FTP Wierd Behavior

Discussion in 'Installation/Configuration' started by Wisdown, Aug 30, 2012.

  1. Wisdown

    Wisdown Member

    Hi Guys,

    I`m not sure if this is an bug, or is normal.
    After a fresh install, i make one user for ftp.
    The user was able to access his ftp and make directories by filezila on his /.
    Then for test i enable for same account an login to ssh (without quota on, i mean -1 on his limit), so his directory get new folders:

    bin
    cgi-bin
    dev

    etc...

    And now the user cant make directories using ftp or ssh, this is an bug? Normal Behavior? I need set something else?

    I`m on Debian 6
    ISPConfig 3.0.4.6
     
  2. Wisdown

    Wisdown Member

    While the user ssh exists, as root i cant change the / structure too

    Was trying install group-office which requires and folder on user /, and as user just get Permission Denied on ssh or ftp client.

    Then i logged on server as root and made the dir, but, the dir wasnt avaliable on user /

    So i removed the ssh login and like an magic the folder poped

    Note: I did the ssh login enabling Jailkit since manual sayed is more secure, this behavior is normal? I mean, for every user which i enable ssh, they gonna loose the permission to write on they / directory?
     
    Last edited: Aug 31, 2012
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes. The folders in the jail are required by jailkit.

    Yes, otherwise jailkit would not work, the / of a jail has to be owned by root. But you should not put any files in / anyway, better make a new subdirecory in the web / like /private and put your private files there.
     
  4. Wisdown

    Wisdown Member

    As private you mean set the the sub directories as 770?

    I noticed 2 softwares which requires one private directory inside of /

    moodle
    group-office

    My last question is about "rollback", on the situation of my description, ISPConfig should revert the jail right? Since i deleted the ssh access (deleted the login instead disable user) there no reason for keep the files/folders for ssh right?

    I`m still on tests of installations, in the end i will post my findings.
    Then i will focus on my sasl (from another post) problem, but one thing per time
    Thanks in advice.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    No, I men to create a new directory with the name "private" That directory will be
    availabe in 3.0.5 by default.

    No, the jail shall not be reverted. The reason is that ispconfg can not detect if a application of thsi web still uses a file in one of these folders or if the user or admin has placed a file there.
     
  6. Wisdown

    Wisdown Member

    Ah got it, there any special permission to set, or when an directory named "private" Apache make him hide from internet?

    By the way there any estimated date for the release of 3.0.5? Worrying if i would wait an little more for see if the new release dont gonna have the bug i got with sasl (http://www.howtoforge.com/forums/showthread.php?t=58390) after try both setups, multiple servers and one dedicated server
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Example for permissions:

    Domain: example.tld
    Web user: web1
    Client group: client1

    The commands to create the directory for this example are:

    mkdir /var/www/domain.tld/private
    chown web1:client1 /var/www/domain.tld/private
    chmod 770 /var/www/domain.tld/private

    This ensures that the content in the private directory is only readable by user and group of the website (so the folder is readable by FTP, ssh and the php scripts to include content from there as required by the cms systems you mentioned above).

    This folder will be automatically created in the next ispconfig release and you can create it with the above commands in 3.0.4.6 manually.

    The above thread is about a config problem on your server and not a general bug in ISPConfig. I run all my servers on Debian 6, none of it has a problem with sasl and there are no reported bugs about deban 6 and sasl in the bugtracker while there are ten thousands of servers with this software combination installed, so the problem must be related to the server misconfiguration on that server if you see it from a statistical standpoint. The guide you followed as you tried to fix it is for Ubuntu Linux and not Debian and the Ubuntu problem was already solved some time ago, so does not apply to recent ispconfig versions anyway.

    Which perfects etup guide did you follow to install your server and did youfollow the guide to the letter?

    As a side note, I would recommend to use Dovecot and not courier for new servers. On deoveot servers, sasl is not even required, it is used only for courier.
     
  8. Wisdown

    Wisdown Member

    Thank you for the step by step!!!
    I see now why my tests was doing the things get messed, i was chown www-data:www-data thinking this is default command, now i see my syntax was wrong

    No doubt you know how setup things better then me, so for you is almost impossible have any problem on your servers, but, i`m noob learning about linux, and how the things wok on this side.
    If you ask me something about MSSQL i can help, since i work with MSSQL, but out of MSSQL world i`m noob.

    I followed this guide:

    http://www.howtoforge.com/perfect-server-debian-squeeze-with-bind-and-dovecot-ispconfig-3

    Tried the manual also.
    On multiple server i added spamav / jailkit on all other servers too, the only differ.
    I tried mix some parts too, example: fresh install with ssh, fresh install without ssh, and dindt worked also.

    But on this part:

    I think you discovered the problem source, i checked on ISPConfig pannel and is using Dovecot, so my guess is somehow the setup let courier enabled.
    Then the service is runing looking for something and making the error about sasl

    There an guide for i change this?
    Thanks
     
    Last edited: Aug 31, 2012
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    The setup you used uses dovecot which is fine and ispconfig recognized it correctly as well, so sasl is not required and should not be in use. Maybe the base linux system that you used had courier or another sasl based setup installed. Please post the content of the postfix main.cf file and the output of:

    netstat -tap | grep pop
     
  10. Wisdown

    Wisdown Member

    this is the output:

    tcp 0 0 *:pop3 *:* LISTEN 2454/pop3-login
    tcp 0 0 *:pop3s *:* LISTEN 2454/pop3-login

    Should have the program runing?

    and the file:

    The log from ISPConfig:

     
    Last edited: Aug 31, 2012
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    There must be a wrong pop3 dameon riúnning on your server, on a debian system with dovecot you should see a output similar to this one:

    Code:
    tcp        0      0 *:pop3s                 *:*                     LISTEN      15256/dovecot
    tcp        0      0 *:pop3                  *:*                     LISTEN      15256/dovecot
    What kind of image did you use as basis for your install? Was it a debian minimal image or was it a lamp image or similar install from your provider which had a controlpanel or mailserver installed?

    The main.cf looks fine, but maybe postfux is not even running as you have a wrong pop server too. Please post the output of the commands:

    netstat -tap | grep smtp

    and the output of:

    ls /etc/init.d/
     
  12. Wisdown

    Wisdown Member

    the output:

    I downloaded this one, found the link grayed:

    http://cdimage.debian.org/debian-cd/6.0.5/amd64/bt-dvd/debian-6.0.5-amd64-DVD-1.iso.torrent


    Should i download again?
    There any special version for i get?
    On setup i followed the guide
    Only basic tools when asked
     
    Last edited: Aug 31, 2012
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    The debian install cd is fine, no need to download it again. Postfix is also running.


    Please run:

    /etc/init.d/postfix restart
    /etc/init.d/dovecot restart
    cat /dev/null > /var/lig/mail.log

    and then try to send a email with your mail client again and afterwards post the mail.log file.
     
  14. Wisdown

    Wisdown Member

    here the log:

    If i understand right, my ip now is blocked and yahoo dont gonna accept mails from my ip?
    On this line:

    Isnt to be something like TLS or any encryption method?
     
  15. Wisdown

    Wisdown Member

    I see some curious after check the file list on this link:

    http://cdimage.debian.org/debian-cd/6.0.5/amd64/list-dvd/debian-6.0.5-amd64-DVD-1.list.gz

    There this package:

    libsasl2-2_2.1.23.dfsg1-7_amd64.deb

    BUT, dont have any cyrus package... Neither dovecot


    On this link with an update version:

    http://cdimage.debian.org/debian-cd/6.0.5/amd64/list-dvd/debian-update-6.0.5-amd64-DVD-1.list.gz

    There this packages:

    dovecot-common_1.2.15-7_amd64.deb
    dovecot-dbg_1.2.15-7_amd64.deb
    dovecot-dev_1.2.15-7_amd64.deb
    dovecot-imapd_1.2.15-7_amd64.deb
    dovecot-pop3d_1.2.15-7_amd64.deb
    cyrus-admin-2.2_2.2.13-19+squeeze3_all.deb
    cyrus-clients-2.2_2.2.13-19+squeeze3_amd64.deb
    cyrus-common-2.2_2.2.13-19+squeeze3_amd64.deb
    cyrus-dev-2.2_2.2.13-19+squeeze3_amd64.deb
    cyrus-doc-2.2_2.2.13-19+squeeze3_all.deb
    cyrus-imapd-2.2_2.2.13-19+squeeze3_amd64.deb
    cyrus-murder-2.2_2.2.13-19+squeeze3_amd64.deb
    cyrus-nntpd-2.2_2.2.13-19+squeeze3_amd64.deb
    cyrus-pop3d-2.2_2.2.13-19+squeeze3_amd64.deb
    libcyrus-imap-perl22_2.2.13-19+squeeze3_amd64.deb

    I`m downloading the update version now for test if this would be the problem
    Since you asked about the version and now after notice this differ, i`m guessing should be some issue with pre-compiled packages.

    One question, i will start install everything from scratch again, when shared softwares (like horde mail) ask for domain mail admin, what i should use?
    I need make an mail account inside ISCPConfig like [email protected]? And use this account fot authenticate pop and smtp as owner of the server? I mean for example, in the paramenters to be setted on horde groupware.
    When people using they own domains log inside of horde, they mail will be sended by they domain like [email protected] or you be with my domain [email protected]?

    For clients installing like wordpress, they need set an account for admin too so?
     
    Last edited: Sep 1, 2012
  16. Wisdown

    Wisdown Member

    This DVD called update isnt bootable :(
     
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    All packages get downloaded from debian servers during install over the network, they dont hace to be on the dvd.

    REgarrding your question about horde, I dont use this software, so I cant tell you if this has to be a special email address. I guess it should be enough that the email address exists.
     

Share This Page