Re: [Fed-Talk] Security Update Broke my ftp service (Very important)
Re: [Fed-Talk] Security Update Broke my ftp service (Very important)
- Subject: Re: [Fed-Talk] Security Update Broke my ftp service (Very important)
- From: "Michael Pike" <email@hidden>
- Date: Wed, 25 Apr 2007 17:57:59 -0600
There are many OS X"isms" that make OS X a great OS on the server and
the client.. I'm not complaining about the deviation from other
*nix's... but in the example provided, a common Mac OS X User does not
know where Apache config files are, they do not know they can restart
apache with "apachectl restart" and not use Server Admin.
One of the great things about OS X is the "standard" across OS X
itself. I've spent HOURS and HOURS writing installers to go into
Windows systems and between looking at all the versions
(2000/XP/2003/Vista) one thing breaks all the others and by the time
you get it to work on all of them, hours have went by for the
equivalent of what took me less than two minutes on the OS X side.
Mac users are used to "anything I put into the Sites folder will go on
the web"... and that's the beauty of OS X. Redhat, Suse, AIX, etc are
not nearly as easy. I'm not saying Roy is that simple (because he's
not), but I am sure there are thousands of OS X Server admins that
know to click Software Update, Server Admin and that's it.
On the same token (and I can say this because I have an MCSE which is
worthless), I cannot tell you how many of my "counterparts" that are
entrusted to run windows based servers know nothing more than to
install patch, reboot, try again, check for more patches, reboot.
mike
On 4/25/07, Dave Schroeder <email@hidden> wrote:
Mike,
I'll be the first person in the "Apple's got a looong way to go in
some areas with Mac OS X Server" line. Not the least of which is this
dichotomy between wanting to be the server that you can run with a
GUI - except when you can't - type paradigm.
But as to the oddities of Mac OS X Server, and even changes between
versions of Mac OS X Server, Mac OS X Server really isn't different
in that respect from any other UNIX variant. OK, maybe a little more
different, but the larger point is that if you're administering Mac
OS X Server systems, you need to know these things, plain and simple.
I run Mac OS X Server in many environments over Linux for many
reasons that are probably similar to your own reasons. But, as Mac OS
X Server administrators, we must be knowledgeable about the things
that make Mac OS X Server different and the ways it functions
differently. But if you look across AIX, Solaris, Linux, etc., you're
going to see the same kinds of differences. And things like where
apache's default root web documents folder is are really not that
important...a quick look at the config files for apache, php, tomcat,
etc., and you can see how things are done. Are some things odd? Sure.
But that's one of the tradeoffs of what are presumably the benefits
to running Mac OS X Server, right?
- Dave
On Apr 25, 2007, at 6:36 PM, Michael Pike wrote:
> I bet every MCSE on here took offense to that! :)
>
> In Roy's defense, Apple has changed a lot of the standard items..
> plist files being one of them. Normally all of this is handled out of
> the /etc directory with various .conf files.
>
> I had to search for the plist because it was not where a standard Unix
> conf file would be.
>
> The only reason I know what I do is because I came from Linux before
> OS X... most Mac users are used to things just working.
>
> If you want to be technical nothing in OS X is "standard" as compared
> to it's Unix counter parts... "php.ini.default"???...
> /Library/WebServer/Documents/ for Apache?
>
> I love Apple don't get me wrong, but the mistake that was made with
> this update should not have happened... it's plain to see they
> modified the ftp daemon processes - they should have tested it (on
> both platforms) before releasing it. Or maybe it was just an
> oversight.
>
> With that being said, I truly love OS X Server, more so than linux,
> but, there is nothing in the world more powerful than a terminal
> window, and to this day I still have to tweak settings in every OS X
> server we set up from the terminal because the GUI utils don't work
> right.
>
> Mike
>
>
> On 4/25/07, Dave Schroeder <email@hidden> wrote:
>> People who "aren't familiar" with how to navigate to a simple path on
>> a UNIX system, and edit a file, should not be running servers...
>>
>> - Dave
>>
>> On Apr 25, 2007, at 1:18 PM, Michael Pike wrote:
>>
>> > Good ol' Macintouch! Anyhow, I wrote an installer / patcher that
>> > will fix this on OS X Server if anyone wants it. It will not
>> allow me
>> > to attach here, email off list if you need it. Click once, enter
>> > admin PW, reboot, fixed.
>> >
>> > A lot easier than navigating and finding the .plist file if you
>> aren't
>> > familar with where they are.
>> > mike
>> >
>> >
>> > On 4/25/07, Roy Mendelssohn <email@hidden> wrote:
>> >> Ok - I am dumb - how do I put that into a plist file. And why
>> hasn't
>> >> anyone from Apple responded. I have wasted 3 full days dealing
>> with
>> >> the fact that our ftp servers were toasted. The silence was
>> >> deafening. Would one of the Apple people on this list please have
>> >> the gumption to give an actual response.
>> >>
>> >> -Roy M.
>> >> On Apr 25, 2007, at 10:44 AM, Rich Trouton wrote:
>> >>
>> >> > It looks like Macintouch has the explanation for this in its
>> latest
>> >> > reader reports: http://www.macintouch.com/readerreports/
>> security/
>> >> > index.html#apr25
>> >> >
>> >> > See Guillaume Gete's entry.
>> >> >
>> >> > Thanks,
>> >> > Rich
>> >> >
>> >> > On Apr 24, 2007, at 12:09 PM, Roy Mendelssohn wrote:
>> >> >
>> >> >> The security update has broken most of my ftp services. A
>> system
>> >> >> that was working fine is now broken. It does not automatically
>> >> >> recognize where the new FTPRoot is, anonymous can nor download
>> >> from
>> >> >> directories where they use to be able to (permission
>> denied) and
>> >> >> when I change settings using the GUI, no new settings occur.
>> >> >>
>> >> >> Something has been severely broken in this change. Can someone
>> >> >> knowledgeable from Apple please give me a call. We provide
>> >> data to a
>> >> >> lot of people and this has broken ftp on 3 different servers
>> >> with 3
>> >> >> different configurations.
>> >> >>
>> >> >> Thanks,
>> >> >>
>> >> >> -Roy M,
>> >> >> **********************
>> >> >> "The contents of this message do not reflect any position of
>> >> the U.S.
>> >> >> Government or NOAA."
>> >> >> **********************
>> >> >> Roy Mendelssohn
>> >> >> Supervisory Operations Research Analyst
>> >> >> NOAA/NMFS
>> >> >> Environmental Research Division
>> >> >> Southwest Fisheries Science Center
>> >> >> 1352 Lighthouse Avenue
>> >> >> Pacific Grove, CA 93950-2097
>> >> >>
>> >> >> e-mail: email@hidden (Note new e-mail address)
>> >> >> voice: (831)-648-9029
>> >> >> fax: (831)-648-8440
>> >> >> www: http://www.pfeg.noaa.gov/
>> >> >>
>> >> >> "Old age and treachery will overcome youth and skill."
>> >> >>
>> >> >>
>> >> >>
>> >> >> _______________________________________________
>> >> >> Do not post admin requests to the list. They will be ignored.
>> >> >> Fed-talk mailing list (email@hidden)
>> >> >> Help/Unsubscribe/Update your Subscription:
>> >> >> 40mail.nih.gov
>> >> >>
>> >> >> This email sent to email@hidden
>> >> >>
>> >> >
>> >> > ---
>> >> >
>> >> > Rich Trouton (Contractor)
>> >> > LAN Support
>> >> > email@hidden
>> >> > -----------------------------------------------------------
>> >> > National Human Genome Research Institute
>> >> > National Institutes of Health — Bethesda, MD
>> >> >
>> >> > Office number:
>> >> > (240) 643-7816
>> >> >
>> >> > NHGRI LAN Support number:
>> >> > (301) 402-7408
>> >> >
>> >> > The best way to get in touch with me is through email.
>> >> >
>> >> >
>> >>
>> >> **********************
>> >> "The contents of this message do not reflect any position of
>> the U.S.
>> >> Government or NOAA."
>> >> **********************
>> >> Roy Mendelssohn
>> >> Supervisory Operations Research Analyst
>> >> NOAA/NMFS
>> >> Environmental Research Division
>> >> Southwest Fisheries Science Center
>> >> 1352 Lighthouse Avenue
>> >> Pacific Grove, CA 93950-2097
>> >>
>> >> e-mail: email@hidden (Note new e-mail address)
>> >> voice: (831)-648-9029
>> >> fax: (831)-648-8440
>> >> www: http://www.pfeg.noaa.gov/
>> >>
>> >> "Old age and treachery will overcome youth and skill."
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> Do not post admin requests to the list. They will be ignored.
>> >> Fed-talk mailing list (email@hidden)
>> >> Help/Unsubscribe/Update your Subscription:
>> 40gmail.com
>> >>
>> >> This email sent to email@hidden
>> >>
>> >
>> >
>> > --
>> > Michael Pike
>> > iChat/AIM: email@hidden
>> > Jabber / GoogleTalk: email@hidden
>> > Windows Live Messenger: email@hidden
>> > Yahoo Messenger: email@hidden
>> > _______________________________________________
>> > Do not post admin requests to the list. They will be ignored.
>> > Fed-talk mailing list (email@hidden)
>> > Help/Unsubscribe/Update your Subscription:
>> >
>> > This email sent to email@hidden
>>
>>
>>
>
>
> --
> Michael Pike
> iChat/AIM: email@hidden
> Jabber / GoogleTalk: email@hidden
> Windows Live Messenger: email@hidden
> Yahoo Messenger: email@hidden
--
Michael Pike
iChat/AIM: email@hidden
Jabber / GoogleTalk: email@hidden
Windows Live Messenger: email@hidden
Yahoo Messenger: email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden