Re: [Fed-Talk] Security Update Broke my ftp service (Very important)
Re: [Fed-Talk] Security Update Broke my ftp service (Very important)
- Subject: Re: [Fed-Talk] Security Update Broke my ftp service (Very important)
- From: Dave Schroeder <email@hidden>
- Date: Wed, 25 Apr 2007 18:40:43 -0500
Roy,
If you know how to do this, fine. I was only basing my response on
your query of "how do I put this into a plist". Whether it is ascii
or binary, that is a basic task on Mac OS X. If you do in fact know
how to do these things, great, because that's a prerequisite for
running Mac OS X Server systems.
As to the security update breaking FTP, I completely agree. That was
a big QA miss, plain and simple. I don't know, though, how you spent
all this time laboring to fix it. This list and Apple's discussion
forums are not a support channel in any respect whatsoever.
The only channel is AppleCare, and not front-line AppleCare, but
Apple's server and enterprise support channels. Or, possibly your
account's SE. Had you tried either channel? If you did, unless you
had horribly bad luck, this problem already would have been solved,
as Apple was internally aware of the issue almost immediately.
For what it's worth, further, this issue doesn't affect all Mac OS X
Server systems. For instance, I have two servers running the Mac OS X
Server ftp services that were not affected, because of the way they
were configured. So it wasn't a guarantee that the service would
break, either. Again, this isn't an excuse for the QA lapse on the
installer. But these things happen, and, to be truthful, FTP is
definitely not the most used or the highest testing priority service
for Apple on Mac OS X Server. That, again, does not excuse the lapse
or diminish your problem; I'm simply stating a fact.
I think the takeaway for people from this situation, hopefully, is
that AppleCare (again, AppleCare support specific to Mac OS X Server)
is the proper support channel for such problems, because problems and
mistakes WILL happen. Apple is not immune any more than Sun, IBM, Red
Hat, or Microsoft, and they've all had doozies.
- Dave
On Apr 25, 2007, at 6:17 PM, Roy Mendelssohn wrote:
Some of the Mac plist are stored in binary, This one is not - I
didn't check it first to see if I it was text of binary. I know
perfectly well how to do the things you mentioned. In fact, I know
perfectly well how to waste hours of 3 very long days writing
kludges to keep our data flows going because all the scripts people
used to send or get data to/from us were broken. This included the
ftp server not recognizing the alternative ftproot we had set up,
to changing where logins went to by default to changing whether
there were links in home directories to the correct ftproot to
setting permissions incorrectly for files put in the outgoing
directory for people to upload. The server was essentially
ignoring information in the ftpaccess file, so no matter how that
was edited there were no changes in the problems. Command line
changes also didn't help.
When you are dealing with 1000's of files during a day and 20-30
providers/users all of whom are seeing what had been working break
in different ways and I am trying to solve them all on several
servers, I can only apologize that I didn't check to see if the
plist was a binary or a text file.
I purposely waited several day's before applying the security
update - there was nothing posted that there was a problem. It
pretty much totally fried our FTP services. I was here 14 hours
per day trying to fix it. I am still working on trying to recover
the data we lost.
The quality control on this release must have been close to zero,
because if they had applied their own installer to a system running
any kind of ftp service they would have noted the problem immediately.
I am sorry - you can put down my capabilities all you want but I
still find Apple's response to all of this unacceptable.
My $0.02.
-Roy M.
On Apr 25, 2007, at 3:44 PM, Dave Schroeder wrote:
People who "aren't familiar" with how to navigate to a simple path
on a UNIX system, and edit a file, should not be running servers...
- Dave
On Apr 25, 2007, at 1:18 PM, Michael Pike wrote:
Good ol' Macintouch! Anyhow, I wrote an installer / patcher that
will fix this on OS X Server if anyone wants it. It will not
allow me
to attach here, email off list if you need it. Click once, enter
admin PW, reboot, fixed.
A lot easier than navigating and finding the .plist file if you
aren't
familar with where they are.
mike
On 4/25/07, Roy Mendelssohn <email@hidden> wrote:
Ok - I am dumb - how do I put that into a plist file. And why
hasn't
anyone from Apple responded. I have wasted 3 full days dealing
with
the fact that our ftp servers were toasted. The silence was
deafening. Would one of the Apple people on this list please have
the gumption to give an actual response.
-Roy M.
On Apr 25, 2007, at 10:44 AM, Rich Trouton wrote:
> It looks like Macintouch has the explanation for this in its
latest
> reader reports: http://www.macintouch.com/readerreports/security/
> index.html#apr25
>
> See Guillaume Gete's entry.
>
> Thanks,
> Rich
>
> On Apr 24, 2007, at 12:09 PM, Roy Mendelssohn wrote:
>
>> The security update has broken most of my ftp services. A
system
>> that was working fine is now broken. It does not automatically
>> recognize where the new FTPRoot is, anonymous can nor
download from
>> directories where they use to be able to (permission denied)
and
>> when I change settings using the GUI, no new settings occur.
>>
>> Something has been severely broken in this change. Can someone
>> knowledgeable from Apple please give me a call. We provide
data to a
>> lot of people and this has broken ftp on 3 different servers
with 3
>> different configurations.
>>
>> Thanks,
>>
>> -Roy M,
>> **********************
>> "The contents of this message do not reflect any position of
the U.S.
>> Government or NOAA."
>> **********************
>> Roy Mendelssohn
>> Supervisory Operations Research Analyst
>> NOAA/NMFS
>> Environmental Research Division
>> Southwest Fisheries Science Center
>> 1352 Lighthouse Avenue
>> Pacific Grove, CA 93950-2097
>>
>> e-mail: email@hidden (Note new e-mail address)
>> voice: (831)-648-9029
>> fax: (831)-648-8440
>> www: http://www.pfeg.noaa.gov/
>>
>> "Old age and treachery will overcome youth and skill."
>>
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> 40mail.nih.gov
>>
>> This email sent to email@hidden
>>
>
> ---
>
> Rich Trouton (Contractor)
> LAN Support
> email@hidden
> -----------------------------------------------------------
> National Human Genome Research Institute
> National Institutes of Health — Bethesda, MD
>
> Office number:
> (240) 643-7816
>
> NHGRI LAN Support number:
> (301) 402-7408
>
> The best way to get in touch with me is through email.
>
>
**********************
"The contents of this message do not reflect any position of the
U.S.
Government or NOAA."
**********************
Roy Mendelssohn
Supervisory Operations Research Analyst
NOAA/NMFS
Environmental Research Division
Southwest Fisheries Science Center
1352 Lighthouse Avenue
Pacific Grove, CA 93950-2097
e-mail: email@hidden (Note new e-mail address)
voice: (831)-648-9029
fax: (831)-648-8440
www: http://www.pfeg.noaa.gov/
"Old age and treachery will overcome youth and skill."
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40gmail.com
This email sent to email@hidden
--
Michael Pike
iChat/AIM: email@hidden
Jabber / GoogleTalk: email@hidden
Windows Live Messenger: email@hidden
Yahoo Messenger: email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40noaa.gov
This email sent to email@hidden
**********************
"The contents of this message do not reflect any position of the
U.S. Government or NOAA."
**********************
Roy Mendelssohn
Supervisory Operations Research Analyst
NOAA/NMFS
Environmental Research Division
Southwest Fisheries Science Center
1352 Lighthouse Avenue
Pacific Grove, CA 93950-2097
e-mail: email@hidden (Note new e-mail address)
voice: (831)-648-9029
fax: (831)-648-8440
www: http://www.pfeg.noaa.gov/
"Old age and treachery will overcome youth and skill."
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden