Vsftpd: chown non-anonymous uploads?

Similar Messages

• Jax-ws 2.2.8 and ws-addressing: Client throwing java.lang.NullPointerException on receipt of HTTP 202 when using non-anonymous ReplyTo address

  Server: JBoss EAP 6.2.0
  Client: JDK 1.7.0_51 x64
  JAX-WS: RI 2.2.8 ( via -Djava.endorsed.dirs )
  I am getting a java.lang.NullPointerException when calling the operation on the WS endpoint from the client when using non-anonymous replyTo address.
  I have simplified the scenario into a small test case that hopefully others can replicate. Since the exception is happening on the client instead of the server, I would think that the container used is irrelevant, but I have specified it nonetheless.
  1) WebService:
  package test.webservice;
  import java.util.Random;
  import javax.jws.WebMethod;
  import javax.jws.WebParam;
  import javax.jws.WebService;
  import javax.jws.soap.SOAPBinding;
  import javax.xml.ws.soap.Addressing;
  @WebService(targetNamespace="http://services.nowhere.org/")
  @Addressing(required=true)
  @SOAPBinding(style = SOAPBinding.Style.DOCUMENT)
  public class RandomTest {
      @WebMethod
      public long nextRandom(@WebParam boolean forceException) throws Exception {
          if( forceException ) {
              throw new Exception("Some exception");
          Random rand = new Random();
          return rand.nextLong();
  2) Generated WSDL by JBossEAP 6.2.2:
  <?xml version='1.0' encoding='UTF-8'?><wsdl:definitions xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:tns="http://webservice.test/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:ns1="http://schemas.xmlsoap.org/soap/http" name="RandomTestService" targetNamespace="http://webservice.test/">
    <wsdl:types>
  <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://webservice.test/" elementFormDefault="unqualified" targetNamespace="http://webservice.test/" version="1.0">
    <xs:element name="nextRandom" type="tns:nextRandom"/>
    <xs:element name="nextRandomResponse" type="tns:nextRandomResponse"/>
    <xs:complexType name="nextRandom">
      <xs:sequence/>
    </xs:complexType>
    <xs:complexType name="nextRandomResponse">
      <xs:sequence>
        <xs:element name="return" type="xs:long"/>
      </xs:sequence>
    </xs:complexType>
  </xs:schema>
    </wsdl:types>
    <wsdl:message name="nextRandom">
      <wsdl:part element="tns:nextRandom" name="parameters">
      </wsdl:part>
    </wsdl:message>
    <wsdl:message name="nextRandomResponse">
      <wsdl:part element="tns:nextRandomResponse" name="parameters">
      </wsdl:part>
    </wsdl:message>
    <wsdl:portType name="RandomTest">
      <wsdl:operation name="nextRandom">
        <wsdl:input message="tns:nextRandom" name="nextRandom" wsam:Action="http://webservice.test/RandomTest/nextRandomRequest" wsaw:Action="http://webservice.test/RandomTest/nextRandomRequest">
      </wsdl:input>
        <wsdl:output message="tns:nextRandomResponse" name="nextRandomResponse" wsam:Action="http://webservice.test/RandomTest/nextRandomResponse" wsaw:Action="http://webservice.test/RandomTest/nextRandomResponse">
      </wsdl:output>
      </wsdl:operation>
    </wsdl:portType>
    <wsdl:binding name="RandomTestServiceSoapBinding" type="tns:RandomTest">
      <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
      <wsaw:UsingAddressing wsdl:required="true"/>
      <wsp:PolicyReference URI="#RandomTestServiceSoapBinding_WSAM_Addressing_Policy"/>
      <wsdl:operation name="nextRandom">
        <soap:operation soapAction="" style="document"/>
        <wsdl:input name="nextRandom">
          <soap:body use="literal"/>
        </wsdl:input>
        <wsdl:output name="nextRandomResponse">
          <soap:body use="literal"/>
        </wsdl:output>
      </wsdl:operation>
    </wsdl:binding>
    <wsdl:service name="RandomTestService">
      <wsdl:port binding="tns:RandomTestServiceSoapBinding" name="RandomTestPort">
        <soap:address location="http://localhost:8080/servertest/RandomTest"/>
      </wsdl:port>
    </wsdl:service>
      <wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="RandomTestServiceSoapBinding_WSAM_Addressing_Policy"><wsam:Addressing><wsp:Policy/></wsam:Addressing></wsp:Policy>
  </wsdl:definitions>
  3) ant build.xml to generate the client code from WSDL
  <?xml version="1.0" encoding="UTF-8"?>
  <project default="build" basedir="..">
      <property name="jaxws.classpath" location="C://jaxws-2.2.8/jaxws-ri/lib/*.jar"/>
      <taskdef name="wsimport" classname="com.sun.tools.ws.ant.WsImport">
             <classpath path="${jaxws.classpath}"/>
      </taskdef>
      <target name="build" >
          <!-- For these to work, the JAR files in tools/jaxws-ri must be included in Ant's classpath -->
          <wsimport wsdl="http://localhost:8080/servertest/RandomTest?wsdl"
                 verbose="true"
                 sourcedestdir="src"
                 destdir="bin"
                 keep="true">
                 <xjcarg value="-enableIntrospection"/>
          </wsimport>
      </target>
  </project>
  4) Client code
  4a) ClientTest.java - Actual client run from client
  package test.wsclient;
  import java.util.ArrayList;
  import java.util.List;
  import javax.xml.ws.BindingProvider;
  import javax.xml.ws.Endpoint;
  import javax.xml.ws.handler.Handler;
  import javax.xml.ws.soap.AddressingFeature;
  import org.nowhere.services.RandomTest;
  import org.nowhere.services.RandomTestService;
  public class ClientTest {
      public static void main(String args[]) throws Exception {
          ClientTest app = new ClientTest();
          app.testAddressing();
      public void testAddressing() throws Exception {
          String REPLY_TO_ADDRESS = "http://localhost:8082/servertest/RandomCallback";
          String FAULT_TO_ADDRESS = "http://localhost:8082/servertest/RandomCallbackFault";
          RandomTestService service = new RandomTestService();
          RandomTest port = service.getRandomTestPort(new AddressingFeature());
          BindingProvider provider = (BindingProvider) port;
          // pass the replyTo address to the handler
          provider.getRequestContext().put("ReplyTo", REPLY_TO_ADDRESS);
          provider.getRequestContext().put("FaultTo", FAULT_TO_ADDRESS);
          // Register handlers to set the ReplyTo and FaultTo on the SOAP request sent to the WS endpoint
          List<Handler> handlerChain = new ArrayList<Handler>();
          handlerChain.add(new ClientHandler());
          provider.getBinding().setHandlerChain(handlerChain);
          // Start endpoint to receive callbacks from WS
          Endpoint endpoint = Endpoint.publish(REPLY_TO_ADDRESS, new CallbackSEI());
          try {
              port.nextRandom(false);
          } catch( Exception ex ) {
              ex.printStackTrace();
          } finally {
              Thread.sleep(10000);
          endpoint.stop();
          System.exit(0);
  4b) ClientHandler.java - Used to set the wsa ReplyTo address and FaultTo address when sending SOAP request from client to server
  package test.wsclient;
  import java.util.Set;
  import javax.xml.namespace.QName;
  import javax.xml.soap.SOAPEnvelope;
  import javax.xml.soap.SOAPHeader;
  import javax.xml.ws.handler.MessageContext;
  import javax.xml.ws.handler.MessageContext.Scope;
  import javax.xml.ws.handler.soap.SOAPHandler;
  import javax.xml.ws.handler.soap.SOAPMessageContext;
  import org.w3c.dom.Node;
  import org.w3c.dom.NodeList;
  public class ClientHandler implements SOAPHandler<SOAPMessageContext> {
      public ClientHandler() {};
      @Override
      public Set<QName> getHeaders() {
          return null;
      @Override
      public void close(MessageContext arg0) {
      @Override
      public boolean handleFault(SOAPMessageContext context) {
          return true;
      protected void setAnAddress(SOAPHeader header, String tagName, String address) {
          NodeList nodeListReplyTo = header.getElementsByTagName(tagName);
          NodeList nodeListAddress = nodeListReplyTo.item(0).getChildNodes();
          for (int i = 0; i < nodeListAddress.getLength(); i++) {
              Node node = nodeListAddress.item(i);
              if ("Address".equals(node.getLocalName())) {
                  node.setTextContent(address);
                  break;
      protected String getMessageID(SOAPHeader header) {
          NodeList nodeListMessageId = header.getElementsByTagName("MessageID");
          return nodeListMessageId.item(0).getTextContent();
      @Override
      public boolean handleMessage(SOAPMessageContext context) {
          Boolean isOutbound = (Boolean) context.get(SOAPMessageContext.MESSAGE_OUTBOUND_PROPERTY);
          if (isOutbound) {
              try {
                  SOAPEnvelope envelope = context.getMessage().getSOAPPart().getEnvelope();
                  SOAPHeader header = envelope.getHeader();
                  /* extract the generated MessageID */
                  String messageID = getMessageID(header);
                  context.put("MessageID", messageID);
                  context.setScope("MessageID", Scope.APPLICATION);
                  /* change ReplyTo address */
                  setAnAddress(header, "ReplyTo", (String) context.get("ReplyTo"));
                  setAnAddress(header, "FaultTo", (String) context.get("FaultTo"));
              } catch (Exception ex) {
                  throw new RuntimeException(ex);
          return true;
  4c) CallbackSEI.java - endpoint on the client for server to send the SOAP response back to the client
  package test.wsclient;
  import javax.annotation.Resource;
  import javax.jws.Oneway;
  import javax.jws.WebParam;
  import javax.jws.WebService;
  import javax.xml.ws.Action;
  import javax.xml.ws.RequestWrapper;
  import javax.xml.ws.WebServiceContext;
  import javax.xml.ws.soap.Addressing;
  @WebService
  @Addressing
  //@HandlerChain(file = "/handler-chain.xml")
  public class CallbackSEI {
      @Resource
      private WebServiceContext context;
       * If there is no namespace specified in the method below, then the CallbackSEI needs to be in the same package as the
       * WS endpoint.
      @Oneway
      @Action(input="http://services.nowhere.org/RandomTest/nextRandomResponse")
      @RequestWrapper(localName="nextRandomResponse", targetNamespace="http://services.nowhere.org/")
      public void handleNotification(@WebParam(name="return")long random) {
          System.out.println("Asynch response received");
          System.out.println( random );
          //System.out.println("This response relates to the message ID: "+ getMessageID());
  In summary:
  Server is listening on port 8080
  Client will listen in port 8082 for the callback from the server for the SOAP response
  Now when I run the client, I see that the proper behaviour as far as ws-addressing is concerned. That is:
  client  -- SOAP request ( on port 8080 ) --> server
  client <-- HTTP 202 ( empty HTTP body )  --- server
  client <-- SOAP response ( on port 8082 )  --- server
  All well and good, except that I am getting a NullPointerException on the client side when I call the operation.
  With debugging of the SOAP request and responses, I get the following output:
  ---[HTTP request - http://localhost:8080/servertest/RandomTest]---
  Accept: text/xml, multipart/related
  Content-Type: text/xml; charset=utf-8
  SOAPAction: "http://services.nowhere.org/RandomTest/nextRandomRequest"
  User-Agent: JAX-WS RI 2.2.8 svn-revision#13980
  <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><S:Header><To xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/servertest/RandomTest</To><Action xmlns="http://www.w3.org/2005/08/addressing">http://services.nowhere.org/RandomTest/nextRandomRequest</Action><ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
      <Address>http://localhost:8082/servertest/RandomCallback</Address>
  </ReplyTo><FaultTo xmlns="http://www.w3.org/2005/08/addressing">
      <Address>http://localhost:8082/servertest/RandomCallbackFault</Address>
  </FaultTo><MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:bcd2f6ef-3034-49e8-b837-dbd6a772fb93</MessageID></S:Header><S:Body><ns2:nextRandom xmlns:ns2="http://services.nowhere.org/"><arg0>false</arg0></ns2:nextRandom></S:Body></S:Envelope>--------------------
  ---[HTTP response - http://localhost:8080/servertest/RandomTest - 202]---
  null: HTTP/1.1 202 Accepted
  Content-Length: 0
  Content-Type: text/xml;charset=UTF-8
  Date: Fri, 18 Jul 2014 08:34:36 GMT
  Server: Apache-Coyote/1.1
  java.lang.NullPointerException
      at com.sun.proxy.$Proxy38.nextRandom(Unknown Source)
      at test.wsclient.ClientTest.testAddressing(ClientTest.java:43)
      at test.wsclient.ClientTest.main(ClientTest.java:18)
  ---[HTTP request]---
  Cache-control: no-cache
  Host: localhost:8082
  Content-type: text/xml; charset=UTF-8
  Content-length: 704
  Connection: keep-alive
  Pragma: no-cache
  User-agent: Apache CXF 2.7.7.redhat-1
  Accept: */*
  <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><Action xmlns="http://www.w3.org/2005/08/addressing">http://services.nowhere.org/RandomTest/nextRandomResponse</Action><MessageID xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:65d8d7fc-09e4-494a-a9c5-0a01faf4d7e6</MessageID><To xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8082/servertest/RandomCallback</To><RelatesTo xmlns="http://www.w3.org/2005/08/addressing">uuid:bcd2f6ef-3034-49e8-b837-dbd6a772fb93</RelatesTo></soap:Header><soap:Body><ns2:nextRandomResponse xmlns:ns2="http://services.nowhere.org/"><return>2870062781194370669</return></ns2:nextRandomResponse></soap:Body></soap:Envelope>--------------------
  Asynch response received
  2870062781194370669
  As you can see from the output above, the proxy is throwing an Exception when it receives the HTTP 202 response.
  Any ideas ?

  I think I have found when I get this error and probably I have found a bug. I will appreciate if someone can confirm this.
  In my BPEL project setup, my BPEL process's wsdl file imports another wsdl from different namespace. Here is sample snippet -
  <wsdl:definitions targetNamespace="http://namespace/1">
  <wsdl:import namespace="http://namespace/2" location="resources/another.wsdl"/>
  <plnk:partnerLinkType....../>
  </wsdl:definitions>
  Please let me know. I checked the bundled samples with Oracle BPEL PM and did not find any similar case where process wsdl imports another wsdl.
  Thank you.
  Meghana

• Jax-ws ws-addressings non-anonymous replyto header asynchronous client

  Hi All,
  I have an asynchronous jax-ws client with addressingfeature enabled.
  This will add the replyto header as anonymous and open a client listening port for the reply message when I execute the asynchronous method to the server.
  The client is then waiting for asynchronous reply from the server.
  Although I don't know the listening "replyto" address, I can see with netstat that it is listening to a random opened port (TCP).
  How can I make the client send the non-anonymous random generated replyto header with the port so that the server can reply to?
  Kind Regards,
  Tuno

  Hi,
  there is a bug in 11.1.1.3 which is fixed in 11.1.1.4. but I found a simple workaround.
  I changed the web service annotation from the callback function for "@Adressing" from "true" to "false". e.g.
  @WebService(targetNamespace="http://xmlns.oracle.com/SOAHelloApp/SOAHelloAsync/SOAHelloAsyncProcess", name="SOAHelloAsyncProcessCallback")
  @XmlSeeAlso(
  { ObjectFactory.class })
  @SOAPBinding(style=Style.DOCUMENT)
  @Addressing(enabled=false, required=false)
  so I still have the wrong wsa:Action, but nobody cares.
  HTH

• EA4500 and Non-Anonymous Disk Access

  Purchased an EA4500 this weekend and overall it's working well. Running into what seems like a bug however with the NAS settings in firmware 2.0.37. If I enable "anonymous disk access" I can use the attached USB hard drive no problem, as soon as I turn off that setting and try to setup a user it's a no-go. Windows 7 reports that the device can not be found, and in fact the icon for it will immediately disappear from the list of network devices within a few seconds of changing the radio button and clicking "save".
  It's behaving as if it's in a different workgroup than the PC's. I just have the workgroup set to the Windows 7 default of "WORKGROUP" and have the EA4500 set to the same.
  Is this a known bug with this device and firmware combination, or am I missing something obvious?

  Jake_2.0 wrote:
  By default, Anonymous Disk Access specify whether users have read-and-write or read-only access to the folder. How about if you try to map the netework drive after disabling that feature and see if the harddrive will be detected.
  That's incorrect. When it is enabled, users on the LAN can access the drive without having to enter in the credentials of one of the accounts set up in the router. 
  When it's disabled, then users have to enter in the correct credentials of one of the registered accounts to be able to access the drive. 
  The read/write access in parentheses which you are referring to is meant to make users aware what privileges an anonymous user will have. 
  I don't work for Cisco. I'm just here to help.

• Non anonymous class

  I have a doubt in the following piece of code, Here JPanel class is getting two extra methods, how does this works and what do we call this kind of class in programming language terms. Where can i use it.
  public class XYX {
  // constructor goes here.....
  public void displayXYZ(){
    JPanel panel = new JPanel(){
         public String getPanelID(){
              return "SOMEID";
         public void delete(){
            // do delete operation .
    // some more logic here
  }TIA
  Zoha

  i got it....
  I have one more doubt..
  Consider this example.
  public class XYX {
  // constructor goes here.....
  public JPanel displayXYZ(){ 
  JPanel panel = new JPanel(){
        public String getPanelID(){   
          return "SOMEID";
        public void repaint(){ 
          // repaint in my way operation . 
     // some more logic here
  return panel;
  }I have overwritten repaint() method of JPanel now if i issue a repaint() method it should repaint in the new way. IS that right.
  The second doubt is, I create this panel and i am returning it in this method is that possible to do that, will i still have a reference to this new JPanel, what are the effects of doing so.
  How to use reflection to access anonymous classes.
  TIA
  Zoha

• Non-anonymous FTP setup on Solaris 8

  I'd like to set up FTP access on my Solaris 8 (Sparc) box. However, I don't want people to use real system accounts on the server to log in. Is it possible?
  For example, on Widnows platform, I can install WS_FTP Server from IPSwitch, which maintains its own list of FTP users (thus no users are set up at the OS level). Can the default FTP Server on Solaris 8 do such thing? What about WU FTPD?
  Any helps are very much appreciated!

  Thanks Jeffrey!
  Can you also shed some lights on this:
  The default FTP server setup on Solaris seems to allow a system user to go anywhere(if he has permissions to) once he ftps in. For example, once I ftp in as myself, I am in my home directory. I can cd to, say, /etc and do a get on the passwd file and read it on my local machine. Being able to read the passwd file does not do much harm, but just wondering if there is a way to restrict the valid system user to his home directory and its subdirectories once logged in.
  Thanks again!

• HT4906 I have Mac OS X LION 10.7.5 AND HAVE OPENED UP PHOTO STREAM. I RECENTLY PURCHASED AN iPHONE 5 AND HAVE ENABLED PHOTO STREAM ( SAYS "ON IN BLUE" ). I HAVE TAKEN SEVERAL PICTURES AND NONE HAVE UPLOADED TO MY MAC??? ANY SUGGESTIONS? HAVE I MISSED A ST

  Any suggestions are welcome. I must be missing something?

  Since you do not tell us what "steps" you toold there is no way to know if or what you missed - see http://www.apple.com/support/icloud/photo-stream/ for instructions, FAQ and troubleshooting steps
  You do need to get your keyboard repaired - the Cap lock is stuck
  LN

• Vsftpd: allow writeable root for anonymous user

  Hi,
  I try to set up a simple FTP server which allows anonymous users to upload file into the root directory.
  I use the directive allow_writeable_chroot but I still get the following error:
  500 OOPS: vsftpd: refusing to run with writable root inside chroot()
  Here is my vsftpd.conf:
  anonymous_enable=YES
  write_enable=YES
  anon_upload_enable=YES
  anon_mkdir_write_enable=YES
  listen=YES
  allow_writeable_chroot=YES
  I also tried to play with anon_root but the error is the same if the given root is writable.
  Any help would be appreciated.
  EDIT
  I found the following entry in the vsftpd changelog (v3.0.0):
  - Add new config setting "allow_writeable_chroot" to help people in a bit of
  a spot with the v2.3.5 defensive change. Only applies to non-anonymous.
  So, no way to make it work with anonymous users?
  Last edited by PHF (2013-10-18 09:57:43)

  Have you overridden the following property in the page?
  protected override bool AllowAnonymousAccess { get { return true; } }
  Thanks,
  Sohel Rana
  http://ranaictiu-technicalblog.blogspot.com

• [solved] vsftpd: Uploaded files are with permissions -rw-------.?

  Hello,
  I have a problem with the ftp server(vsftpd).The new files are saved with permissions 600 (rw ----). So apache server can't show them. Ftp access is configured with my local user and this home is in /srv/http.
  The trouble is the user config access...
  Last edited by felipe (2013-07-29 16:38:14)

  solved:
  acording to
  Q) Help! Uploaded files are appearing with permissions -rw-------.
  A1) Depending on if this is an upload by a local user or an anonymous user,
  use "local_umask" or "anon_umask" to change this. For example, use
  "anon_umask=022" to give anonymously uploaded files permissions
  -rw-r--r--. Note that the "0" before the "22" is important.
  A2) Also see the vsftpd.conf.5 man page for the new "file_open_mode"
  parameter.
  more info :
  https://security.appspot.com/vsftpd/FAQ.txt

• Is there a way to upload/download photos anonymously?

  Is there a way to anonymously upload/download photos to the web without any sort of identification?
  For example, if I'm using something like TOR to browse, and I find an icon on a site or Google Images that I want to use as my avatar for a social networking site, can I "Save As" from my TOR browser and download that image anonymously to my computer's desktop? Or does my information leak when I save to my computer?
  ...and then, in turn and perhaps more importantly, how do I upload that photo as my social network photo/avatar without any sort of identifying source tag or whatever from my computer?
  When I attempt to upload a photo to the site, it keeps showing something like /Users/[iMacUserName]/Desktop
  Is there any way to do this anonymously?
  Would having something like a VPN be more useful than TOR in this situation?
  I'm new to all this, so I'd really appreciate any information possible. If it makes more sense to send an IM or private email, please feel free to contact me that way as well.
  Any recommendations for a great VPN to use with mac would be great too.
  Thanks so much in advance for your time.

  The image isn't anything dirty, nor is it necessarily copyrighted... I mean, it's a photo still from a movie I like that I wanted to use as my avatar photo. So I suppose technically it's copyrighted, but I'm not trying to pass it off as really being me, or mine. I see people using that kind of thing for avs all the time.
  I guess what I'm trying to say is that I'm not worried about the image I'm using, I'm worried about other users on the site being able to somehow find out that the image was uploaded from my computer (IP address, location, etc)
  Like, could the admins at a social networking site see that the image was uploaded from my computer?
  When I prompt the "upload" it only gives me the option to directly upload it from my computer, and as I said in my OP, it comes up with my iMac computer ID or whatever as the source of the file. (In the upload bar). Once I upload it, I think this information disappears, as I've tried to inspect other users avatars and it says owner info is private... but can the admins see WHERE the photo was uploaded from?
  Does something like TOR block this? Or do I need something else? I tried to do some research on it and found another user asking a similar question and someone responded saying they needed to tunnel it or something?
  Again, I'm not asking this b/c I'm trying to upload some inapropriate photo, but because this site is very strict about multiple accounts, and I have another account there that I'm not ready to delete yet. I just want to have a second, 100% anonymous account. (and feel I should also put it out there that it's not to do anything illegal or harmful to anyone either) just for me.
  Thanks again for any more answers on this.

• Ssl and vsftpd

  hi folks, i've set up a vsftpd on my home arch box that i connect to via my android phone to download files. first of all i just set up normal ftp, which works fine i might add. no problems downloading files or whatever. i'm logging in as my normal user from my arch box, and it's set up to only allow me to see certain directories in my home directory. now that's been done i wanted to make things more secure, so i've gone down the ftp over ssl route. i basically did this :
  Make SSL key
  #openssl req -x509 -nodes -days 730 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
  and added this to my vsftpd.conf
  # Turn on SSL
  ssl_enable=YES
  # Allow anonymous users to use secured SSL connections
  allow_anon_ssl=NO
  # All non-anonymous logins are forced to use a secure SSL connection in order to
  # send and receive data on data connections.
  force_local_data_ssl=YES
  # All non-anonymous logins are forced to use a secure SSL connection in order to send the password.
  force_local_logins_ssl=YES
  # Permit TLS v1 protocol connections. TLS v1 connections are preferred
  ssl_tlsv1=YES
  # Permit SSL v2 protocol connections. TLS v1 connections are preferred
  ssl_sslv2=NO
  # permit SSL v3 protocol connections. TLS v1 connections are preferred
  ssl_sslv3=NO
  # Specifies the location of the RSA certificate to use for SSL encrypted connections
  rsa_cert_file=/etc/vsftpd/vsftpd.pem
  require_ssl_reuse=NO
  i don't allow anonymous logins on my vsftpd server, no need to as only i will use it.  so the way i see it, my server is set up to only allow local users to log in (i've also disallowed root logins), and they can only do so by using ssl to login and to transmit data. now, this all works fine, i can download any file i wish. but i don't understand whats going on here. i'm not entirely sure i understand ssl. i didn't have to do anything fancy with the client on my android phone, only select ftps instead of ftp for the connection. i thought i had to have some sort of key on the android end of things to enable me to connect to vsftpd. as it stands i'm using the exact same login and password as before. so i'm failing to see how this is any more secure, i still have the same port forwarded etc on my router too.
  like i say i'm probably not understanding ssl fully, any light anyone can shed on this would help put my mind at rest. i'm just a bit anxious in case there's one more little thing i should be doing to make the server secure.
  thanks for taking the time to read this by the way

  of course it still needs tidying up and i've obviously edited out the sensitive stuff. i'm not exactly a networking guru as you can probably tell from this conf haha. there are probably more vsftpd settings i can play with, just havent had much time, what wth work and stuff.
  # Example config file /etc/vsftpd.conf
  # Use this to use vsftpd in standalone mode, otherwise it runs through (x)inetd
  listen=YES
  # The default compiled in settings are fairly paranoid. This sample file
  # loosens things up a bit, to make the ftp daemon more usable.
  # Please see vsftpd.conf.5 for all compiled in defaults.
  # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
  # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
  # capabilities.
  # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
  anonymous_enable=NO
  #anon_world_readable_only=YES
  listen_port=20
  # Uncomment this to allow local users to log in.
  local_enable=YES
  # Uncomment this to enable any form of FTP write command.
  #write_enable=YES
  # Default umask for local users is 077. You may wish to change this to 022,
  # if your users expect that (022 is used by most other ftpd's)
  #local_umask=022
  max_clients=1
  # Uncomment this to allow the anonymous FTP user to upload files. This only
  # has an effect if the above global write enable is activated. Also, you will
  # obviously need to create a directory writable by the FTP user.
  #anon_upload_enable=YES
  # Uncomment this if you want the anonymous FTP user to be able to create
  # new directories.
  #anon_mkdir_write_enable=YES
  # Activate directory messages - messages given to remote users when they
  # go into a certain directory.
  dirmessage_enable=YES
  # Activate logging of uploads/downloads.
  xferlog_enable=YES
  # Make sure PORT transfer connections originate from port 20 (ftp-data).
  connect_from_port_20=YES
  # If you want, you can arrange for uploaded anonymous files to be owned by
  # a different user. Note! Using "root" for uploaded files is not
  # recommended!
  #chown_uploads=YES
  #chown_username=whoever
  # You may override where the log file goes if you like. The default is shown
  # below.
  xferlog_file=/var/log/vsftpd.log
  # If you want, you can have your log file in standard ftpd xferlog format.
  # Note that the default log file location is /var/log/xferlog in this case.
  xferlog_std_format=YES
  # You may change the default value for timing out an idle session.
  #idle_session_timeout=600
  # You may change the default value for timing out a data connection.
  #data_connection_timeout=120
  # It is recommended that you define on your system a unique user which the
  # ftp server can use as a totally isolated and unprivileged user.
  #nopriv_user=ftpsecure
  # Enable this and the server will recognise asynchronous ABOR requests. Not
  # recommended for security (the code is non-trivial). Not enabling it,
  # however, may confuse older FTP clients.
  #async_abor_enable=YES
  # By default the server will pretend to allow ASCII mode but in fact ignore
  # the request. Turn on the below options to have the server actually do ASCII
  # mangling on files when in ASCII mode.
  # Beware that on some FTP servers, ASCII support allows a denial of service
  # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
  # predicted this attack and has always been safe, reporting the size of the
  # raw file.
  # ASCII mangling is a horrible feature of the protocol.
  #ascii_upload_enable=YES
  #ascii_download_enable=YES
  # You may fully customise the login banner string:
  ftpd_banner=you're in dipshit!.
  # You may specify a file of disallowed anonymous e-mail addresses. Apparently
  # useful for combatting certain DoS attacks.
  #deny_email_enable=YES
  # (default follows)
  #banned_email_file=/etc/vsftpd.banned_emails
  # You may specify an explicit list of local users to chroot() to their home
  # directory. If chroot_local_user is YES, then this list becomes a list of
  # users to NOT chroot().
  chroot_local_user=YES
  #chroot_list_enable=YES
  # (default follows)
  #chroot_list_file=/etc/vsftpd.chroot_list
  # You may activate the "-R" option to the builtin ls. This is disabled by
  # default to avoid remote users being able to cause excessive I/O on large
  # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
  # the presence of the "-R" option, so there is a strong case for enabling it.
  #ls_recurse_enable=YES
  # When "listen" directive is enabled, vsftpd runs in standalone mode and
  # listens on IPv4 sockets. This directive cannot be used in conjunction
  # with the listen_ipv6 directive.
  listen=YES
  # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
  # sockets, you must run two copies of vsftpd with two configuration files.
  # Make sure, that one of the listen options is commented !!
  #listen_ipv6=YES
  userlist_enable=YES
  userlist_file=/etc/vsftpd.user_list #this contains 'root', as i didn't want any root logins
  pasv_enable=YES
  pasv_min_port=XXXXX
  pasv_max_port=XXXXX
  pasv_address=XXX.XX.XXX.XX
  hide_file={Mail,mail} #hides certain directories and files,
  ssl_enable=YES
  allow_anon_ssl=NO
  force_local_data_ssl=YES
  force_local_logins_ssl=YES
  ssl_tlsv1=YES
  ssl_sslv2=NO
  ssl_sslv3=NO
  rsa_cert_file=/etc/vsftpd/vsftpd.pem
  require_ssl_reuse=NO
  so basically i just wanted to download certain media files to my android as and when necessary. no need for any uploads to be enabled. i suppose to be really secure i should stop being so lazy and create a local user that can only acess the media directories. i've basically chrooted my normal user login and hidden things in the home directory.
  thanks for that fr33ke. so if i couple this encryption with a special user with really strict permissions will this be very secure? or will this forwarded port on my router always be a security risk?

• How do i decide what files iCloud does and does not upload/store?

  Hello,
  I am in the process of uploading my music to the iCloud.
  This includes music from the iMatch facility that I am subscribed to as well as other music that I need to upload because it’s not available in the ITunes store.
  I have a question?
  How do I control what files/playlists etc are uploaded to the cloud??
  As at present I only have 50GB of storage, how to I best manage this to see what I have and check I upload all that I want?
  In the same way as doing a standard sync with your iPod/iphone to your PC, you can control what playlists and tracks that you add and which you don’t?
  How in essence do I do this with ICLOUD and prioritize what it holds??
  Appreciate your feedback folks
  Simon.

  Hi Kirk,
  Thank you for your response.
  I was under the impression that the limit was 50GB max or 25,000 files whichever came first?
  I have a total of 80gb :-)
  Anyway, if the limit is 50GB and say for somereason i only wanted to upload 3/4 of my files to the cloud, how do i detrmine which ones are uploaded and stored via match or non match upload and which remain outisde the cloud?
  Can this be done?
  Regards
  Simon.

• Why can't Apple make 'publish changes only' for non .mac users?

  The recent iWeb update to 1.1 and the now increasingly obvious differential between .mac and non .mac features has prompted me to post here today.
  I can understand comments, passwords and search facilities being a .mac only experience because it requires server side technology. I can also understand that .mac users get enhanced features like slideshows as well.
  But why is the fundamentally *basic* option to 'publish the changes only' not available to non .mac users?
  I know uploading to .mac uses a different protocol to uploading via FTP, but I don't think it is about that. Obviously the software engine in iWeb 1.1 can now track the pages that have changed, and flag those for uploading. So if the facility to do this is not available with non .mac uploading, is this some form of crippleware? Can any software engineers comment on this or am I talking off the top of my head? [And please mods, don't delete this post - I use the word 'crippleware' in its harshest form, clearly I can still use iWeb to make fantastic websites - I am asking a technical question here.]
  Michael
  A Trusty Quicksilver G4 Dual 1GHz

  OK, from reading this thread:
  http://discussions.apple.com/thread.jspa?threadID=486335&tstart=0
  There is a pattern: An error occurred while publishing file “/blah/blah", while file "/blah/blah" seems to be random from one person to the next, but they all share one thing and that is communication protocol.
  For iWeb to be able to publish changes to .Mac, it has to:
  1. identify if the file exists
  2. do the following:
  2a. if not exists, copy it to .Mac
  2b. if exist, do some sort comparison - CRC checksum -
  2b1. if checksums match, don't copy
  2b2. if checksums don't match copy it to .Mac
  At least I think that's what going on, I don't have .Mac so that is best I can think of. Perhaps, some Apple SW engineers can jump in here.
  Now, the bad part is iWeb has to (and I'm assuming iWeb uses WebDAV):
  1. go thru each file locally
  2. crawl its way into .Mac (WebDAV is a slow protocol) to find the the counter part.
  3. when it finds a file that matches a client side file, it has to (some how) do checksum on-the-fly across the net work (which is slow and congested)
  #3 is I think where it failed, there are many factors here: 1) networks congestion 2) latency 3) protocol overhead 4) checksum calculation time etc...
  iWeb eventually times out because any/all of the above.
  It's nice that WebDAV can author to the host yada, yada, but it's so SLOOOOOW.
  What I would do is for every publishing, I would build a files and their checksums keep it on the host (or local, must be hidden).
  For subsequence publishing, I would (use a fast protocol like FTP) download this pre-built files/checksums list. Locally, do a full publishing, making checksum comparison, the result is delta changes; upload only those. Build a new files/checksums list upload that too.
  What I mean to say is offload everything that is possible to local machine, bandwidth is PREMIUM!

• Making names used to create comments anonymous

  Is there any way to make user names in comments anonymous?
  We receive several hundred PDFs of academic/medical/science research each year, many of which have previously applied comments embedded.
  We are looking for a quick way of changing the user name in the comments to something like 'Anonymous'.
  The PDFs are subsequently sent to other researchers for blind peer review, and it is important that the PDFs contain no indication of who authored or commented on the document previously.
  We know that we can change names in comments one by one using Properties. What we want is a global way of changing/replacing the user names used to create previously applied comments and sticky notes.
  Using Acrobat 9 on Mac OS X 10.5.4.

  I tried using AppleScript, but the Acrobat dictionary doesn't give access to the author (or at least I couldn't easily figure it out with my limited knowledge of AppleScript). I just tried this in Acrobat Pro 8 on Mac, and the following works.
  Under the comments menu, export the comments to a data file. The default is the same name with an "fdf" extension, so if you start with an fdf file, make sure to change the name before saving. Open this file in a text editor (I use TextMate) and you will see something that is mostly text. Do a search for the login name. You will find that it is enclosed in parentheses with a "T" tag. Simply do global replace on "T(login-name)" with "T(Anonymous)" and save the file. You could probably automate this with a sed (awk, perl or similar) script, or even Applescript.
  Open up the original pdf with comments in Acrobat Pro, then import comments (under the Comments menu). All of the non-anonymous comments will be replaced with the same anonymous ones.
  I tried the same on a copy of the original file (without exporting comments), and it really messed up that file, although I'm guessing that it might have worked if the new name and old name had the same number of characters.

• How to upload entire Directory / Multiple Files

  Dear Friends,
  I am trying to design a very user friendly servlet page for uploading multiple files from a PC to Unix server. I need some suggestion on what java library or ftp client to use for this.
  Details:
  There are about 8 files to upload (sized ranging from 200kb to 60MB, The files are a mix of binary and ascii data). I don't want the user to have to click on the browse form button on the webpage 8 times to select the files. In fact all of the files will reside in a directory with a barcode as the name.
  I would like to have the user simply select the directory and submit the form. I will then have a parser that is automatically invoked to parse these files, verify the formats and use the data to populate the next page that is shown to the user for data confirmation.
  The hardest part for me is figuring out what tool to use for the upload section. Any suggestion on what tool (FTP client library, etc.) would be highly appreciated.
  In the forum I found lots of examples for uploading single files but none for uploading entire directory or just multiple files. Am I asking the wrong question? Are there any example out there that I can look?
  I do not favor using a full blown ftp tool on the side because I think it increases the chance for user errors. (miss selecting a file, wrong directory, ascii vs binary).
  Thanks,
  Wayne Chen
  [email protected]

  There are two ways to upload multiple files:
  1. Package them all into a zip file on the client, upload that file, unpackage them on the server.
  2. Upload one file at a time.
  If you're asking about servlets then you can't do number 1 because you can't access the files on the client. And you've said you don't want to have the client upload the files one at a time. From this it follows that you need some logic on the client that can either zip and upload the files, or upload the files one at a time, without requiring user intervention. The Java form of client-side logic from a website is an applet. In this case you would have to sign the applet, since an applet can't access the client's file system without the client's permission.