Anonymous FTP fails with 503 error

Discussion in 'Installation/Configuration' started by RAMilewski, Mar 6, 2007.

  1. RAMilewski

    RAMilewski New Member

    I'm running ISPConfig 2.2.10 on an Ubuntu system. User FTP logins work fine, but anonymous FTP fails with a 503 (incorrect login) error.

    I've poked through other threads here, but none of the fixes seem to work.

    Any additional suggestion for how to debug this problem?

    -- Richard
     
  2. RAMilewski

    RAMilewski New Member

    Sorry... I copied the error wrong. That's a 530 Incorrect login, not 503.

    -- Richard
     
  3. falko

    falko Super Moderator ISPConfig Developer

    What's in /etc/proftpd.conf and /etc/proftpd_ispconfig.conf?
    Any errors in your logs?
     
  4. RAMilewski

    RAMilewski New Member

    Proftpd.conf looks like this:

    #
    # /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
    # To really apply changes reload proftpd after modifications.
    #

    ServerName Default
    ServerType standalone
    DeferWelcome off

    MultilineRFC2228 on
    DefaultServer on
    ShowSymlinks on

    TimeoutNoTransfer 600
    TimeoutStalled 600
    TimeoutIdle 1200

    DisplayLogin welcome.msg
    DisplayFirstChdir .message
    ListOptions "-l"

    DenyFilter \*.*/

    # Uncomment this if you are using NIS or LDAP to retrieve passwords:
    #PersistentPasswd off

    # Uncomment this if you would use TLS module:
    #TLSEngine on

    # Uncomment this if you would use quota module:
    #Quotas on

    # Uncomment this if you would use ratio module:
    #Ratios on

    # Port 21 is the standard FTP port.
    Port 21

    # To prevent DoS attacks, set the maximum number of child processes
    # to 30. If you need to allow more than 30 concurrent connections
    # at once, simply increase this value. Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances 30

    # Set the user and group that the server normally runs at.
    User nobody
    Group nogroup

    # Umask 022 is a good standard umask to prevent new files and dirs
    # (second parm) from being group and world writable.
    Umask 022 022
    # Normally, we want files to be overwriteable.
    AllowOverwrite on

    # Delay engine reduces impact of the so-called Timing Attack described in
    # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
    # It is on by default.
    #DelayEngine off

    # A basic anonymous configuration, no upload directories.

    # <Anonymous ~ftp>
    # User ftp
    # Group nogroup
    # # We want clients to be able to login with "anonymous" as well as "ftp"
    # UserAlias anonymous ftp
    # # Cosmetic changes, all files belongs to ftp user
    # DirFakeUser on ftp
    # DirFakeGroup on ftp
    #
    # RequireValidShell off
    #
    # # Limit the maximum number of anonymous logins
    # MaxClients 10
    #
    # # We want 'welcome.msg' displayed at login, and '.message' displayed
    # # in each newly chdired directory.
    # DisplayLogin welcome.msg
    # DisplayFirstChdir .message
    #
    # # Limit WRITE everywhere in the anonymous chroot
    # <Directory *>
    # <Limit WRITE>
    # DenyAll
    # </Limit>
    # </Directory>
    #
    # # Uncomment this if you're brave.
    # # <Directory incoming>
    # # # Umask 022 is a good standard umask to prevent new files and dirs
    # # # (second parm) from being group and world writable.
    # # Umask 022 022
    # # <Limit READ WRITE>
    # # DenyAll
    # # </Limit>
    # # <Limit STOR>
    # # AllowAll
    # # </Limit>
    # # </Directory>
    #
    # </Anonymous>
    <Global>
    AccessGrantMsg "Welcome to the Greaves Group FTP Site"
    RootLogin on
    RequireValidShell off
    UseFtpUsers on
    DefaultRoot ~
    IdentLookups off
    ServerIdent on "FTP Server ready."
    AuthAliasOnly off
    WtmpLog on
    </Global>
    TimesGMT off
    <Anonymous /var/ftp>
    </Anonymous>
    RequireValidShell off
    UseFtpUsers on
    RootLogin on


    Include /etc/proftpd_ispconfig.conf



    ***************************************************

    proftpd_ispconfig.conf looks like this:


    ###################################
    #
    # ISPConfig proftpd Configuration File
    # Version 1.0
    #
    ###################################
    DefaultAddress 127.0.0.1
    <VirtualHost 64.142.97.114>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 64.142.97.115>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /home/www/web9/ftp>
    User web9_anonftp
    Group web9_anonftp
    UserAlias anonymous web9_anonftp
    UserAlias guest web9_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /home/www/web9/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>
    <VirtualHost 64.142.97.116>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /home/www/web2/ftp>
    User web2_anonftp
    Group web2_anonftp
    UserAlias anonymous web2_anonftp
    UserAlias guest web2_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /home/www/web2/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>
    <VirtualHost 64.142.97.117>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /home/www/web5/ftp>
    User web5_anonftp
    Group web5_anonftp
    UserAlias anonymous web5_anonftp
    UserAlias guest web5_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /home/www/web5/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>
    <VirtualHost 64.142.97.118>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /home/www/web8/ftp>
    User web8_anonftp
    Group web8_anonftp
    UserAlias anonymous web8_anonftp
    UserAlias guest web8_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /home/www/web8/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>
    <VirtualHost 64.142.97.119>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /home/www/web10/ftp>
    User web10_anonftp
    Group web10_anonftp
    UserAlias anonymous web10_anonftp
    UserAlias guest web10_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /home/www/web10/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>
    <VirtualHost 64.142.97.120>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 64.142.97.121>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 64.142.97.122>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 64.142.97.123>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 64.142.97.124>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 64.142.97.125>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 64.142.97.126>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
     
  5. RAMilewski

    RAMilewski New Member

    ...and checking the Anonymous FTP box on the web10 site adds the following to ispconfig.log


    07.03.2007 - 15:42:55 => INFO - USER:
    web10_austinhq:x:10028:10010:Austin HQ Distribution List:/home/www/web10/user/web10_austinhq:/dev/null
    07.03.2007 - 15:42:55 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 137: cp -fr /etc/postfix/local-host-names /etc/postfix/local-host-names~
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 284: cp -fr /etc/postfix/virtusertable /etc/postfix/virtusertable~
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 289: postmap hash:/etc/postfix/virtusertable
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1230: cp -fr /etc/apache2/vhosts/Vhosts_ispconfig.conf /etc/apache2/vhosts/Vhosts_ispconfig.conf~
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1891: cp -fr /etc/proftpd_ispconfig.conf /etc/proftpd_ispconfig.conf~
    07.03.2007 - 15:42:56 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: WARNING: could not groupadd -g 12009 web9_anonftp &> /dev/null
    07.03.2007 - 15:42:56 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: WARNING: could not useradd -d /home/www/web9/ftp -g web9_anonftp -m -s /bin/false -u 12009 web9_anonftp &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web9_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web9_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web9_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web9_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:56 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: WARNING: could not groupadd -g 12002 web2_anonftp &> /dev/null
    07.03.2007 - 15:42:56 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: WARNING: could not useradd -d /home/www/web2/ftp -g web2_anonftp -m -s /bin/false -u 12002 web2_anonftp &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web2_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web2_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web2_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web2_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:57 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: WARNING: could not groupadd -g 12005 web5_anonftp &> /dev/null
    07.03.2007 - 15:42:57 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: WARNING: could not useradd -d /home/www/web5/ftp -g web5_anonftp -m -s /bin/false -u 12005 web5_anonftp &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web5_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web5_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web5_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web5_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:57 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: WARNING: could not groupadd -g 12008 web8_anonftp &> /dev/null
    07.03.2007 - 15:42:57 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: WARNING: could not useradd -d /home/www/web8/ftp -g web8_anonftp -m -s /bin/false -u 12008 web8_anonftp &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web8_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web8_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web8_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web8_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: groupadd -g 12010 web10_anonftp &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: useradd -d /home/www/web10/ftp -g web10_anonftp -m -s /bin/false -u 12010 web10_anonftp &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web10_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web10_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web10_anonftp 0 0 0 0 -a &> /dev/null
    07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web10_anonftp 604800 604800 -a &> /dev/null
    07.03.2007 - 15:42:59 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_system.lib.php, Line 706: /etc/init.d/proftpd restart &> /dev/null
     
  6. falko

    falko Super Moderator ISPConfig Developer

    What's in /etc/passwd and /etc/group?
     
  7. RAMilewski

    RAMilewski New Member

    Hmmm... lots of stuff, but the relevant lines seem to be:

    in group:

    users:x:100:web8_twg,web8_brenda,web8_chris,web8_melissa,web8_partners,web8_info,web8_roger,web8_admin,web8_chris2,web2_twg,web2_n6mod,web2_jhayes,web10_barry,web10_sharla,web10_brenda,web10_melissa,web10_ed,web10_michele,web10_janeadmispconfig:x:1001:admispconfig
    web1:x:10001:admispconfig
    web1_anonftp:x:12001:
    web2:x:10002:admispconfig,web2_ram
    web2_anonftp:x:12002:
    web4:x:10004:admispconfig
    web4_anonftp:x:12004:
    web5:x:10005:admispconfig,web5_dreamweaver
    web5_anonftp:x:12005:
    web8:x:10008:admispconfig,web8_ram
    web8_anonftp:x:12008:admispconfig,web8_anonftp
    web9:x:10009:admispconfig,ram,web9_admin
    web9_anonftp:x:12009:
    web10:x:10010:admispconfig,web10_admin
    web12:x:10012:admispconfig
    web13:x:10013:admispconfig,web13_admin
    freerad:x:115:
    ssl-cert:x:116:postgres
    web10_anonftp:x:12010:

    ...........................................and in passwd:

    admispconfig:x:1001:1001:Administrator ISPConfig:/home/admispconfig:/bin/bash
    web1_anonftp:x:12001:12001::/home/www/web1/ftp:/bin/false
    web2_anonftp:x:12002:12002::/home/www/web2/ftp:/bin/false
    web4_anonftp:x:12004:12004::/home/www/web4/ftp:/bin/false
    web5_anonftp:x:12005:12005::/home/www/web5/ftp:/bin/false
    web8_anonftp:x:12008:12008::/home/www/web8/ftp:/bin/false
    web9_anonftp:x:12009:12009::/home/www/web9/ftp:/bin/false
    web5_dreamweaver:x:10004:10005:Bug Track:/home/www/web5:/bin/bash
    web13_admin:x:10027:10013:Richard:/home/www/web13:/bin/false
    freerad:x:109:115::/etc/freeradius:/bin/false
    web9_admin:x:10029:10009:Administrator:/home/www/web9:/bin/bash
    web8_ram:x:10009:10008:Richard A. Milewski:/home/www/web8:/bin/bash
    web8_twg:x:10010:10008:Thomas W. Greaves:/home/www/web8/user/web8_twg:/bin/false
    web8_brenda:x:10014:10008:Brenda Raker:/home/www/web8/user/web8_brenda:/bin/false
    web8_chris:x:10015:10008:Christine Whelan:/home/www/web8/user/web8_chris:/bin/false
    web8_melissa:x:10016:10008:Melissa Mccullough:/home/www/web8/user/web8_melissa:/bin/false
    web8_partners:x:10017:10008:partners:/home/www/web8/user/web8_partners:/bin/false
    web8_info:x:10018:10008:Catchall Accounts:/home/www/web8/user/web8_info:/bin/false
    web8_roger:x:10019:10008:Roger Samdahl:/home/www/web8/user/web8_roger:/bin/false
    web8_admin:x:10020:10008:NOC Accounts:/home/www/web8/user/web8_admin:/bin/bash
    web8_chris2:x:10026:10008:Chris Whelan:/home/www/web8/user/web8_chris2:/bin/false
    web2_twg:x:10012:10002:Thomas W. Greaves:/home/www/web2/user/web2_twg:/bin/false
    web2_ram:x:10008:10002:Richard A. Milewski:/home/www/web2:/bin/bash
    web2_n6mod:x:10007:10002:Aleksandr:/home/www/web2/user/web2_n6mod:/bin/bash
    web2_jhayes:x:10013:10002:Jeanne Hayes:/home/www/web2/user/web2_jhayes:/bin/false
    web10_admin:x:10022:10010:Administrator:/home/www/web10:/bin/bash
    web10_barry:x:10023:10010:Barry Berman:/home/www/web10/user/web10_barry:/bin/false
    web10_sharla:x:10025:10010:Sharla Woodrow:/home/www/web10/user/web10_sharla:/bin/false
    web10_brenda:x:10031:10010:Brenda Raker:/home/www/web10/user/web10_brenda:/bin/false
    web10_melissa:x:10032:10010:Melissa McCullough:/home/www/web10/user/web10_melissa:/bin/false
    web10_ed:x:10033:10010:Ed Cranston:/home/www/web10/user/web10_ed:/bin/false
    web10_michele:x:10034:10010:Michele Drake:/home/www/web10/user/web10_michele:/bin/false
    web10_jane:x:10035:10010:Jane Stahler:/home/www/web10/user/web10_jane:/bin/false
    web10_tom:x:10021:10010:Tom Fitzgerald:/home/www/web10/user/web10_tom:/dev/null
    web10_david:x:10024:10010:David Walling:/home/www/web10/user/web10_david:/dev/null
    web10_austinhq:x:10028:10010:Austin HQ Distribution List:/home/www/web10/user/web10_austinhq:/dev/null
    web10_anonftp:x:12010:12010::/home/www/web10/ftp:/bin/false



    ....is there something in particular I should look for?

    -- RAM
     
  8. falko

    falko Super Moderator ISPConfig Developer

    I wanted to see if all anonymous FTP users and groups are existing - they are, so that's not the problem... :confused:
     
  9. joshenry

    joshenry New Member

    I hate to bring a thread back from the dead but I've been reading through these threads that have anonymous ftp access problems and I don't see a fix for it.

    I also am having this same problem, getting:

    From SmartFTP:

    [11:21:55] 220 FTP Server ready.
    [11:21:55] USER anonymous
    [11:21:55] 331 Password required for anonymous.
    [11:21:55] PASS (hidden)
    [11:21:55] 530 Login incorrect.
    [11:21:55] Active Help: http://www.smartftp.com/support/kb/index.php/51
    [11:21:55] Cannot login waiting to retry (30s)...
    [11:26:55] 421 No Transfer Timeout (300 seconds): closing control connection.
    [11:26:55] Server closed connection

    From /var/log/messages:

    Apr 13 11:20:42 proftpd[11346]: localhost.localdomain :):ffff:68.149.237.71[::ffff:68.149.237.71]) - no such user 'anonymous'

    Code:
    # This is the ProFTPD configuration file
    # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
    
    ServerName                      "ProFTPD server"
    ServerIdent                     on "FTP Server ready."
    ServerAdmin                     root@localhost
    ServerType                      standalone
    #ServerType                     inetd
    DefaultServer                   on
    AccessGrantMsg                  "User %u logged in."
    #DisplayConnect                 /etc/ftpissue
    #DisplayLogin                   /etc/ftpmotd
    #DisplayGoAway                  /etc/ftpgoaway
    DeferWelcome                    off
    
    # Use this to excude users from the chroot
    DefaultRoot                     ~ !adm
    
    # Use pam to authenticate (default) and be authoritative
    AuthPAMConfig                   proftpd
    AuthOrder                       mod_auth_pam.c* mod_auth_unix.c
    
    # Do not perform ident nor DNS lookups (hangs when the port is filtered)
    IdentLookups                    off
    UseReverseDNS                   off
    
    # Port 21 is the standard FTP port.
    Port                            21
    
    # Umask 022 is a good standard umask to prevent new dirs and files
    # from being group and world writable.
    Umask                           022
    
    # Default to show dot files in directory listings
    ListOptions                     "-a"
    
    # See Configuration.html for these (here are the default values)
    #MultilineRFC2228               off
    
    #RootLogin                      off
    #LoginPasswordPrompt            on
    #MaxLoginAttempts               3
    #MaxClientsPerHost              none
    #AllowForeignAddress            off     # For FXP
    
    # Allow to resume not only the downloads but the uploads too
    AllowRetrieveRestart            on
    AllowStoreRestart               on
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances                    20
    
    # Set the user and group that the server normally runs at.
    User                            nobody
    Group                           nobody
    
    # Disable sendfile by default since it breaks displaying the download speeds in
    # ftptop and ftpwho
    UseSendfile                     no
    
    # This is where we want to put the pid file
    ScoreboardFile                  /var/run/proftpd.score
    
    # Normally, we want users to do a few things.
    <Global>
      AllowOverwrite                yes
      <Limit ALL SITE_CHMOD>
        AllowAll
      </Limit>
    </Global>
    
    # Define the log formats
    LogFormat                       default "%h %l %u %t \"%r\" %s %b"
    LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"
    
    # TLS
    # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
    #TLSEngine                      on
    #TLSRequired                    on
    #TLSRSACertificateFile          /etc/pki/tls/certs/proftpd.pem
    #TLSRSACertificateKeyFile       /etc/pki/tls/certs/proftpd.pem
    #TLSCipherSuite                 ALL:!ADH:!DES
    #TLSOptions                     NoCertRequest
    #TLSVerifyClient                off
    ##TLSRenegotiate                ctrl 3600 data 512000 required off timeout 300
    #TLSLog                         /var/log/proftpd/tls.log
    
    # SQL authentication Dynamic Shared Object (DSO) loading
    # See README.DSO and howto/DSO.html for more details.
    #<IfModule mod_dso.c>
    #   LoadModule mod_sql.c
    #   LoadModule mod_sql_mysql.c
    #   LoadModule mod_sql_postgres.c
    #</IfModule>
    
    # A basic anonymous configuration, with an upload directory.
    #<Anonymous ~ftp>
    #  User                         ftp
    #  Group                                ftp
    #  AccessGrantMsg               "Anonymous login ok, restrictions apply."
    #
    #  # We want clients to be able to login with "anonymous" as well as "ftp"
    #  UserAlias                    anonymous ftp
    #
    #  # Limit the maximum number of anonymous logins
    #  MaxClients                   10 "Sorry, max %m users -- try again later"
    #
    #  # Put the user into /pub right after login
    #  #DefaultChdir                        /pub
    #
    #  # We want 'welcome.msg' displayed at login, '.message' displayed in
    #  # each newly chdired directory and tell users to read README* files.
    #  DisplayLogin                 /welcome.msg
    #  DisplayFirstChdir            .message
    #  DisplayReadme                        README*
    #
    #  # Some more cosmetic and not vital stuff
    #  DirFakeUser                  on ftp
    #  DirFakeGroup                 on ftp
    #
    #  # Limit WRITE everywhere in the anonymous chroot
    #  <Limit WRITE SITE_CHMOD>
    #    DenyAll
    #  </Limit>
    #
    #  # An upload directory that allows storing files but not retrieving
    #  # or creating directories.
    #  <Directory uploads/*>
    #    AllowOverwrite             no
    #    <Limit READ>
    #      DenyAll
    #    </Limit>
    #
    #    <Limit STOR>
    #      AllowAll
    #    </Limit>
    #  </Directory>
    #
    #  # Don't write anonymous accesses to the system wtmp file (good idea!)
    #  WtmpLog                      off
    #
    #  # Logging for the anonymous transfers
    #  ExtendedLog          /var/log/proftpd/access.log WRITE,READ default
    #  ExtendedLog          /var/log/proftpd/auth.log AUTH auth
    #
    #</Anonymous>
    
     # Restrict the range of ports from which the server will select when sent the
    # PASV command from a client. Use IANA-registered ephemeral port range of
    # 49152-65534
    PassivePorts 49152 65534
    
    DefaultRoot ~
    
    Include /etc/proftpd_ispconfig.conf
    
    Here is the /etc/proftpd_ispconfig.conf file:

    Code:
    ###################################
    #
    # ISPConfig proftpd Configuration File
    #         Version 1.0
    #
    ###################################
    DefaultAddress 127.0.0.1
    <VirtualHost 10.10.10.20>
            DefaultRoot             ~
            AllowOverwrite          on
            Umask                   002
            <Anonymous /var/www/web11/ftp>
              User                          web11_anonftp
              Group                         web11_anonftp
              UserAlias                     anonymous web11_anonftp
              UserAlias                     guest web11_anonftp
              MaxClients                    10
              <Directory *>
                <Limit WRITE>
                  DenyAll
                </Limit>
              </Directory>
              <Directory /var/www/web11/ftp/incoming>
                Umask                       002
                <Limit STOR>
                  AllowAll
                </Limit>
                <Limit READ>
                  DenyAll
                </Limit>
              </Directory>
            </Anonymous>
    </VirtualHost>
    
    Here is the ispconfig.log file:

    Code:
    13.04.2007 - 11:12:53 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1923: groupadd -g 12011 web11_anonftp &> /dev/null
    13.04.2007 - 11:12:54 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1924: useradd -d /var/www/web11/ftp -g web11_anonftp -m -s /bin/false -u 12011 web11_anonftp &> /d
    ev/null
    13.04.2007 - 11:12:54 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1934: setquota -u web11_anonftp 512000 513024 0 0 -a &> /dev/null
    13.04.2007 - 11:12:54 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1935: setquota -T -u web11_anonftp 604800 604800 -a &> /dev/null
    13.04.2007 - 11:12:54 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1936: setquota -g web11_anonftp 512000 513024 0 0 -a &> /dev/null
    13.04.2007 - 11:12:54 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -T -g web11_anonftp 604800 604800 -a &> /dev/null
    

    Everything looks like it should work but I have no clue why it's not working. I can FTP with a user in ISPConfig and SmartFTP no problem, it's just the anonymous ftp user that has the problems.

    Thanks!
     
    Last edited: Apr 13, 2007
  10. falko

    falko Super Moderator ISPConfig Developer

    I'm not sure where that error comes from because the user anonymous is mapped to web11_anonftp in /etc/proftpd_ispconfig.conf:

    Code:
              UserAlias                     anonymous web11_anonftp
    Does web11_anonftp exist in /etc/passwd?
     
  11. joshenry

    joshenry New Member

    Yup, that user is in the passwd file:

    web11_anonftp:x:12011:12011::/var/www/web11/ftp:/bin/false

    I've tried the method of removing the anonymous ftp from the site, waiting a few minutes then putting it back on. Doesn't have any errors (had to do the -M -> -m fix though).
     
  12. falko

    falko Super Moderator ISPConfig Developer

    What fix do you mean?

    I've just checked on my system, and I also don't have an anonymous user, but it's working on my system. This is my /etc/proftpd.conf (I've left out the comments):

    Code:
    ServerName                      "Debian"
    ServerType                      standalone
    DeferWelcome                    off
    ShowSymlinks                    on
    MultilineRFC2228                on
    DefaultServer                   on
    ShowSymlinks                    on
    AllowOverwrite                  on
    TimeoutNoTransfer               600
    TimeoutStalled                  600
    TimeoutIdle                     1200
    DisplayLogin                    welcome.msg
    DisplayFirstChdir               .message
    LsDefaultOptions                "-l"
    DenyFilter                      \*.*/
    Port                            21
    MaxInstances                    30
    User                            nobody
    Group                           nogroup
    DefaultRoot ~
    IdentLookups off
    ServerIdent on "FTP Server ready."
    <Directory /*>
      Umask                         022  022
      AllowOverwrite                on
    </Directory>
    Include /etc/proftpd_ispconfig.conf
     
  13. joshenry

    joshenry New Member

    I was reading through the forums to find a fix for this problem and some people had an issue with ISPConfig unable to make the web*_anonftp. The problem was an -M tag in the command. I can't remember where I saw it on here but someone had a fix and the -M should be -m . Once I did that the system was able to create the anon user but I still have the error.

    I'll check through the proftpd.conf file when I get to work and see if I have any weird errors in it.
     

Share This Page