10 April 2003, 06:13:07 The Complete FreeBSD (netserver.mm), page 447
25
Basic network
access: servers
In this chapter:
• Running servers from
inetd
• Configur ing ftpd
• Running sshd
• rsyncd
• Setting up a web
ser ver
• NFS server
• Samba
In this chapter:
• Running servers from
inetd
• Configur ing ftpd
• Running sshd
• rsyncd
• Setting up a web
ser ver
• NFS server
• Samba
In the previous chapter,wesaw how touse clients to access other systems. This is only
half the picture, of course. At the other end of the link, we need servers to provide this
service. For each client, there is a server (a daemon) whose name is usually derivedfrom
the client name by adding a d to it:
Table 25-1: Server daemons for basic services
Client Server
ssh sshd

Instead, inetd starts an ftpd when a request comes in on port 21.
At startup, inetd reads a configuration file /etc/inetd.conf to determine which ports to
monitor and what to do when a message comes in. Here’sanexcerpt:
#$FreeBSD: src/etc/inetd.conf,v 1.58 2002/08/09 17:34:13 gordon Exp $
#
#Internet server configuration database
#
#ftp stream tcp nowait root /usr/libexec/lukemftpd ftpd -l -r
#ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
#ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l
#telnet stream tcp nowait root /usr/libexec/telnetd telnetd
#telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd
#shell stream tcp nowait root /usr/libexec/rshd rshd
#shell stream tcp6 nowait root /usr/libexec/rshd rshd
#login stream tcp nowait root /usr/libexec/rlogind rlogind
#login stream tcp6 nowait root /usr/libexec/rlogind rlogind
#exec stream tcp nowait root /usr/libexec/rexecd rexecd
#shell stream tcp6 nowait root /usr/libexec/rshd rshd
This file has the following format:
• The first column is the service on which inetd should listen. If it starts with a # sign,
it’sacomment, and inetd ignores it. You’ll note in this example that all the listed
services have been commented out. Unless you run the daemon independently of
inetd,arequest for one of these services will be rejected with the message:
Unable to connect to remote host: Connection refused
netserver.mm,v v4.19 (2003/04/09 20:42:40)
Running servers from inetd 449
10 April 2003, 06:13:07 The Complete FreeBSD (netserver.mm), page 449
• The next three columns determine the nature of the connection, the protocol to use,
and whether inetd should wait for the process to complete before listening for new
connections. In the example, all the services are TCP,but there are entries both for

The name rsync is not a typo. rsync and rsyncd are the same thing; it’sthe
--daemon option that makes rsync run as a daemon.
netserver.mm,v v4.19 (2003/04/09 20:42:40)
450 Chapter 25: Basic networ k access: servers
10 April 2003, 06:13:07 The Complete FreeBSD (netserver.mm), page 450
inetd doesn’tnotice alterations to /etc/inetd.conf automatically.After modifying the file,
you must send it a SIGHUP signal:
# killall -HUP inetd
Youcan write -1 instead of -HUP.This causes inetd to re-read /etc/inetd.conf.
Instead of starting daemons via inetd,you can start them at boot time. inetd is
convenient for servers that don’tget run very often, but if you makefrequent connections,
you can save overhead by running the servers continuously.Onthe other hand, it’snot
practical to start rshd, rlogind, re xecd or telnetd at boot time: they’re designed to be
started once for each session, and theyexit after the first connection closes. We’lllook at
starting the other daemons in the following sections, along with their configuration.
Configuring ftpd
Normally you’ll run ftpd from inetd,aswesaw above.Ifyou want to run it directly,
perform the following steps:
• Add the following line in /etc/rc.local:
echo -n ’starting local daemons:’
#put your local stuff here
echo " ftpd" && ftpd -D
The option -D tells ftpd to run as a daemon. Youwill possibly want other options as
well; see the discussion below.
• Comment out the ftp line in /etc/inetd.conf by adding a hash mark (#)infront of it:
# ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
• Either reboot, or cause inetd to re-read its configuration file:
# killall -1 inetd send a SIGHUP
If you don’tperform this step, inetd keeps the ftp port open, and ftpd can’trun.
Forsecurity reasons, you will probably want to add options such as logging and

drwxrwxr-x 20 ftp ftp 512 Jun 314:03 pub
This enables read access to the pub directory and read-write access to the incoming
subdirectory.
• If you have a lot of files that are accessed relatively infrequently,it’spossible you will
find people on the Net who copyall the files that theysee in the directory.
Sometimes you’ll find multiple connections from one system copying all the files in
parallel, which can cause bandwidth problems. In some cases, you might find it more
appropriate to distribute the names individually,and to limit access to reading the
directories. You can do this by setting the permissions of pub and its subdirectories
likethis:
d--x--x--x 20 ftp ftp 512 Jun 314:03 pub
This allows access to the files, but not to the directory,sothe remote user can’tfind
the names of the files in the directory.
• Copythe following files to ˜ftp/bin: /usr/bin/compress, /usr/bin/gzip, /usr/bin/gunzip,
/bin/ls, /usr/bin/tar and /usr/bin/uncompress.The viewofanonymous ftp users is
restricted to the home directory,soall programs that are to be executed must also be
in this directory.
netserver.mm,v v4.19 (2003/04/09 20:42:40)
452 Chapter 25: Basic networ k access: servers
10 April 2003, 06:13:07 The Complete FreeBSD (netserver.mm), page 452
Youcan (‘‘hard’’) link the files if you want (and if the directory is on the same file
system), but symbolic links will fail, since theycontain path names that do not point
to the correct place when running in the anonymous ftp environment.
Restricting access and logging
Anumber of ftpd options makeiteasier to control and monitor ftp access:
• The -l option logs each session, whether successful or not, to syslogd with the
facility LOG_FTP.Toenable this logging, your /etc/syslog.conf should contain a line
like
ftp.* /var/log/ftpd
In addition, the file /var/log/ftpd must exist. If it doesn’t, create it with:

netdebug.txt.gz!12188!1
Oct 13 09:42:05 1997!!151.197.101.46!/pub/cfbsd/txt/C-p
netserver.mm,v v4.19 (2003/04/09 20:42:40)
Configur ing ftpd 453
10 April 2003, 06:13:07 The Complete FreeBSD (netserver.mm), page 453
ackages.txt.gz!37951!1
Oct 13 09:59:07 freebie ftpd[14117]: connection from 151.197.101.46
Oct 13 09:59:08 freebie ftpd[14117]: ANONYMOUS FTP LOGIN FROM 151.197.101.46, bmc@ho
vercraft.willscreek.com
Oct 13 09:59:24 1997!!151.197.101.46!/pub/cfbsd/txt/D-b
iblio.txt.gz!1815!1
This log excerpt shows three kinds of message:
• The messages starting with the text connection from occur when an ftp connection
is made. Theydon’tmean that anypermission to access has been given. These
messages are logged by the -l option.
• The ANONYMOUS FTP LOGIN messages showthat somebody has logged in
anonymously.The name follows, not always in the required username format. The
standard ftpd does not enforce this requirement; you may find something that does in
the Ports Collection. These messages are logged by the -S option.
• The lines full of ! marks showfiles being transferred. The ! marks delimit the
fields, which are:
• The year,asanextension of the timestamp.
• The user ID.
• The IP address of the system to which the data is transferred.
• The name of the file transferred.
• The number of bytes transferred.
Running sshd
Normally you start sshd from the system configuration file /etc/rc.conf :
sshd_enable="YES" # Enable sshd
That’sall you need to do for sshd.You can also start it simply with:

list = yes
comment = Greg’s web pages
hosts allow = 223.147.37.0/24
[tivo]
path = /var/tivo
uid = grog
read only = no
list = yes
comment = TiVo staging area
hosts allow = tivo.example.org
This is the configuration file used in the server examples in Chapter 24. It consists of two
parts: a global part at the beginning, with settings that apply to all modules, and one or
more module parts describing files that the server will supply.
The global options here specify the motd file,afile whose contents are printed when you
list modules (the ‘‘be gentle’’message in the examples), and that transfers should be
logged to /var/log/rsyncd.log.The log output looks something likethis:
2002/10/24 13:31:49 [16398] send presto.example.org [192.109.197.74] groggy () slash
dot/topicscience.gif 1083
2002/10/24 13:31:49 [16398] send presto.example.org [192.109.197.74] groggy () slash
dot/topicsecurity.gif 3034
2002/10/24 13:31:49 [16398] send presto.example.org [192.109.197.74] groggy () slash
dot/topictv.jpg 951
2002/10/24 13:31:49 [16398] send presto.example.org [192.109.197.74] groggy () slide
.pdf 40470
2002/10/24 13:31:49 [16398] send presto.example.org [192.109.197.74] groggy () stock
whip.html 1602
netserver.mm,v v4.19 (2003/04/09 20:42:40)
rsyncd 455
10 April 2003, 06:13:07 The Complete FreeBSD (netserver.mm), page 455
The next part of the configuration file describes modules,directory hierarchies that

• By default, the web pages are in /usr/local/www/data.This is the ‘‘root’’directory
for the web pages: the file /usr/local/www/data/foo.html on www.example.org will
have the URL may find it a good idea to
change the directory to the /var file system in a location such as /var/www/data.
We’lllook at howtodothat with the DocumentRoot entry in the configuration file.
netserver.mm,v v4.19 (2003/04/09 20:42:40)