Google Site SearchFN Site Search FN Blog Login FN Blog Login
Site Navigation:
 
 

Creating a local yum repository

by Alexandre de Abreu

Permissions and Access Method

You can put the script in any directory, /usr/local/bin is a good choice. We don't encourage you to run the script as root user for obvious security reasons, so I chose the user "alex" to be the one responsible for managing the repository script and directories but you can choose any unprivileged user you want.

First assign execute permission only to script's owner:

# chmod 700 /usr/local/bin/yum_repository.sh

And then change script's ownership, since we only want "alex" to executes it:

# chown alex /usr/local/bin/yum_repository.sh

We'll have to choose where the packages will reside on the disk. The answer for this question will depends on access method to the repository. Yum supports HTTP and FTP protocols, so you'll have to choose one. Note that you can use both methods, but this is not the focus of this article.

Configuring the FTP Server

For this article we'll use FTP as the access method to the repository, you can download the default FTP Server that comes with FC1 and use the following configuration for setup an "Anonymous FTP Server":

# This is my /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
local_enable=NO
write_enable=NO
local_umask=022
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=YES
ftpd_banner=Service ready for use.
To start the FTP server, execute the command: # service vsftpd start

With this setup only anonymous access will be allowed and any write attempt will be denied and logged, the "tcp_wrappers" option allows you to restrict the FTP access by IP address, issue the command "man hosts.allow" for more details about security restrictions.

Any user that tries to log to the FTP server will receive the message below:

$ ftp localhost
Connected to localhost (127.0.0.1).
220 Service ready.
Name (localhost:alex): alex
530 This FTP server is anonymous only.
Login failed.
ftp>

The "anonymous" user is mapped to "ftp" user by default, so the root of our FTP server will be the home directory of the ftp user. If you see /etc/passwd you'll realize that the home directory of the user ftp is "/var/ftp":

$ grep ^ftp /etc/passwd
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

Try to login to your FTP server using the user "anonymous" or "ftp" with blank password, you'll see only the "pub" directory, it's the default:

$ ftp localhost
Connected to localhost (127.0.0.1).
220 Service ready.
Name (localhost:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (127,0,0,1,175,104)
150 Here comes the directory listing.
drwxr-xr-x    3 0        0            4096 Feb 19 01:11 pub
226 Directory send OK.
ftp>

Click on the blue arrow to continue.