# Need recommendation on FTP package



## dpalme (Jul 31, 2012)

It appears that Proftpd is now marked as broken, so I need to install a new ftp package....any suggestions on one that is easy to maintain?


----------



## dave (Jul 31, 2012)

Try ftp/pure-ftpd - it's a good one.  It has loads of features and is easy to setup.  Specifically, I liked it for its support atomic uploads, which makes it good for editing web sites, which is what I used it for.  I don't use it anymore, because I no longer allow FTP at all, but I used it for a long time, and it always did the job.

More: http://www.pureftpd.org/


----------



## SirDice (Jul 31, 2012)

It was only broken on SPARC. Update your ports, it has been "unbroken".

http://www.freebsd.org/cgi/cvsweb.cgi/ports/ftp/proftpd/Makefile


----------



## vermaden (Jul 31, 2012)

@dpalme

If You want something secure and simple then try ftp/vsftpd.


----------



## dpalme (Aug 1, 2012)

I just updated my ports collection with portsnap fetch, portsnap extract, portsnap update and its still showing as broken.


----------



## Ogham (Aug 1, 2012)

dpalme said:
			
		

> I just updated my ports collection with portsnap fetch, portsnap extract, portsnap update and its still showing as broken.



It does seem to be ok according to http://www.freshports.org/ftp/proftpd/

There are also -stable packages for the latest version on the ftp mirrors (I only checked amd64 and i386).


----------



## dpalme (Aug 2, 2012)

well I have updated the ports collection multiple times and it still shows the old broken version of proftpd.


----------



## SirDice (Aug 2, 2012)

Can you post the exact error message you're getting when you try to build it?


----------



## dpalme (Aug 2, 2012)

```
www# make clean install
===>  Cleaning for proftpd-1.3.4a_3
===>  proftpd-1.3.4a_3 is marked as broken: __FreeBSD_libc_enter_restricted_mode is not supported.
*** Error code 1

Stop in /usr/ports/ftp/proftpd.
www#
```


----------



## SirDice (Aug 2, 2012)

You seem to be missing FreeBSD-SA-11:07.chroot.

Is your base system up to date?


----------



## dpalme (Aug 2, 2012)

I updated the ports tree with the portsnap commands but it never updates this port beyond this version.

Suggestions?


----------



## dpalme (Aug 2, 2012)

OS level:

```
FreeBSD www 7.1-RELEASE-p5 FreeBSD 7.1-RELEASE-p5 #0: Wed May  6 18:10:51 PDT 2009     [emaildeleted[/email]:/usr/obj/usr/src/sys/GENERIC  i386
```


----------



## chatwizrd (Aug 2, 2012)

Im pretty sure your 7.1 FreeBSD is extremely outdated and no longer supported. You should considering moving to 8.x or 9.x.


----------



## dpalme (Aug 2, 2012)

Can that be done from remote?


----------



## dpalme (Aug 2, 2012)

I updated the OS per http://security.freebsd.org/advisories/FreeBSD-SA-11:07.chroot.asc

However proftpd still won't install and gives me the same reason as before.


----------



## chatwizrd (Aug 2, 2012)

Did you do the binary patch via [CMD="freebsd-update"][/CMD] or did you patch the source code?


----------



## chatwizrd (Aug 2, 2012)

Ugh it cut out my command.

Did you update with `# freebsd-update`.


----------



## dpalme (Aug 2, 2012)

Binary


----------



## dpalme (Aug 2, 2012)

```
FreeBSD www 7.1-RELEASE-p15 FreeBSD 7.1-RELEASE-p15 #0: Tue Nov  9 05:59:11 UTC 2010     [email]root@i386-builder.daemonology.net[/email]:/usr/obj/usr/src/sys/GENERIC  i386
```


----------



## chatwizrd (Aug 2, 2012)

Are you sure you ran the `# freebsd-update install` after `# freebsd-update fetch`.

It was supposed to update /usr/include/unistd.h with a new API which is what it is checking for.

If this command does not return 1 then something isn't right:


```
[CMD="#"]grep -c '__FreeBSD_libc_enter_restricted_mode' /usr/include/unistd.h[/CMD]
```


----------



## dpalme (Aug 2, 2012)

Yes I ran install after the fetch.  your command returns a 0 and here is what is returned when I run fetch:

```
www# freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 7.1-RELEASE from update4.FreeBSD.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 7.1-RELEASE-p16.

WARNING: FreeBSD 7.1-RELEASE-p15 HAS PASSED ITS END-OF-LIFE DATE.
Any security issues discovered after Mon Jan 31 17:00:00 MST 2011
will not have been corrected.
www#
```


----------



## chatwizrd (Aug 2, 2012)

Oh based on that warning I would guess it never applied this patch. This patch was recently released in 2012.

You should start by reading the handbook on how to upgrade to newer release of FreeBSD.


----------



## dpalme (Aug 3, 2012)

Ok, 
We got another box up with freebsd 9:

```
FreeBSD www 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:46:30 UTC 2012     [email]root@farrell.cse.buffalo.edu[/email]:/usr/obj/usr/src/sys/GENERIC  amd64
```

I installed the portmaster(8) port so I can update all the ports before I start transferring our data....but I ran into an issue that maybe you can help with.  On the old box all I had to do to run portmaster(8) was literally type in *portmaster*.....this new box won't do that, I have to type */usr/local/sbin/portmaster -L*
Is there a way to make it so I don't have to do that?


----------



## dpalme (Aug 3, 2012)

One final question, how do I make sure that I keep the box updated on the OS but without getting myself out there on the bleeding edge?


----------



## SirDice (Aug 3, 2012)

dpalme said:
			
		

> On the old box all I had to do to run portmaster(8) was literally type in *portmaster*.....this new box won't do that, I have to type */usr/local/sbin/portmaster -L*
> Is there a way to make it so I don't have to do that?


If you installed something new, run *rehash*. Then it'll work as you expected.



			
				dpalme said:
			
		

> One final question, how do I make sure that I keep the box updated on the OS but without getting myself out there on the bleeding edge?



Stick to 9.0-RELEASE. You'll be fine for the next couple of years. When 9.1 comes out you can upgrade to that without issues.

Sign up for the freebsd-security-notifications@ mailing list. If there's a security patch available you'll be notified.


----------

