Anonymous FTP fails with 503 error

Discussion in 'Installation/Configuration' started by RAMilewski, Mar 6, 2007.

  1. RAMilewski

    RAMilewski New Member

    I'm running ISPConfig 2.2.10 on an Ubuntu system. User FTP logins work fine, but anonymous FTP fails with a 503 (incorrect login) error.

    I've poked through other threads here, but none of the fixes seem to work.

    Any additional suggestion for how to debug this problem?

    -- Richard
     
  2. RAMilewski

    RAMilewski New Member

    Sorry... I copied the error wrong. That's a 530 Incorrect login, not 503.

    -- Richard
     
  3. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's in /etc/proftpd.conf and /etc/proftpd_ispconfig.conf?
    Any errors in your logs?
     
  4. RAMilewski

    RAMilewski New Member

    Proftpd.conf looks like this:

    #
    # /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
    # To really apply changes reload proftpd after modifications.
    #

    ServerName Default
    ServerType standalone
    DeferWelcome off

    MultilineRFC2228 on
    DefaultServer on
    ShowSymlinks on

    TimeoutNoTransfer 600
    TimeoutStalled 600
    TimeoutIdle 1200

    DisplayLogin welcome.msg
    DisplayFirstChdir .message
    ListOptions "-l"

    DenyFilter \*.*/

    # Uncomment this if you are using NIS or LDAP to retrieve passwords:
    #PersistentPasswd off

    # Uncomment this if you would use TLS module:
    #TLSEngine on

    # Uncomment this if you would use quota module:
    #Quotas on

    # Uncomment this if you would use ratio module:
    #Ratios on

    # Port 21 is the standard FTP port.
    Port 21

    # To prevent DoS attacks, set the maximum number of child processes
    # to 30. If you need to allow more than 30 concurrent connections
    # at once, simply increase this value. Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances 30

    # Set the user and group that the server normally runs at.
    User nobody
    Group nogroup

    # Umask 022 is a good standard umask to prevent new files and dirs
    # (second parm) from being group and world writable.
    Umask 022 022
    # Normally, we want files to be overwriteable.
    AllowOverwrite on

    # Delay engine reduces impact of the so-called Timing Attack described in
    # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
    # It is on by default.
    #DelayEngine off

    # A basic anonymous configuration, no upload directories.

    # <Anonymous ~ftp>
    # User ftp
    # Group nogroup
    # # We want clients to be able to login with "anonymous" as well as "ftp"
    # UserAlias anonymous ftp
    # # Cosmetic changes, all files belongs to ftp user
    # DirFakeUser on ftp
    # DirFakeGroup on ftp
    #
    # RequireValidShell off
    #
    # # Limit the maximum number of anonymous logins
    # MaxClients 10
    #
    # # We want 'welcome.msg' displayed at login, and '.message' displayed
    # # in each newly chdired directory.
    # DisplayLogin welcome.msg
    # DisplayFirstChdir .message
    #
    # # Limit WRITE everywhere in the anonymous chroot
    # <Directory *>
    # <Limit WRITE>
    # DenyAll
    # </Limit>
    # </Directory>
    #
    # # Uncomment this if you're brave.
    # # <Directory incoming>
    # # # Umask 022 is a good standard umask to prevent new files and dirs
    # # # (second parm) from being group and world writable.
    # # Umask 022 022
    # # <Limit READ WRITE>
    # # DenyAll
    # # </Limit>
    # # <Limit STOR>
    # # AllowAll
    # # </Limit>
    # # </Directory>
    #
    # </Anonymous>
    <Global>
    AccessGrantMsg "Welcome to the Greaves Group FTP Site"
    RootLogin on
    RequireValidShell off
    UseFtpUsers on
    DefaultRoot ~
    IdentLookups off
    ServerIdent on "FTP Server ready."
    AuthAliasOnly off
    WtmpLog on
    </Global>
    TimesGMT off
    <Anonymous /var/ftp>
    </Anonymous>
    RequireValidShell off
    UseFtpUsers on
    RootLogin on


    Include /etc/proftpd_ispconfig.conf



    ***************************************************

    proftpd_ispconfig.conf looks like this:


    ###################################
    #
    # ISPConfig proftpd Configuration File
    # Version 1.0
    #
    ###################################
    DefaultAddress 127.0.0.1
    <VirtualHost 64.142.97.114>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 64.142.97.115>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /home/www/web9/ftp>
    User web9_anonftp
    Group web9_anonftp
    UserAlias anonymous web9_anonftp
    UserAlias guest web9_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /home/www/web9/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>
    <VirtualHost 64.142.97.116>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /home/www/web2/ftp>
    User web2_anonftp
    Group web2_anonftp
    UserAlias anonymous web2_anonftp
    UserAlias guest web2_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /home/www/web2/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>
    <VirtualHost 64.142.97.117>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /home/www/web5/ftp>
    User web5_anonftp
    Group web5_anonftp
    UserAlias anonymous web5_anonftp
    UserAlias guest web5_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /home/www/web5/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>
    <VirtualHost 64.142.97.118>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /home/www/web8/ftp>
    User web8_anonftp
    Group web8_anonftp
    UserAlias anonymous web8_anonftp
    UserAlias guest web8_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /home/www/web8/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>
    <VirtualHost 64.142.97.119>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /home/www/web10/ftp>
    User web10_anonftp
    Group web10_anonftp
    UserAlias anonymous web10_anonftp
    UserAlias guest web10_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /home/www/web10/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>
    <VirtualHost 64.142.97.120>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 64.142.97.121>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 64.142.97.122>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 64.142.97.123>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 64.142.97.124>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 64.142.97.125>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 64.142.97.126>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
     
  5. RAMilewski

    RAMilewski New Member

    ...and checking the Anonymous FTP box on the web10 site adds the following to ispconfig.log


    07.03.2007 - 15:42:55 => INFO - USER:
    web10_austinhq:x:10028:10010:Austin HQ Distribution List:/home/www/web10/user/web10_austinhq:/dev/null
    07.03.2007 - 15:42:55 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 137: cp -fr /etc/postfix/local-host-names /etc/postfix/local-host-names~
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 284: cp -fr /etc/postfix/virtusertable /etc/postfix/virtusertable~
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 289: postmap hash:/etc/postfix/virtusertable
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1230: cp -fr /etc/apache2/vhosts/Vhosts_ispconfig.conf /etc/apache2/vhosts/Vhosts_ispconfig.conf~
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1891: cp -fr /etc/proftpd_ispconfig.conf /etc/proftpd_ispconfig.conf~
    07.03.2007 - 15:42:56 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: WARNING: could not groupadd -g 12009 web9_anonftp &> /dev/null
    07.03.2007 - 15:42:56 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: WARNING: could not useradd -d /home/www/web9/ftp -g web9_anonftp -m -s /bin/false -u 12009 web9_anonftp &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web9_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web9_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web9_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web9_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:56 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: WARNING: could not groupadd -g 12002 web2_anonftp &> /dev/null
    07.03.2007 - 15:42:56 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: WARNING: could not useradd -d /home/www/web2/ftp -g web2_anonftp -m -s /bin/false -u 12002 web2_anonftp &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web2_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web2_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web2_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web2_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:57 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: WARNING: could not groupadd -g 12005 web5_anonftp &> /dev/null
    07.03.2007 - 15:42:57 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: WARNING: could not useradd -d /home/www/web5/ftp -g web5_anonftp -m -s /bin/false -u 12005 web5_anonftp &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web5_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web5_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web5_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web5_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:57 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: WARNING: could not groupadd -g 12008 web8_anonftp &> /dev/null
    07.03.2007 - 15:42:57 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: WARNING: could not useradd -d /home/www/web8/ftp -g web8_anonftp -m -s /bin/false -u 12008 web8_anonftp &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web8_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web8_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web8_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web8_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: groupadd -g 12010 web10_anonftp &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: useradd -d /home/www/web10/ftp -g web10_anonftp -m -s /bin/false -u 12010 web10_anonftp &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web10_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web10_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web10_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web10_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:59 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_system.lib.php, Line 706: /etc/init.d/proftpd restart &> /dev/null
     
  6. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's in /etc/passwd and /etc/group?
     
  7. RAMilewski

    RAMilewski New Member

    Hmmm... lots of stuff, but the relevant lines seem to be:

    in group:

    users:x:100:web8_twg,web8_brenda,web8_chris,web8_melissa,web8_partners,web8_info,web8_roger,web8_admin,web8_chris2,web2_twg,web2_n6mod,web2_jhayes,web10_barry,web10_sharla,web10_brenda,web10_melissa,web10_ed,web10_michele,web10_janeadmispconfig:x:1001:admispconfig
    web1:x:10001:admispconfig
    web1_anonftp:x:12001:
    web2:x:10002:admispconfig,web2_ram
    web2_anonftp:x:12002:
    web4:x:10004:admispconfig
    web4_anonftp:x:12004:
    web5:x:10005:admispconfig,web5_dreamweaver
    web5_anonftp:x:12005:
    web8:x:10008:admispconfig,web8_ram
    web8_anonftp:x:12008:admispconfig,web8_anonftp
    web9:x:10009:admispconfig,ram,web9_admin
    web9_anonftp:x:12009:
    web10:x:10010:admispconfig,web10_admin
    web12:x:10012:admispconfig
    web13:x:10013:admispconfig,web13_admin
    freerad:x:115:
    ssl-cert:x:116:postgres
    web10_anonftp:x:12010:

    ...........................................and in passwd:

    admispconfig:x:1001:1001:Administrator ISPConfig:/home/admispconfig:/bin/bash
    web1_anonftp:x:12001:12001::/home/www/web1/ftp:/bin/false
    web2_anonftp:x:12002:12002::/home/www/web2/ftp:/bin/false
    web4_anonftp:x:12004:12004::/home/www/web4/ftp:/bin/false
    web5_anonftp:x:12005:12005::/home/www/web5/ftp:/bin/false
    web8_anonftp:x:12008:12008::/home/www/web8/ftp:/bin/false
    web9_anonftp:x:12009:12009::/home/www/web9/ftp:/bin/false
    web5_dreamweaver:x:10004:10005:Bug Track:/home/www/web5:/bin/bash
    web13_admin:x:10027:10013:Richard:/home/www/web13:/bin/false
    freerad:x:109:115::/etc/freeradius:/bin/false
    web9_admin:x:10029:10009:Administrator:/home/www/web9:/bin/bash
    web8_ram:x:10009:10008:Richard A. Milewski:/home/www/web8:/bin/bash
    web8_twg:x:10010:10008:Thomas W. Greaves:/home/www/web8/user/web8_twg:/bin/false
    web8_brenda:x:10014:10008:Brenda Raker:/home/www/web8/user/web8_brenda:/bin/false
    web8_chris:x:10015:10008:Christine Whelan:/home/www/web8/user/web8_chris:/bin/false
    web8_melissa:x:10016:10008:Melissa Mccullough:/home/www/web8/user/web8_melissa:/bin/false
    web8_partners:x:10017:10008:partners:/home/www/web8/user/web8_partners:/bin/false
    web8_info:x:10018:10008:Catchall Accounts:/home/www/web8/user/web8_info:/bin/false
    web8_roger:x:10019:10008:Roger Samdahl:/home/www/web8/user/web8_roger:/bin/false
    web8_admin:x:10020:10008:NOC Accounts:/home/www/web8/user/web8_admin:/bin/bash
    web8_chris2:x:10026:10008:Chris Whelan:/home/www/web8/user/web8_chris2:/bin/false
    web2_twg:x:10012:10002:Thomas W. Greaves:/home/www/web2/user/web2_twg:/bin/false
    web2_ram:x:10008:10002:Richard A. Milewski:/home/www/web2:/bin/bash
    web2_n6mod:x:10007:10002:Aleksandr:/home/www/web2/user/web2_n6mod:/bin/bash
    web2_jhayes:x:10013:10002:Jeanne Hayes:/home/www/web2/user/web2_jhayes:/bin/false
    web10_admin:x:10022:10010:Administrator:/home/www/web10:/bin/bash
    web10_barry:x:10023:10010:Barry Berman:/home/www/web10/user/web10_barry:/bin/false
    web10_sharla:x:10025:10010:Sharla Woodrow:/home/www/web10/user/web10_sharla:/bin/false
    web10_brenda:x:10031:10010:Brenda Raker:/home/www/web10/user/web10_brenda:/bin/false
    web10_melissa:x:10032:10010:Melissa McCullough:/home/www/web10/user/web10_melissa:/bin/false
    web10_ed:x:10033:10010:Ed Cranston:/home/www/web10/user/web10_ed:/bin/false
    web10_michele:x:10034:10010:Michele Drake:/home/www/web10/user/web10_michele:/bin/false
    web10_jane:x:10035:10010:Jane Stahler:/home/www/web10/user/web10_jane:/bin/false
    web10_tom:x:10021:10010:Tom Fitzgerald:/home/www/web10/user/web10_tom:/dev/null
    web10_david:x:10024:10010:David Walling:/home/www/web10/user/web10_david:/dev/null
    web10_austinhq:x:10028:10010:Austin HQ Distribution List:/home/www/web10/user/web10_austinhq:/dev/null
    web10_anonftp:x:12010:12010::/home/www/web10/ftp:/bin/false



    ....is there something in particular I should look for?

    -- RAM
     
  8. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    I wanted to see if all anonymous FTP users and groups are existing - they are, so that's not the problem... :confused:
     
  9. joshenry

    joshenry New Member

    I hate to bring a thread back from the dead but I've been reading through these threads that have anonymous ftp access problems and I don't see a fix for it.

    I also am having this same problem, getting:

    From SmartFTP:

    [11:21:55] 220 FTP Server ready.
    [11:21:55] USER anonymous
    [11:21:55] 331 Password required for anonymous.
    [11:21:55] PASS (hidden)
    [11:21:55] 530 Login incorrect.
    [11:21:55] Active Help: http://www.smartftp.com/support/kb/index.php/51
    [11:21:55] Cannot login waiting to retry (30s)...
    [11:26:55] 421 No Transfer Timeout (300 seconds): closing control connection.
    [11:26:55] Server closed connection

    From /var/log/messages:

    Apr 13 11:20:42 proftpd[11346]: localhost.localdomain :):ffff:68.149.237.71[::ffff:68.149.237.71]) - no such user 'anonymous'

    Code:
    # This is the ProFTPD configuration file
    # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
    
    ServerName                      "ProFTPD server"
    ServerIdent                     on "FTP Server ready."
    ServerAdmin                     root@localhost
    ServerType                      standalone
    #ServerType                     inetd
    DefaultServer                   on
    AccessGrantMsg                  "User %u logged in."
    #DisplayConnect                 /etc/ftpissue
    #DisplayLogin                   /etc/ftpmotd
    #DisplayGoAway                  /etc/ftpgoaway
    DeferWelcome                    off
    
    # Use this to excude users from the chroot
    DefaultRoot                     ~ !adm
    
    # Use pam to authenticate (default) and be authoritative
    AuthPAMConfig                   proftpd
    AuthOrder                       mod_auth_pam.c* mod_auth_unix.c
    
    # Do not perform ident nor DNS lookups (hangs when the port is filtered)
    IdentLookups                    off
    UseReverseDNS                   off
    
    # Port 21 is the standard FTP port.
    Port                            21
    
    # Umask 022 is a good standard umask to prevent new dirs and files
    # from being group and world writable.
    Umask                           022
    
    # Default to show dot files in directory listings
    ListOptions                     "-a"
    
    # See Configuration.html for these (here are the default values)
    #MultilineRFC2228               off
    
    #RootLogin                      off
    #LoginPasswordPrompt            on
    #MaxLoginAttempts               3
    #MaxClientsPerHost              none
    #AllowForeignAddress            off     # For FXP
    
    # Allow to resume not only the downloads but the uploads too
    AllowRetrieveRestart            on
    AllowStoreRestart               on
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances                    20
    
    # Set the user and group that the server normally runs at.
    User                            nobody
    Group                           nobody
    
    # Disable sendfile by default since it breaks displaying the download speeds in
    # ftptop and ftpwho
    UseSendfile                     no
    
    # This is where we want to put the pid file
    ScoreboardFile                  /var/run/proftpd.score
    
    # Normally, we want users to do a few things.
    <Global>
      AllowOverwrite                yes
      <Limit ALL SITE_CHMOD>
        AllowAll
      </Limit>
    </Global>
    
    # Define the log formats
    LogFormat                       default "%h %l %u %t \"%r\" %s %b"
    LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"
    
    # TLS
    # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
    #TLSEngine                      on
    #TLSRequired                    on
    #TLSRSACertificateFile          /etc/pki/tls/certs/proftpd.pem
    #TLSRSACertificateKeyFile       /etc/pki/tls/certs/proftpd.pem
    #TLSCipherSuite                 ALL:!ADH:!DES
    #TLSOptions                     NoCertRequest
    #TLSVerifyClient                off
    ##TLSRenegotiate                ctrl 3600 data 512000 required off timeout 300
    #TLSLog                         /var/log/proftpd/tls.log
    
    # SQL authentication Dynamic Shared Object (DSO) loading
    # See README.DSO and howto/DSO.html for more details.
    #<IfModule mod_dso.c>
    #   LoadModule mod_sql.c
    #   LoadModule mod_sql_mysql.c
    #   LoadModule mod_sql_postgres.c
    #</IfModule>
    
    # A basic anonymous configuration, with an upload directory.
    #<Anonymous ~ftp>
    #  User                         ftp
    #  Group                                ftp
    #  AccessGrantMsg               "Anonymous login ok, restrictions apply."
    #
    #  # We want clients to be able to login with "anonymous" as well as "ftp"
    #  UserAlias                    anonymous ftp
    #
    #  # Limit the maximum number of anonymous logins
    #  MaxClients                   10 "Sorry, max %m users -- try again later"
    #
    #  # Put the user into /pub right after login
    #  #DefaultChdir                        /pub
    #
    #  # We want 'welcome.msg' displayed at login, '.message' displayed in
    #  # each newly chdired directory and tell users to read README* files.
    #  DisplayLogin                 /welcome.msg
    #  DisplayFirstChdir            .message
    #  DisplayReadme                        README*
    #
    #  # Some more cosmetic and not vital stuff
    #  DirFakeUser                  on ftp
    #  DirFakeGroup                 on ftp
    #
    #  # Limit WRITE everywhere in the anonymous chroot
    #  <Limit WRITE SITE_CHMOD>
    #    DenyAll
    #  </Limit>
    #
    #  # An upload directory that allows storing files but not retrieving
    #  # or creating directories.
    #  <Directory uploads/*>
    #    AllowOverwrite             no
    #    <Limit READ>
    #      DenyAll
    #    </Limit>
    #
    #    <Limit STOR>
    #      AllowAll
    #    </Limit>
    #  </Directory>
    #
    #  # Don't write anonymous accesses to the system wtmp file (good idea!)
    #  WtmpLog                      off
    #
    #  # Logging for the anonymous transfers
    #  ExtendedLog          /var/log/proftpd/access.log WRITE,READ default
    #  ExtendedLog          /var/log/proftpd/auth.log AUTH auth
    #
    #</Anonymous>
    
     # Restrict the range of ports from which the server will select when sent the
    # PASV command from a client. Use IANA-registered ephemeral port range of
    # 49152-65534
    PassivePorts 49152 65534
    
    DefaultRoot ~
    
    Include /etc/proftpd_ispconfig.conf
    
    Here is the /etc/proftpd_ispconfig.conf file:

    Code:
    ###################################
    #
    # ISPConfig proftpd Configuration File
    #         Version 1.0
    #
    ###################################
    DefaultAddress 127.0.0.1
    <VirtualHost 10.10.10.20>
            DefaultRoot             ~
            AllowOverwrite          on
            Umask                   002
            <Anonymous /var/www/web11/ftp>
              User                          web11_anonftp
              Group                         web11_anonftp
              UserAlias                     anonymous web11_anonftp
              UserAlias                     guest web11_anonftp
              MaxClients                    10
              <Directory *>
                <Limit WRITE>
                  DenyAll
                </Limit>
              </Directory>
              <Directory /var/www/web11/ftp/incoming>
                Umask                       002
                <Limit STOR>
                  AllowAll
                </Limit>
                <Limit READ>
                  DenyAll
                </Limit>
              </Directory>
            </Anonymous>
    </VirtualHost>
    
    Here is the ispconfig.log file:

    Code:
    13.04.2007 - 11:12:53 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1923: groupadd -g 12011 web11_anonftp &> /dev/null
    13.04.2007 - 11:12:54 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1924: useradd -d /var/www/web11/ftp -g web11_anonftp -m -s /bin/false -u 12011 web11_anonftp &> /d
    ev/null
    13.04.2007 - 11:12:54 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1934: setquota -u web11_anonftp 512000 513024 0 0 -a &> /dev/null
    13.04.2007 - 11:12:54 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1935: setquota -T -u web11_anonftp 604800 604800 -a &> /dev/null
    13.04.2007 - 11:12:54 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1936: setquota -g web11_anonftp 512000 513024 0 0 -a &> /dev/null
    13.04.2007 - 11:12:54 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -T -g web11_anonftp 604800 604800 -a &> /dev/null
    

    Everything looks like it should work but I have no clue why it's not working. I can FTP with a user in ISPConfig and SmartFTP no problem, it's just the anonymous ftp user that has the problems.

    Thanks!
     
    Last edited: Apr 13, 2007
  10. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    I'm not sure where that error comes from because the user anonymous is mapped to web11_anonftp in /etc/proftpd_ispconfig.conf:

    Code:
              UserAlias                     anonymous web11_anonftp
    Does web11_anonftp exist in /etc/passwd?
     
  11. joshenry

    joshenry New Member

    Yup, that user is in the passwd file:

    web11_anonftp:x:12011:12011::/var/www/web11/ftp:/bin/false

    I've tried the method of removing the anonymous ftp from the site, waiting a few minutes then putting it back on. Doesn't have any errors (had to do the -M -> -m fix though).
     
  12. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What fix do you mean?

    I've just checked on my system, and I also don't have an anonymous user, but it's working on my system. This is my /etc/proftpd.conf (I've left out the comments):

    Code:
    ServerName                      "Debian"
    ServerType                      standalone
    DeferWelcome                    off
    ShowSymlinks                    on
    MultilineRFC2228                on
    DefaultServer                   on
    ShowSymlinks                    on
    AllowOverwrite                  on
    TimeoutNoTransfer               600
    TimeoutStalled                  600
    TimeoutIdle                     1200
    DisplayLogin                    welcome.msg
    DisplayFirstChdir               .message
    LsDefaultOptions                "-l"
    DenyFilter                      \*.*/
    Port                            21
    MaxInstances                    30
    User                            nobody
    Group                           nogroup
    DefaultRoot ~
    IdentLookups off
    ServerIdent on "FTP Server ready."
    <Directory /*>
      Umask                         022  022
      AllowOverwrite                on
    </Directory>
    Include /etc/proftpd_ispconfig.conf
     
  13. joshenry

    joshenry New Member

    I was reading through the forums to find a fix for this problem and some people had an issue with ISPConfig unable to make the web*_anonftp. The problem was an -M tag in the command. I can't remember where I saw it on here but someone had a fix and the -M should be -m . Once I did that the system was able to create the anon user but I still have the error.

    I'll check through the proftpd.conf file when I get to work and see if I have any weird errors in it.
     

Share This Page