#                those if they are in dirlog path (specified in glftpd.conf).

#                Most likely, you want to use -l, this is for special cases.

#  -i            Logs uploads to /glftpd/ftp-data/logs/xferlog.

#

#  -I            Disables ident lookups. Note that if you use tcpd, it will do

#                an ident lookup independently from glftpd.

#  -o            Logs downloads /glftpd/ftp-data/logs/xferlog. 

#  -d            Logs connections and all user commands to system logs as debug

#                (usually /var/log/debug, but refer to your /etc/syslog.conf).

#  -r <file>     Use alternate glftpd.conf file.

#  -t <seconds>  Sets the default idle timeout period.

#  -T <seconds>  Sets the maximum idle timeout period a user may select using

#                the 'site idle' command if he/she doesn't have a personal

#                idle time set (site change user idle_time xx).

#  -n <#>        Number of DNS retries, 0 disables DNS resolving.

#  -s <path>     The full path to the glstrings binary (default is /glftpd/bin/glstrings.bin)

#                Example: -s/home/glftpd/bin/myownglstrings.bin

#  -x       makes glftpd only log ips on errors. (by default everything will be logged)

#  -X       forces glftpd not to log ips (not even for error messages in login.log)
```

*** Add the following line to '/etc/services' or set it like the following example on xinet.d

*** glftpd	<Port you want glftpd on>/tcp

```
# nano /etc/services
```

*** and add a line with

```
glftpd 2121/tcp
```

*** NOTE: e.g.: glftpd 8000/tcp # Glftpd

*** NOTE: Do not initially put your ftpd on port 21...stick it on a really high port so you know it works 

*** NOTE: DO NOT PUT THE PORT RIGHT NEXT TO ANOTHER PORT, SPACE THEM OUT BY AT LEAST 5-10 PORTS 

*** Lets edit/create glftpd xinetd script and  you can add the following settings:

```
# nano /etc/xinetd.d/glftpd
```

```
service glftpd

{

    // ***           The following 5 options are optional

    // port           = 21 # setting the port here is optional

    // log_type     = FILE /var/log/glftpd.log # if you want to have xinet to create logs

    // bind           = <computer-hostame/ip if you want to have glftp on specific ip>

    // only_from   = <remove to allow all ips to connect or use ip or ip range>

    // server        = /usr/sbin/tcpd # setting tcpd here is optional

    disable = no

    flags             = REUSE NAMEINARGS

    socket_type  = stream

    protocol        = tcp

    wait             = no

    user             = root

    server_args  = /path/to/glftpd/bin/glftpd -X -l -i -o -r /path/to/glftpd.conf -s /path/to/glftpd/bin/glstrings.bin -e

}

```

E - GETTING SCRIPTS/ADDONS

*** http://www.grandis.nu/glftpd & https://glftpd.io/

*** GLFTPD HAS BEEN FULLY INSTALLED AND UPDATED.

*** FOR MORE CHECK THE DOCS AND MY WIKI HERE & HERE FOR GLFTPD CONFIGURATIONS

The latest examples; (if any) can be found here

----------

## HeXiLeD

I have created an HOWTO INSTALL GLFTPD 2.01 & Update to 2.01.1 (psxc-beta)  as well as i have updated glftpd.conf and also a few wiki pages specifically for glftpd:

Update 30/04/2012 http://nixbits.net/wiki/Setting_up_glftpd_from_scratch

----------

