Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st October 2006, 01:58
gabrix gabrix is offline
Senior Member
 
Join Date: Sep 2006
Location: Napoli
Posts: 186
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via MSN to gabrix Send a message via Yahoo to gabrix Send a message via Skype™ to gabrix
Default proftpd anonymous login

On a debian sarge kernel 2.6 i'm using proftpd as anonymous ftp and as anoymous it should let me in any password i give as email address and that's what i get once i login:
Code:
Looking up ftp.cacca.cx
Trying mail.cacca.cx:21
Connected to ftp.cacca.cx:21
220 87.3.151.95 FTP server ready
USER anonymous

331 Anonymous login ok, send your complete email address as your password.
PASS xxxx
230-Welcome, archive user anonymous@mail.gabrix.ath.cx !
230-
230-The local time is: Sat Oct 21 01:51:30 2006
230-
230-This is an experimental FTP server.  If have any unusual problems,
230-please report them via e-mail to <gabrix@gabrix.ath.cx>.
230-
230 Ciao anonymous.
SYST

215 UNIX Type: L8
TYPE I

200 Type set to I
PWD

257 "/" is current directory.
Loading directory listing / from server (LC_TIME=en_GB)
PASV

227 Entering Passive Mode (87,3,151,95,234,251).
Cannot create a data connection: Connection refused
Disconnecting from site ftp.gabrix.ath.cx
I cancelled from /etc/pam.d/proftpd anything refered to pam autentication:I'm using very permissive umask rules on proftpd.conf 011 011

P.S.
I just used ftp-ssl as client and it logged me in ... i'm using gftp ... i wonder what's wrong in its options....

Last edited by gabrix; 21st October 2006 at 02:05.
Reply With Quote
Sponsored Links
  #2  
Old 22nd October 2006, 15:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,732 Times in 2,569 Posts
Default

Quote:
Originally Posted by gabrix
I cancelled from /etc/pam.d/proftpd anything refered to pam autentication
You shouldn't have done this.

Did you try both active and passive transfers in your FTP client?

What's in /etc/proftpd.conf?

Quote:
Originally Posted by gabrix
P.S.
I just used ftp-ssl as client and it logged me in ... i'm using gftp ... i wonder what's wrong in its options....
You mean SFTP? It uses port 22 (SSH) and has nothing to do with normal FTP.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 25th October 2006, 08:47
gabrix gabrix is offline
Senior Member
 
Join Date: Sep 2006
Location: Napoli
Posts: 186
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via MSN to gabrix Send a message via Yahoo to gabrix Send a message via Skype™ to gabrix
Default

It doesn't log me in with any ftp client ... anyway this is my /etc/pam.d/proftpd.conf:
Quote:
#%PAM-1.0
#auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
#@include common-auth

# This is disabled because anonymous logins will fail otherwise,
# unless you give the 'ftp' user a valid shell, or /bin/false and add
# /bin/false to /etc/shells.
#auth required pam_shells.so

#@include common-account
#@include common-session
auth required pam_unix.so nullok
account required pam_unix.so
session required pam_unix.so
This is my proftpd.conf:
Quote:
#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

ServerName "anonymous ftp at gabrix.ath.cx"
ServerType standalone
ServerAdmin "gabrix@gabrix.ath.cx"
ServerIdent off
DeferWelcome off
IdentLookups off
RootLogin off
MasqueradeAddress "gabrix.ath.cx"
UseReverseDNS off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"
DenyFilter \*.*/
PersistentPasswd off
#TLSEngine on
#Quotas on
#Ratios on
Port 21
MaxInstances 30
User nobody
Group nogroup
Umask 022 022
AllowOverwrite on
DelayEngine on
ExtendedLog /var/log/proftpd.log ALL default
PassivePorts 60000 65534
DisplayFirstChdir .message
#AllowForeignAddress on
MaxClients 5 "Sorry, max %m users -- try again later"
DefaultRoot ~

<IfModule mod_auth_pam.c>
AuthPAM off
</IfModule>

<Limit Login>
Deny All
</Limit>

<Anonymous ~ftp>

<Limit Login>
Allow All
</Limit>

User ftp
Group nogroup
UserAlias anonymous ftp
DirFakeUser on ftp
DirFakeGroup on ftp
DirFakeMode 4777
RequireValidShell off
MaxClients 10
DisplayLogin welcome.msg
DisplayFirstChdir .message
AuthUsingAlias off
AnonRequirePassword off
# Limit WRITE everywhere in the anonymous chroot

<Directory *>
<Limit WRITE STORE SITE_CHMOD>
DenyAll
</Limit>
</Directory>


# Directory PUB
<Directory pub>
<Limit READ>
AllowAll
</Limit>
<Limit WRITE >
DenyAll
</Limit>
</Directory>

<Directory incoming>
Umask 011 011
<Limit READ WRITE>
DenyAll
</Limit>
<Limit STOR MKD XMKD >
AllowAll
</Limit>
</Directory>
</Anonymous>
I only want anonymous logins and users have an incoming dir where upload files and nothing else and a pub dir where download from and nothing else ... as you see i tried to disable the pam module which is on by default but not mandatory for logins as far as i know so it should let me in even if it's not been loaded :
Quote:
root@mail:~# lsof -n | grep proftpd
proftpd 10727 nobody cwd DIR 3,5 4096 2 /
proftpd 10727 nobody rtd DIR 3,5 4096 2 /
proftpd 10727 nobody txt REG 3,7 568812 384209 /usr/sbin/proftpd
proftpd 10727 nobody mem REG 3,5 90248 65987 /lib/ld-2.3.2.so
proftpd 10727 nobody mem REG 3,5 18876 66013 /lib/tls/libcrypt-2.3.2.so
proftpd 10727 nobody mem REG 3,5 11024 64015 /lib/libcap.so.1.10
proftpd 10727 nobody mem REG 3,5 28880 64128 /lib/libwrap.so.0.7.6
proftpd 10727 nobody mem REG 3,5 73304 66017 /lib/tls/libnsl-2.3.2.so
proftpd 10727 nobody mem REG 3,7 198576 368158 /usr/lib/i686/cmov/libssl.so.0.9.7
proftpd 10727 nobody mem REG 3,7 1029704 368157 /usr/lib/i686/cmov/libcrypto.so.0.9.7
proftpd 10727 nobody mem REG 3,5 30360 64109 /lib/libpam.so.0.76
proftpd 10727 nobody mem REG 3,5 1254660 66012 /lib/tls/libc-2.3.2.so
proftpd 10727 nobody mem REG 3,5 9872 66014 /lib/tls/libdl-2.3.2.so
proftpd 10727 nobody mem REG 3,5 34748 66020 /lib/tls/libnss_files-2.3.2.so
proftpd 10727 nobody mem REG 3,5 28616 66018 /lib/tls/libnss_compat-2.3.2.so
proftpd 10727 nobody mem REG 3,5 33440 66022 /lib/tls/libnss_nis-2.3.2.so
proftpd 10727 nobody 0u IPv4 46685 TCP *:ftp (LISTEN)
proftpd 10727 nobody 3w FIFO 0,7 46640 pipe
proftpd 10727 nobody 5r REG 3,5 734 98247 /etc/group
And i forgot :it's a debian sarge kernel 2.6.8-2-386 and :
Quote:
root@mail:~# proftpd -vv
- ProFTPD Version: 1.2.10 (stable)
- Scoreboard Version: 01040002
- Built: do mrt 22 18:28:32 CET 2001
- Module: mod_core.c
- Module: mod_xfer.c
- Module: mod_auth_unix.c
- Module: mod_auth_file.c
- Module: mod_auth.c
- Module: mod_ls.c
- Module: mod_log.c
- Module: mod_site.c
- Module: mod_auth_pam.c
- Module: mod_quotatab.c
- Module: mod_ratio.c
- Module: mod_tls.c
- Module: mod_rewrite.c
- Module: mod_radius.c
- Module: mod_wrap.c
- Module: mod_quotatab_file.c
- Module: mod_delay/0.4
- Module: mod_readme.c
- Module: mod_ifsession.c
- Module: mod_cap/1.0

Last edited by gabrix; 25th October 2006 at 08:53.
Reply With Quote
  #4  
Old 26th October 2006, 12:23
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,732 Times in 2,569 Posts
Default

Can you replace your anonymous FTP configuration with this?
Code:
        <Anonymous /path/to/ftp>
          User                          ftp
          Group                         nogroup
          UserAlias                     anonymous ftp
          UserAlias                     guest ftp
          MaxClients                    10
          <Directory *>
            <Limit WRITE>
              DenyAll
            </Limit>
          </Directory>
          <Directory /path/to/ftp/incoming>
            Umask                       002
            <Limit STOR>
              AllowAll
            </Limit>
            <Limit READ>
              DenyAll
            </Limit>
          </Directory>
        </Anonymous>
Make sure you replace /path/to/ftp and that the user ftp and the group nogroup exist.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 26th October 2006, 15:32
gabrix gabrix is offline
Senior Member
 
Join Date: Sep 2006
Location: Napoli
Posts: 186
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via MSN to gabrix Send a message via Yahoo to gabrix Send a message via Skype™ to gabrix
Default

Quote:
Looking up ftp.cacca.cx
Trying www.cacca.cx:21
Connected to ftp.cacca.cx:21
220 ProFTPD 1.2.10 Server (Debian) [192.168.1.4]
USER anonymous

331 Password required for anonymous.
PASS xxxx
530 Login incorrect.
Disconnecting from site ftp.cacca.cx
/home/ftp is owned by ftp:nogroup 644 ftp user has noshell in /etc/shells
I tryied the configuration you gave me and it doesn't let me in as anonymous ,but it does still as normal user,and still ... shows the server vesion .Basically that's the conf i'm actually using:
Quote:
ServerName "anonymous ftp at cacca.cx"
ServerType standalone
ServerAdmin "gabrix@cacca.cx"
ServerIdent off
DeferWelcome off
IdentLookups off
RootLogin off
MasqueradeAddress "cacca.cx"
UseReverseDNS off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"
DenyFilter \*.*/
PersistentPasswd off
Port 21
MaxInstances 30
User nobody
Group nogroup
Umask 022 022
AllowOverwrite on
DelayEngine on
ServerLog /var/log/proftpd.log
PassivePorts 60000 65534
DisplayFirstChdir .message
AllowForeignAddress on
MaxClients 10 "Sorry, max %m users -- try again later"
DefaultRoot ~

<Anonymous /home/ftp>
User ftp
Group nogroup
UserAlias anonymous ftp
UserAlias guest ftp
MaxClients 10

<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>


<Directory /home/ftp/incoming>
Umask 002
<Limit STOR>
AllowAll
</Limit>
<Limit READ>
DenyAll
</Limit>
</Directory>


<Directory /home/ftp/pub>
Umask 001
<Limit STOR WRITE>
DenyAll
</Limit>
<Limit READ>
AllowAll
</Limit>
</Directory>
</Anonymous>
I would like incoming dir for uploads and only uploads and a pub where only downloads are allowed
Quote:
gabrix@www:~$ ll /home/ftp/
total 12
drwxr-xr-x 2 ftp nogroup 4096 Oct 26 14:35 incoming
drwxr-xr-x 2 ftp nogroup 4096 Oct 26 14:35 pub
-rw-r--r-- 1 ftp nogroup 166 Sep 3 2005 welcome.msg

Last edited by gabrix; 26th October 2006 at 15:36.
Reply With Quote
  #6  
Old 27th October 2006, 15:04
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,732 Times in 2,569 Posts
Default

Quote:
Originally Posted by gabrix
/home/ftp is owned by ftp:nogroup 644 ftp user has noshell in /etc/shells
What do you mean with that?
What's the output of
Code:
grep ftp /etc/passwd
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 27th October 2006, 15:14
gabrix gabrix is offline
Senior Member
 
Join Date: Sep 2006
Location: Napoli
Posts: 186
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via MSN to gabrix Send a message via Yahoo to gabrix Send a message via Skype™ to gabrix
Default

Quote:
ftp:x:109:65534::/home/ftp:/sbin/noshell
I meant the anonyous chrooted ftp home is owned by the anonymous ftp user ... does it ?
Anyway i installed wu-ftpd and i got over this ... thanks anyway !
Reply With Quote
  #8  
Old 12th November 2006, 11:41
gabrix gabrix is offline
Senior Member
 
Join Date: Sep 2006
Location: Napoli
Posts: 186
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via MSN to gabrix Send a message via Yahoo to gabrix Send a message via Skype™ to gabrix
Default

i think it is just a gftp problem if proftpd is not accepting connections :
Quote:
Looking up ftp.cacca.cx
Trying www.cacca.cx:21
Connected to ftp.caccacx:21
220 82.61.84.174 FTP server ready
USER gabrix

331 Password required for gabrix.
PASS xxxx
230-Welcome to FTP dot CACCA dot ATH dot CX Just do class A !!!
230-
230-
230 User gabrix logged in.
SYST

215 UNIX Type: L8
TYPE I

200 Type set to I
PWD

257 "/" is current directory.
Loading directory listing / from server (LC_TIME=en_GB)
PASV

227 Entering Passive Mode (82,61,84,174,241,59).
Cannot create a data connection: Connection refused
Disconnecting from site ftp.cacca.cx
With ftp instead everything it 's all right , still as normal user:
Quote:
230 User gabrix logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
drwxr-xr-x 2 ftp nogroup 4096 Nov 12 03:10 etc
drwxr-xr-x 2 ftp nogroup 4096 Oct 26 12:35 incoming
dr-xr-xr-x 2 ftp nogroup 4096 Nov 11 19:08 pub
-rw-r--r-- 1 ftp nogroup 64 Nov 12 10:07 welcome.msg
226 Transfer complete.
and also as anonymous all right:
Quote:
Connected to www.
220 82.61.84.174 FTP server ready
Name (ftp.cacca.cx:gabrix): anonymous
331 Anonymous login ok, send your complete email address as your password.
Password:
230-Welcome to FTP dot CACCA dot ATH dot CX Just do class A !!!
230-
230-
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
What's the problem with gftp ?
An another thing is proftpd is not writing logs i have this directive in proftpd.conf
Quote:
ExtendedLog /var/log/proftpd.log ALL default
And this an ls -la on /var/log/proftpd.log
Quote:
-rw-r--r-- 1 root root 0 2006-11-12 11:00 /var/log/proftpd.log
proftpd is running as user nobody and as group nogroup.If something it's not clear just ask ... thanks !
__________________
http://www.gabrix.ath.cx

Last edited by gabrix; 12th November 2006 at 11:44.
Reply With Quote
  #9  
Old 13th November 2006, 15:47
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,732 Times in 2,569 Posts
Default

I think the log file is /var/log/xferlog.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 13th November 2006, 16:02
gabrix gabrix is offline
Senior Member
 
Join Date: Sep 2006
Location: Napoli
Posts: 186
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via MSN to gabrix Send a message via Yahoo to gabrix Send a message via Skype™ to gabrix
 
Default

I have to call it xferlog anyway ?Cause i don't have a file that name ...
__________________
http://www.gabrix.ath.cx
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Speed up Proftpd login for all users linuxfast Tips/Tricks/Mods 12 13th February 2007 19:55
kann keine mails empfangen odin1 Installation/Configuration 5 6th July 2006 12:13
proftpd login problem with list Cirox Installation/Configuration 3 19th March 2006 00:12
Im thinking about throwing proftpd to the trashcan danf.1979 Installation/Configuration 2 23rd December 2005 09:27
Total Frustration-HELP palkat Installation/Configuration 17 3rd September 2005 17:28


All times are GMT +2. The time now is 19:52.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.