Installing ftpd, telnetd, and imapd
This document describes how to install the standard services in Suse Linux 11.0. Suse does not install a functional ftpd, telnetd, or imapd by default.
telnetd and ftpd
These daemons are usually /usr/sbin/in.ftpd and /usr/sbin/in.telnetd. If they're not there, download and install them. I use wu-ftpd because it's the most flexible.
Unfortunatly, wu-ftpd 2.6.2 doesn't compile anymore, because of incompatibilities with bison (which is a replacement for yacc). The only way to get it to compile is to find an old version of yacc, or edit the wu-ftpd source code. Note that yacc, if present, is usually just a link to bison, which can't compile wu-ftpd without patching the source.
If you get the following errors
ftpcmd.y:197.9: syntax error, unexpected = ftpcmd.y:205.9: syntax error, unexpected = ftpcmd.y:228.17-18: $2 of `cmd' has no declared type ... etc...
Edit src/ftpcmd.y and remove the extra '=' character
in every yacc command, like this one here:
| STRU check_login SP struct_code CRLF
= {
Then type configure, make, and make install. Edit /etc/ftpaccess and /etc/ftpconversions as necessary.
To start it up,
edit /etc/xinetd.d/ftpd or /etc/xinetd.d/vsftp
and set "disable" to "off" (see below). Set the server daemon path to match
what you have. Edit/etc/passwd to make sure the correct login directory is
specified for user ftp. Then re-start /etc/init.d/xinetd.
ftpd and TCP Wrappers
To run an ftp server, you need:
- ftpd
- xinetd or inetd (only available as an rpm)
- TCP Wrappers ( = tcpd)
TCP Wrappers is very old and no longer compiles without editing the source code.
First, find out if you already have tcpd: ls -l /usr/sbin/tcpd.
If not, you will need to compile and install it as follows:
- Download and install tcp wrappers.
-
Un-tar it and set the permissions so you can read it.
tar -xzvf tcp_wrappers_7.6.tar.gz
cd tcp_wrappers_7.6
chmod a+rw * -
Edit the Makefile and un-comment the line indicating where your tcpd should
be located.
Otherwise it will say
*** [config-check] Error 1 -
Before compiling, you need to edit the source code. Otherwise, you will get
the following error:
percent_m.c:17: error: conflicting types for 'sys_errlist'
/usr/include/bits/sys_errlist.h:28: error: previous declaration of 'sys_errlist' was here
Inpercent_m.cline 17, remove the lines between
#ifndef SYS_ERRLIST_DEFINEDand#endif
Inscaffold.c, remove the line
extern char *malloc(); - make linux
- make install
- Edit /etc/hosts.allow and /etc/hosts.deny. See the man pages tcpd(8) and hosts_access(5) for a description.
inetd or xinetd
Either inetd or xinetd, but not both, should be running. Inetd has a much cleaner interface than xinetd, consisting of a single config file, but xinetd is usually installed in Linux these days by default.
Inetd
Inetd is available only as an rpm. The following command installs it:
rpm -i --force --nodeps inetd-0.16-7.i386.rpm
If it says
inet: unknown service
error: %post(inetd-0.16-7.i386) scriptlet failed, exit status 1
you can ignore the error message.
Next create a startup script in /etc/init.d/ called inetd and make it executable.
I cribbed this one from an old Suse system:
#! /bin/sh
# System startup script for the inet daemon
INETD_BIN=/usr/sbin/inetd
test -x $INETD_BIN || exit 5
. /etc/rc.status
rc_reset
case "$1" in
start)
echo -n "Starting inetd"
if [ -f /etc/inetd.conf ]; then
while read inetdconfline ; do
case "${inetdconfline:0:1}" in
""|"#")
continue
;;
*) ;;
esac
startproc $INETD_BIN
rc_status -v
RAN_INETD=yes
break
done < /etc/inetd.conf
fi
if [ "$RAN_INETD" != "yes" ]; then
echo -n " . . . . . . . . . . no service configured"
rc_failed 6
rc_status -s
fi
;;
stop)
echo -n "Shutting down inetd"
killproc -TERM $INETD_BIN
rc_status -v
;;
restart)
$0 stop
$0 start
rc_status
;;
esac
rc_exit
Add the appropriate links in /etc/init.d/rc3.d to start it at boot-up.
Edit /etc/inetd.conf to turn services on or off:
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd imap stream tcp nowait root /usr/sbin/tcpd imapd
To turn off a service, comment out the relevant line by adding a '#' character at the start.
Xinetd
Xinetd puts each service as a separate file in the /etc/xinetd.d directory.
It's necessary to check them all, because turning one on may cause a conflict
with another one, so that neither will start. This is all very clumsy, but it
still works. For example, to turn on imap, edit /etc/xinetd.d/imap
and change "disable" to "no". Then make sure you have an imapd in the
specified directory (/usr/sbin) that has execute permissions.
Note the gotcha: If your xinetd is compiled to use TCP Wrappers, your service
daemon should also be compiled for TCP Wrappers. Otherwise, unexpected things
could happen. To check if TCP wrappers is compiled in, type the command
ldd /usr/sbin/xinetd | grep libwrap.
If it uses libwrap, your daemons must also be compiled with TCP Wrappers,
or you will not get any protection from your hosts.deny file.
Edit your /etc/hosts.allow and /etc/hosts.deny
files to allow access.
Xinetd also has its own access controls which, to my knowledge, no one ever uses, because a startup config file is really the wrong place to put access controls.
Here is a typical /etc/xinetd.d/imap file:
service imap
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/imapd
flags = IPv4
}
After changing one of the files, you must restart xinetd and check the system logs, where it will tell you which services had errors. If two services conflict with each other (for instance, by trying to activate both ftpd and vsftpd), both are deactivated.
IMAPD
Imapd, the remote mail server, gives lots of trouble when used with Squirrelmail. None of the IMAP daemons in the Suse DVD worked on my system, so I installed WU-IMAPD and got rid of Cyrus Imapd and the default Imapd from Suse. Wu-imapd compiled easily.
make slx cd imapd su cp imapd /usr/sbin/
Squirrelmail errors
Getting squirrelmail to work with imapd requires a few tricks. Here are some of the errors that show up:
Bad request: The IMAP server is reporting that plain text logins are disabled. Using CRAM-MD5 or DIGEST-MD5 authentication instead may work. Also, the use of TLS may allow SquirrelMail to login. Please contact your system administrator and report this error.
This occurs because Squirrelmail requires plain text passwords and imapd requires encrypted passwords. See http://squirrelmail.org/docs/admin/admin-10.html for details.
Solution: Create a file /etc/c-client.cf containing a
single line set disable-plaintext nil . This allows imapd
to use plaintext passwords. It's a security risk, but there's not much
you can do about it as long as your users have email clients that send
passwords in the clear.
Another Squirrelmail error is:
ERROR: Connection dropped by IMAP server.
This should not be taken as proof that there is, in fact, an Imap server.
It usually just means the imap server was not found. Check the xinetd.d
file to make sure it's pointing to the correct location. For example, cyrus
imapd was found in /usr/lib/cyrus/bin/imapd
Error connecting to IMAP server: localhost.
111 : Connection refused
This means the server was not being started. Try starting imapd from the
command line, or connect to it directly using telnet localhost 143 .
Update
In Opensuse 12.3, we still found that none of the IMAP daemons worked.
Cyrus imapd gave messages about being unable to GETENV, and there was no
entry for it in xinetd.d or in the sysconfd stuff.
So we installed Courier Imapd, which is nicer because it still runs in
xinetd.d/imap, but it kept complaining about chdir ./Maildir: no such file or
directory. After creating about half a dozen Maildirs for it in random
places, we finally gave up and installed an old Imap2004 that we found lying
around, which worked perfectly.
See linuxsetup41.html for more details on Squirrelmail.
Who says Linux isn't loads of fun stuff.