Fedora 6 - ProFTPD - Login Incorrect (Error 530)

Discussion in 'HOWTO-Related Questions' started by sxxxydan, Apr 24, 2008.

  1. sxxxydan

    sxxxydan New Member

    I've read through hordes of forums on such a common problem with ProFTP, yet have not been able to find a solid fix.

    The issue: cannot login to server via FTP with regular accounts already existing on system (however anonymous logins work fine, and I am able to login via SSH with all existing accounts).

    The server: Fedora 6

    The firewall: External firewall and internal iptables allow for ports
    20,21,20000:20005 (passive ports).

    The install: yum install proftpd

    Here is what is included in /etc/pam.d/ftp

    auth required pam_unix.so nullok
    account required pam_unix.so
    session required pam_unix.so

    Here is what is included in /etc/pam.d/proftpd - (I added the same 3 lines from ftp to the bottom of this file, tried it with and without the previous top 5 lines)

    auth required pam_listfile.so item=user sense=deny
    file=/etc/ftpusers onerr=succeed
    auth required pam_stack.so service=system-auth
    auth required pam_shells.so
    account required pam_stack.so service=system-auth
    session required pam_stack.so service=system-auth

    auth required pam_unix.so nullok
    account required pam_unix.so
    session required pam_unix.so

    Please help, anything you can suggest would be appreciated.
  2. sxxxydan

    sxxxydan New Member

    Just to follow up, the following users are listed in /etc/passwd as:

    (usernames have been hidden for security)


    No longer are they accessible via SSH as I changed their shells to /nologin.

    Still not able to login via ftp. The home directories belong to the respective users, and are 755 so that they can be read by others.
  3. sxxxydan

    sxxxydan New Member

    Permission Denied

    Have determined from the proftpd.log that permission is being denied to the users home directories. Was able to login successfully when changing DefaultRoot to /var/ftp/pub but when it is set to ~ (it does resolve to the correct folder) it is denied permission.

    I checked all directory permissions and each folder within home belonged to the respective user, and perms were set to 755.

    This is what I am seeing in the proftpd.log

    USER *****fit: Login successful.
    notice: unable to use '~/' [resolved to '/home/*****fit/']: Permission denied
    Preparing to chroot to directory '~/'
    *****fit chroot("~/"): No such file or directory
    error: unable to set default root directory
    FTP session closed.
  4. falko

    falko Super Moderator ISPConfig Developer

    What's the output of
    ls -la /home
    Did you disable SELinux?
  5. sxxxydan

    sxxxydan New Member

    Disabled SELinux, thanks Falko.

    Honestly did not even think of that. I must have totally overlooked that.

    Now, one last question. This is my scenario:

    This server is an e-commerce website running a MySQL database (localhost access only), Apache 2.2+, PHP5+. SSH2 only access and only from one ip address (defined in iptables and also protected by an external hardware firewall).

    By disabling SELinux, am I severly comprimising the overall security and intergrity of the server? Should I instead be considering another alternative, such as if I can't run proftpd with SELinux, then maybe not having ftp access at all?

    The server requires 100% PCI compliance. Security is of the utmost concern. Please let me know your honest opinion... do I absolutely need SELinux?
  6. sxxxydan

    sxxxydan New Member



    So I've disabled SELinux to enable proftpd to work.

    By disabling SELinux, mysqld was no longer able to write to /tmp/

    I chmod 777 /tmp/ and now mysqld can access it.

    Big concern, as now I've disabled SELinux and chmod 777 /tmp/.

    Any other suggestions?
  7. falko

    falko Super Moderator ISPConfig Developer

    777 is ok for /tmp. :)

Share This Page