vsftpd permissions

Discussion in 'Installation/Configuration' started by malinens, Jan 26, 2008.

  1. malinens

    malinens New Member

    Why all file permissions are set to 600 and folder permissions are set to 700 when I am uploading something :confused:
    I must manually change permissions after uplaoding files :(
     
    Last edited: Jan 26, 2008
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's in /etc/vsftpd.conf?
     
  3. malinens

    malinens New Member

    Code:
    # Example config file /etc/vsftpd.conf
    #
    # The default compiled in settings are fairly paranoid. This sample file
    # loosens things up a bit, to make the ftp daemon more usable.
    # Please see vsftpd.conf.5 for all compiled in defaults.
    #
    # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
    # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
    # capabilities.
    #
    #
    # Run standalone?  vsftpd can run either from an inetd or as a standalone
    # daemon started from an initscript.
    listen=YES
    #
    # Run standalone with IPv6?
    # Like the listen parameter, except vsftpd will listen on an IPv6 socket
    # instead of an IPv4 one. This parameter and the listen parameter are mutually
    # exclusive.
    #listen_ipv6=YES
    #
    # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
    anonymous_enable=YES
    #
    # Uncomment this to allow local users to log in.
    local_enable=YES
    #
    # Uncomment this to enable any form of FTP write command.
    write_enable=YES
    #
    # Default umask for local users is 077. You may wish to change this to 022,
    # if your users expect that (022 is used by most other ftpd's)
    #local_umask=022
    #
    # Uncomment this to allow the anonymous FTP user to upload files. This only
    # has an effect if the above global write enable is activated. Also, you will
    # obviously need to create a directory writable by the FTP user.
    #anon_upload_enable=YES
    #
    # Uncomment this if you want the anonymous FTP user to be able to create
    # new directories.
    #anon_mkdir_write_enable=YES
    #
    # Activate directory messages - messages given to remote users when they
    # go into a certain directory.
    dirmessage_enable=YES
    #
    # Activate logging of uploads/downloads.
    xferlog_enable=YES
    #
    # Make sure PORT transfer connections originate from port 20 (ftp-data).
    connect_from_port_20=YES
    #
    # If you want, you can arrange for uploaded anonymous files to be owned by
    # a different user. Note! Using "root" for uploaded files is not
    # recommended!
    #chown_uploads=YES
    #chown_username=whoever
    #
    # You may override where the log file goes if you like. The default is shown
    # below.
    #xferlog_file=/var/log/vsftpd.log
    #
    # If you want, you can have your log file in standard ftpd xferlog format
    #xferlog_std_format=YES
    #
    # You may change the default value for timing out an idle session.
    #idle_session_timeout=600
    #
    # You may change the default value for timing out a data connection.
    #data_connection_timeout=120
    #
    # It is recommended that you define on your system a unique user which the
    # ftp server can use as a totally isolated and unprivileged user.
    #nopriv_user=ftpsecure
    #
    # Enable this and the server will recognise asynchronous ABOR requests. Not
    # recommended for security (the code is non-trivial). Not enabling it,
    # however, may confuse older FTP clients.
    #async_abor_enable=YES
    #
    # By default the server will pretend to allow ASCII mode but in fact ignore
    # the request. Turn on the below options to have the server actually do ASCII
    # mangling on files when in ASCII mode.
    # Beware that on some FTP servers, ASCII support allows a denial of service
    # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
    # predicted this attack and has always been safe, reporting the size of the
    # raw file.
    # ASCII mangling is a horrible feature of the protocol.
    #ascii_upload_enable=YES
    #ascii_download_enable=YES
    #
    # You may fully customise the login banner string:
    #ftpd_banner=Welcome to blah FTP service.
    #
    # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    # useful for combatting certain DoS attacks.
    #deny_email_enable=YES
    # (default follows)
    #banned_email_file=/etc/vsftpd.banned_emails
    #
    # You may restrict local users to their home directories.  See the FAQ for
    # the possible risks in this before using chroot_local_user or
    # chroot_list_enable below.
    #chroot_local_user=YES
    #
    # You may specify an explicit list of local users to chroot() to their home
    # directory. If chroot_local_user is YES, then this list becomes a list of
    # users to NOT chroot().
    #chroot_list_enable=YES
    # (default follows)
    #chroot_list_file=/etc/vsftpd.chroot_list
    #
    # You may activate the "-R" option to the builtin ls. This is disabled by
    # default to avoid remote users being able to cause excessive I/O on large
    # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    # the presence of the "-R" option, so there is a strong case for enabling it.
    #ls_recurse_enable=YES
    #
    #
    # Debian customization
    #
    # Some of vsftpd's settings don't fit the Debian filesystem layout by
    # default.  These settings are more Debian-friendly.
    #
    # This option should be the name of a directory which is empty.  Also, the
    # directory should not be writable by the ftp user. This directory is used
    # as a secure chroot() jail at times vsftpd does not require filesystem
    # access.
    secure_chroot_dir=/var/run/vsftpd
    #
    # This string is the name of the PAM service vsftpd will use.
    pam_service_name=vsftpd
    #
    # This option specifies the location of the RSA certificate to use for SSL
    # encrypted connections.
    rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    # This option specifies the location of the RSA key to use for SSL
    # encrypted connections.
    rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    
     
  4. malinens

    malinens New Member

    I have one more problem. I can access ftp through online ftp (net2ftp.com) but I can not login to my ftp account through filezilla.

    I tried to restart vsftpd (SSH):

    Code:
    login as: root
    root@torrentz.lv's password:
    Last login: Tue Jan 29 04:20:10 2008 from balticom-13-41.balticom.lv
    
    Could not connect to database
    Linux server1.torrentz2.oo.lv 2.6.22-14-generic #1 SMP Tue Dec 18 08:02:57 UTC 2                                          007 i686
    
    The programs included with the Ubuntu system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.
    
    Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
    applicable law.
    root@server1:~# /etc/rc.d/init.d/ispconfig_tcpserver restart
    -bash: /etc/rc.d/init.d/ispconfig_tcpserver: No such file or directory
    root@server1:~# /etc/init.d/ispconfig_tcpserver restart
    Stopping ispconfig_tcpserver
    Starting ispconfig_tcpserver/home/admispconfig/ispconfig/tools/tcpserver/ispconf                                          ig_tcpserver: relocation error: /home/admispconfig/ispconfig/tools/tcpserver/isp                                          config_tcpserver: symbol errno, version GLIBC_2.0 not defined in file libc.so.6                                           with link time reference
    /home/admispconfig/ispconfig/tools/tcpserver/ispconfig_tcpserver: relocation err                                          or: /home/admispconfig/ispconfig/tools/tcpserver/ispconfig_tcpserver: symbol err                                          no, version GLIBC_2.0 not defined in file libc.so.6 with link time reference
    
     
  5. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Please enable
    Code:
    local_umask=022
    in vsftpd.conf and restart vsftpd.conf.
    What's the output of
    Code:
    netstat -tap
    and
    Code:
    iptables -L
    ?
     
  6. malinens

    malinens New Member

    Code:
    Proto Recv-Q Send-Q Local Address Foreign Address State       PID/Program name
    tcp        0      0 *:63392                 *:*                     LISTEN     29683/LFS.exe
    tcp        0      0 *:nfs                   *:*                     LISTEN     -
    tcp        0      0 *:55938                 *:*                     LISTEN     -
    tcp        0      0 *:42118                 *:*                     LISTEN     5500/rpc.mountd
    tcp        0      0 *:mysql                 *:*                     LISTEN     5096/mysqld
    tcp        0      0 *:netbios-ssn           *:*                     LISTEN     5621/smbd
    tcp        0      0 *:sunrpc                *:*                     LISTEN     4283/portmap
    tcp        0      0 *:www                   *:*                     LISTEN     -
    tcp        0      0 server1.torrentz2.o:www 212.0.129.65:27674      SYN_RECV   -
    tcp        0      0 *:webmin                *:*                     LISTEN     6663/perl
    tcp        0      0 *:81                    *:*                     LISTEN     -
    tcp        0      0 *:ftp                   *:*                     LISTEN     -
    tcp        0      0 server1.torrentz:domain *:*                     LISTEN     -
    tcp        0      0 server1.torrentz:domain *:*                     LISTEN     -
    tcp        0      0 localhost.locald:domain *:*                     LISTEN     -
    tcp        0      0 *:821                   *:*                     LISTEN     5733/rpc.rquotad
    tcp        0      0 *:46167                 *:*                     LISTEN     4302/rpc.statd
    tcp        0      0 *:3128                  *:*                     LISTEN     5982/(squid)
    tcp        0      0 localhost.lo:postgresql *:*                     LISTEN     5174/postgres
    tcp        0      0 *:smtp                  *:*                     LISTEN     28967/master
    tcp        0      0 localhost.localdoma:953 *:*                     LISTEN     -
    tcp        0      0 *:https                 *:*                     LISTEN     -
    tcp        0      0 *:microsoft-ds          *:*                     LISTEN     5621/smbd
    

    Code:
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    When I am trying to connect to my serveri with filezilla (from Windows XP):

    Code:
    Status:	Nosaka IP adresi my-domain.com
    Status:	Savienojas ar MY-IP:21...
    Status:	Nodibinats savienojums, gaida sagaidisanas zinojumu...
    Atbilde:	220 (vsFTPd 2.0.5)
    Komanda:	USER root
    Atbilde:	331 Please specify the password.
    Komanda:	PASS ********
    Atbilde:	530 Login incorrect.
    Kluda:	Nevar savienoties ar serveri (could not connect to server)
    Status:	Nosaka IP adresi my-domain.com
    Status:	Savienojas ar MY-IP:21...
    Status:	Nodibinats savienojums, gaida sagaidisanas zinojumu...
    Atbilde:	220 (vsFTPd 2.0.5)
    Komanda:	USER juris
    Atbilde:	331 Please specify the password.
    Komanda:	PASS ********
    Atbilde:	[U][B]Could not connect to database[/B][/U]
    Kluda:	Nevar savienoties ar serveri
    Status:	Gaida, lai atkartotu...
    Status:	Nosaka IP adresi my-domain.com
    Status:	Savienojas ar MY-IP:21...
    Status:	Nodibinats savienojums, gaida sagaidisanas zinojumu...
    Atbilde:	220 (vsFTPd 2.0.5)
    Komanda:	USER juris
    Atbilde:	331 Please specify the password.
    Komanda:	PASS ********
    Atbilde:	Could not connect to database
    Kluda:	Nevar savienoties ar serveri
    Status:	Gaida, lai atkartotu...
    Kluda:	Savienosanas meginajumu partraucis lietotajs
    Status:	Nosaka IP adresi my-domain.com
    Status:	Savienojas ar MY-IP:21...
    Status:	Nodibinats savienojums, gaida sagaidisanas zinojumu...
    Atbilde:	220 (vsFTPd 2.0.5)
    Komanda:	USER juris
    Atbilde:	331 Please specify the password.
    Komanda:	PASS ********
    Atbilde:	Could not connect to database
    Kluda:	Nevar savienoties ar serveri
    Status:	Gaida, lai atkartotu...
    Status:	Nosaka IP adresi my-domain.com
    Status:	Savienojas ar MY-IP:21...
    Status:	Nodibinats savienojums, gaida sagaidisanas zinojumu...
    Atbilde:	220 (vsFTPd 2.0.5)
    Komanda:	USER juris
    Atbilde:	331 Please specify the password.
    Komanda:	PASS ********
    Atbilde:	Could not connect to database
    Kluda:	Nevar savienoties ar serveri
    Status:	Gaida, lai atkartotu...
    Status:	Nosaka IP adresi my-domain.com
    Status:	Savienojas ar MY-IP:21...
    Status:	Nodibinats savienojums, gaida sagaidisanas zinojumu...
    Atbilde:	220 (vsFTPd 2.0.5)
    Komanda:	USER juris
    Atbilde:	331 Please specify the password.
    Komanda:	PASS ********
    Atbilde:	Could not connect to database
    Kluda:	Nevar savienoties ar serveri
    Status:	Nosaka IP adresi my-domain.com
    Status:	Savienojas ar MY-IP:21...
    Status:	Nodibinats savienojums, gaida sagaidisanas zinojumu...
    Atbilde:	220 (vsFTPd 2.0.5)
    Komanda:	USER web1_admin
    Atbilde:	331 Please specify the password.
    Komanda:	PASS ********
    Atbilde:	[B][U]Could not connect to database[/U][/B]
    Kluda:	Nevar savienoties ar serveri
    Status:	Gaida, lai atkartotu...
    Status:	Nosaka IP adresi my-domain.com
    Status:	Savienojas ar MY-IP:21...
    Status:	Nodibinats savienojums, gaida sagaidisanas zinojumu...
    Atbilde:	220 (vsFTPd 2.0.5)
    Komanda:	USER web1_admin
    Atbilde:	331 Please specify the password.
    Komanda:	PASS ********
    Atbilde:	Could not connect to database
    Kluda:	Nevar savienoties ar serveri
    Status:	Gaida, lai atkartotu...
    Status:	Nosaka IP adresi my-domain.com
    Status:	Savienojas ar MY-IP:21...
    Status:	Nodibinats savienojums, gaida sagaidisanas zinojumu...
    Atbilde:	220 (vsFTPd 2.0.5)
    Komanda:	USER web1_admin
    Atbilde:	331 Please specify the password.
    Komanda:	PASS ********
    Atbilde:	Could not connect to database
    Kluda:	Nevar savienoties ar serveri
    Status:	Nosaka IP adresi my-domain.com
    Status:	Savienojas ar MY-IP:21...
    Status:	Nodibinats savienojums, gaida sagaidisanas zinojumu...
    Atbilde:	220 (vsFTPd 2.0.5)
    Komanda:	USER root
    Atbilde:	331 Please specify the password.
    Komanda:	PASS ********
    Atbilde:	530 Login incorrect.
    Kluda:	Nevar savienoties ar serveri
    Status:	Nosaka IP adresi my-domain.com
    Status:	Savienojas ar MY-IP:21...
    Status:	Nodibinats savienojums, gaida sagaidisanas zinojumu...
    Atbilde:	220 (vsFTPd 2.0.5)
    Komanda:	USER root
    Atbilde:	331 Please specify the password.
    Komanda:	PASS *******
    Atbilde:	530 Login incorrect.
    Kluda:	Nevar savienoties ar serveri
    Status:	Nosaka IP adresi my-domain.com
    Status:	Savienojas ar MY-IP:21...
    Status:	Nodibinats savienojums, gaida sagaidisanas zinojumu...
    Atbilde:	220 (vsFTPd 2.0.5)
    Komanda:	USER root
    Atbilde:	331 Please specify the password.
    Komanda:	PASS ********
    Atbilde:	530 Login incorrect.
    Kluda:	Nevar savienoties ar serveri
     
    Last edited: Jan 30, 2008
  7. malinens

    malinens New Member

    I have reinstalled vsftpd and enabled local_umask=022 and it works!
    thank you very much :)
     
  8. malinens

    malinens New Member

    When I am using net2ftp.com, I can login and all files and folders are correct (chmod 744 and 644).
    I still can not login using filezilla. Filezilla error: could not connect to database.
     
  9. malinens

    malinens New Member

    I have this problem when I am trying to connect using SSH, too:
    Could not connect to database :eek:
     
  10. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Any errors in your logs? Which distribution are you using?
     
  11. malinens

    malinens New Member

    os: Ubuntu 7.10 desktop edition
    I always get error FAIL LOGIN. I have OK LOGIN when I am connecting to server using net2ftp.com (with the same hostname, login, password)
     
  12. malinens

    malinens New Member

    I gave up with vsftpd.
    Im am trying proftpd now:

    proftpd log:
    Code:
    Jan 12 05:10:18 juris-desktop proftpd[19681] juris-desktop: ProFTPD 1.3.0 (stable) (built Fri Jun 15 12:52:16 GMT 2007) standalone mode STARTUP
    Jan 12 05:10:23 juris-desktop proftpd[19681] juris-desktop: ProFTPD killed (signal 15)
    Jan 12 05:10:23 juris-desktop proftpd[19681] juris-desktop: ProFTPD 1.3.0 standalone mode SHUTDOWN
    Jan 31 22:52:11 server1.torrentz2.oo.lv proftpd[3424] server1.torrentz2.oo.lv: Failed binding to ::, port 21: Address already in use
    Jan 31 22:52:11 server1.torrentz2.oo.lv proftpd[3424] server1.torrentz2.oo.lv: Check the ServerType directive to ensure you are configured correctly.
    Jan 31 23:04:17 server1.torrentz2.oo.lv proftpd[3615] localhost.localdomain: Failed binding to 0.0.0.0, port 21: Address already in use
    Jan 31 23:04:17 server1.torrentz2.oo.lv proftpd[3615] localhost.localdomain: Check the ServerType directive to ensure you are configured correctly.
    
    

    All I want is to create ftp server with one username to edit all directories and files in /var/www, I don't want nothing more :(
     
    Last edited: Jan 31, 2008
  13. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's the output of
    Code:
    netstat -tap
    ? What's in /etc/proftpd.conf?
     
  14. malinens

    malinens New Member

    Code:
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 *:63392                 *:*                     LISTEN     -
    tcp        0      0 *:nfs                   *:*                     LISTEN     -
    tcp        0      0 *:55938                 *:*                     LISTEN     -
    tcp        0      0 *:42118                 *:*                     LISTEN     5500/rpc.mountd
    tcp        0      0 *:mysql                 *:*                     LISTEN     5096/mysqld
    tcp        0      0 *:netbios-ssn           *:*                     LISTEN     5621/smbd
    tcp        0      0 *:5901                  *:*                     LISTEN     -
    tcp        0      0 *:sunrpc                *:*                     LISTEN     4283/portmap
    tcp        0      0 *:www                   *:*                     LISTEN     -
    tcp        0      0 server1.torrentz2.o:www 202.56.4.106:47604      SYN_RECV   -
    tcp        0      0 *:webmin                *:*                     LISTEN     6663/perl
    tcp        0      0 *:x11-1                 *:*                     LISTEN     -
    tcp        0      0 *:81                    *:*                     LISTEN     -
    tcp        0      0 *:ftp                   *:*                     LISTEN     -
    tcp        0      0 server1.torrentz:domain *:*                     LISTEN     -
    tcp        0      0 localhost.locald:domain *:*                     LISTEN     -
    tcp        0      0 *:821                   *:*                     LISTEN     5733/rpc.rquotad
    tcp        0      0 *:46167                 *:*                     LISTEN     4302/rpc.statd
    tcp        0      0 *:3128                  *:*                     LISTEN     5982/(squid)
    tcp        0      0 localhost.lo:postgresql *:*                     LISTEN     5174/postgres
    tcp        0      0 *:smtp                  *:*                     LISTEN     -
    tcp        0      0 localhost.localdoma:953 *:*                     LISTEN     -
    tcp        0      0 *:https                 *:*                     LISTEN     -
    tcp        0      0 *:microsoft-ds          *:*                     LISTEN     5621/smbd
    tcp        0      0 server1.torrentz2.o:www 83.136.142.126:2839     TIME_WAIT  -
    tcp        0      0 server1.torrentz2.o:ftp balticom-13-41.bal:4215 TIME_WAIT  -
    tcp        0      0 server1.torrentz2.o:www 202.93.36.89:14906      TIME_WAIT  -
    tcp        0      0 server1.torrentz2.o:www gw.lnt.lv:52864         TIME_WAIT  -
    tcp        0      0 server1.torrentz2.o:www 203.145.134.213:45186   TIME_WAIT  -
    tcp        0      0 server1.torrentz2.o:www gw.lnt.lv:52865         TIME_WAIT  -
    tcp        0      0 server1.torrentz2.o:www 210.212.163.60:11911    TIME_WAIT  -
    tcp        0      1 server1.torrentz2.o:www 212.93.97.132:17770     FIN_WAIT1  -
    tcp        0      0 server1.torrentz2.o:ftp balticom-13-41.bal:4216 TIME_WAIT  -
    tcp        0      0 server1.torrentz2.o:www cache1.simpur.net:49040 TIME_WAIT  -
    tcp        0      0 server1.torrentz2.o:www 87.110.157.225:2240     TIME_WAIT  -
    tcp        0      0 server1.torrentz2.o:www 203.145.134.213:48409   TIME_WAIT  -
    tcp        0    532 server1.torrentz2.o:www 202.93.36.89:37904      LAST_ACK   -


    I have default proftpd.conf (only changed ipv6 to OFF)

    When I am trying to connect to server I have this error:
    500 FTP server shut down (Mon Jan 14 16:35:03 2008 , Current connections will be dropped: Mon Jan 14 16:25:03 2008) -- please try again later


    my proftpd.log:
    Code:
    Jan 12 05:10:18 juris-desktop proftpd[19681] juris-desktop: ProFTPD 1.3.0 (stable) (built Fri Jun 15 12:52:16 GMT 2007) standalone mode STAR$
    Jan 12 05:10:23 juris-desktop proftpd[19681] juris-desktop: ProFTPD killed (signal 15)
    Jan 12 05:10:23 juris-desktop proftpd[19681] juris-desktop: ProFTPD 1.3.0 standalone mode SHUTDOWN
    Jan 31 22:52:11 server1.torrentz2.oo.lv proftpd[3424] server1.torrentz2.oo.lv: Failed binding to ::, port 21: Address already in use
    Jan 31 22:52:11 server1.torrentz2.oo.lv proftpd[3424] server1.torrentz2.oo.lv: Check the ServerType directive to ensure you are configured c$
    Jan 31 23:04:17 server1.torrentz2.oo.lv proftpd[3615] localhost.localdomain: Failed binding to 0.0.0.0, port 21: Address already in use
    Jan 31 23:04:17 server1.torrentz2.oo.lv proftpd[3615] localhost.localdomain: Check the ServerType directive to ensure you are configured cor$
    Jan 31 23:36:10 server1.torrentz2.oo.lv proftpd[4134] localhost.localdomain: Failed binding to 0.0.0.0, port 21: Address already in use
    Jan 31 23:36:10 server1.torrentz2.oo.lv proftpd[4134] localhost.localdomain: Check the ServerType directive to ensure you are configured cor$
    Feb 01 18:09:59 server1.torrentz2.oo.lv proftpd[16554] localhost.localdomain: ProFTPD 1.3.0 (stable) (built Fri Jun 15 12:52:16 GMT 2007) st$
    Feb 01 18:09:59 server1.torrentz2.oo.lv proftpd[16554] localhost.localdomain: /etc/shutmsg present: all incoming connections will be refused.
    Feb 01 18:10:30 server1.torrentz2.oo.lv proftpd[16574] localhost.localdomain (localhost.localdomain[127.0.0.1]): connection refused (Mon Jan$
    Feb 01 18:12:07 server1.torrentz2.oo.lv proftpd[16554] localhost.localdomain: ProFTPD killed (signal 15)
    Feb 01 18:12:07 server1.torrentz2.oo.lv proftpd[16554] localhost.localdomain: ProFTPD 1.3.0 standalone mode SHUTDOWN
    Feb 01 18:12:58 server1.torrentz2.oo.lv proftpd[16821] localhost.localdomain: ProFTPD 1.3.0 (stable) (built Fri Jun 15 12:52:16 GMT 2007) st$
    Feb 01 18:12:58 server1.torrentz2.oo.lv proftpd[16821] localhost.localdomain: /etc/shutmsg present: all incoming connections will be refused.
    Feb 01 18:18:46 server1.torrentz2.oo.lv proftpd[16821] localhost.localdomain: ProFTPD killed (signal 15)
    Feb 01 18:18:46 server1.torrentz2.oo.lv proftpd[16821] localhost.localdomain: ProFTPD 1.3.0 standalone mode SHUTDOWN
    Feb 01 18:18:50 server1.torrentz2.oo.lv proftpd[17240] localhost.localdomain: ProFTPD 1.3.0 (stable) (built Fri Jun 15 12:52:16 GMT 2007) st$
    Feb 01 18:18:50 server1.torrentz2.oo.lv proftpd[17240] localhost.localdomain: /etc/shutmsg present: all incoming connections will be refused.
    Feb 01 18:20:06 server1.torrentz2.oo.lv proftpd[17240] localhost.localdomain: ProFTPD killed (signal 15)
    Feb 01 18:20:06 server1.torrentz2.oo.lv proftpd[17240] localhost.localdomain: ProFTPD 1.3.0 standalone mode SHUTDOWN
    Feb 01 18:33:16 server1.torrentz2.oo.lv proftpd[18028] localhost.localdomain: ProFTPD 1.3.0 (stable) (built Fri Jun 15 12:52:16 GMT 2007) st$
    Feb 01 18:33:16 server1.torrentz2.oo.lv proftpd[18028] localhost.localdomain: /etc/shutmsg present: all incoming connections will be refused.
    Feb 01 18:35:25 server1.torrentz2.oo.lv proftpd[18028] localhost.localdomain: ProFTPD killed (signal 15)
    Feb 01 18:35:25 server1.torrentz2.oo.lv proftpd[18028] localhost.localdomain: ProFTPD 1.3.0 standalone mode SHUTDOWN
    Feb 01 18:35:27 server1.torrentz2.oo.lv proftpd[18102] localhost.localdomain: ProFTPD 1.3.0 (stable) (built Fri Jun 15 12:52:16 GMT 2007) st$
    Feb 01 18:35:27 server1.torrentz2.oo.lv proftpd[18102] localhost.localdomain: /etc/shutmsg present: all incoming connections will be refused.
    Feb 01 18:36:25 server1.torrentz2.oo.lv proftpd[18142] localhost.localdomain (localhost.localdomain[127.0.0.1]): connection refused (Mon Jan$
    Feb 01 18:36:27 server1.torrentz2.oo.lv proftpd[18147] localhost.localdomain (localhost.localdomain[127.0.0.1]): connection refused (Mon Jan$
    Feb 01 18:36:32 server1.torrentz2.oo.lv proftpd[18167] localhost.localdomain (localhost.localdomain[127.0.0.1]): connection refused (Mon Jan$
    Feb 01 18:36:34 server1.torrentz2.oo.lv proftpd[18171] localhost.localdomain (localhost.localdomain[127.0.0.1]): connection refused (Mon Jan$
    Feb 01 18:38:31 server1.torrentz2.oo.lv proftpd[18102] localhost.localdomain: ProFTPD killed (signal 15)
    Feb 01 18:38:31 server1.torrentz2.oo.lv proftpd[18102] localhost.localdomain: ProFTPD 1.3.0 standalone mode SHUTDOWN
    Feb 01 18:38:31 server1.torrentz2.oo.lv proftpd[18439] localhost.localdomain: ProFTPD 1.3.0 (stable) (built Fri Jun 15 12:52:16 GMT 2007) st$
    Feb 01 18:38:31 server1.torrentz2.oo.lv proftpd[18439] localhost.localdomain: /etc/shutmsg present: all incoming connections will be refused.
    Feb 01 18:38:44 server1.torrentz2.oo.lv proftpd[18448] localhost.localdomain (localhost.localdomain[127.0.0.1]): connection refused (Mon Jan$
    Feb 01 18:38:56 server1.torrentz2.oo.lv proftpd[18473] localhost.localdomain (localhost.localdomain[127.0.0.1]): connection refused (Mon Jan$
    Feb 01 18:38:58 server1.torrentz2.oo.lv proftpd[18476] localhost.localdomain (localhost.localdomain[127.0.0.1]): connection refused (Mon Jan$
    Feb 01 18:39:14 server1.torrentz2.oo.lv proftpd[18579] localhost.localdomain (localhost.localdomain[127.0.0.1]): connection refused (Mon Jan$
    Feb 01 18:39:27 server1.torrentz2.oo.lv proftpd[18583] localhost.localdomain (balticom-13-41.balticom.lv[77.93.13.41]): connection refused ($
    Feb 01 18:39:34 server1.torrentz2.oo.lv proftpd[18584] localhost.localdomain (balticom-13-41.balticom.lv[77.93.13.41]): connection refused ($
    Feb 01 18:46:30 server1.torrentz2.oo.lv proftpd[18914] localhost.localdomain (1-1-1-2a.far.sth.bostream.se[82.182.32.4]): connection refused$
    
     
    Last edited: Feb 1, 2008
  15. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Port 21 is still in use. Have you tried to reboot the system?
     
  16. malinens

    malinens New Member

    I have vsftpd again now :)
    I have this problem with chmod- when I upload files and folders, chmod for all uploaded folders are 770 and for all uploaded files 660 and I need manually to change CHMOD. How can I fix it?
    vsftpd:
    netstat -tap | grep ftp

    Code:
    tcp        0      0 *:ftp                   *:*                     LISTEN     -
    tcp        0      0 server1.torrentz2.o:ftp 89.254.130.118:1442     ESTABLISHED-
    tcp        0      0 server1.torrentz2.o:ftp 89.254.130.118:1442     ESTABLISHED-

    netstat -tap
    Code:
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 *:63392                 *:*                     LISTEN     -
    tcp        0      0 *:20000                 *:*                     LISTEN     -
    tcp        0      0 *:nfs                   *:*                     LISTEN     -
    tcp        0      0 *:55938                 *:*                     LISTEN     -
    tcp        0      0 *:42118                 *:*                     LISTEN     5500/rpc.mountd
    tcp        0      0 server1.torrentz2:27015 *:*                     LISTEN     -
    tcp        0      0 *:mysql                 *:*                     LISTEN     5096/mysqld
    tcp        0      0 *:netbios-ssn           *:*                     LISTEN     5621/smbd
    tcp        0      0 *:5901                  *:*                     LISTEN     -
    tcp        0      0 *:sunrpc                *:*                     LISTEN     4283/portmap
    tcp        0      0 *:www                   *:*                     LISTEN     -
    tcp        0      0 server1.torrentz2.o:www infoginimp-wd08.w:39479 SYN_RECV   -
    tcp        0      0 server1.torrentz2.o:www 213.158.194.228:4096    SYN_RECV   -
    tcp        0      0 *:webmin                *:*                     LISTEN     6663/perl
    tcp        0      0 *:81                    *:*                     LISTEN     -
    tcp        0      0 *:x11-1                 *:*                     LISTEN     -
    tcp        0      0 server1.torrentz:domain *:*                     LISTEN     -
    tcp        0      0 localhost.locald:domain *:*                     LISTEN     -
    tcp        0      0 *:ftp                   *:*                     LISTEN     -
    tcp        0      0 *:821                   *:*                     LISTEN     5733/rpc.rquotad
    tcp        0      0 *:46167                 *:*                     LISTEN     4302/rpc.statd
    tcp        0      0 *:3128                  *:*                     LISTEN     5982/(squid)
    tcp        0      0 localhost.lo:postgresql *:*                     LISTEN     5174/postgres
    tcp        0      0 *:smtp                  *:*                     LISTEN     -
    tcp        0      0 localhost.localdoma:953 *:*                     LISTEN     -
    tcp        0      0 *:https                 *:*                     LISTEN     -
    tcp        0      0 *:microsoft-ds          *:*                     LISTEN     5621/smbd
    tcp        0      1 server1.torrentz2.o:www 213.158.194.228:6684    FIN_WAIT1  -
    tcp        0      0 server1.torrentz2.o:www server1.torrentz2:33496 TIME_WAIT  -
    tcp        0      0 server1.torrentz2.o:www server1.torrentz2:33467 TIME_WAIT  -
    tcp        0      1 server1.torrentz2.o:www apn-77-112-37-6.g:16937 FIN_WAIT1  -
    tcp        0      0 server1.torrentz2.o:www multi.gnt.lv:1097       TIME_WAIT  -
    tcp        0      0 server1.torrentz2.o:www 125.18.239.135:41421    TIME_WAIT  -
    tcp        0      0 server1.torrentz2.o:www courage.london.02:35621 TIME_WAIT  -
    tcp       22      0 server1.torrentz2:27015 server1.torrentz2:36123 CLOSE_WAIT -
    tcp        0      0 server1.torrentz2.o:www 213.158.194.228:20913   FIN_WAIT2  -
    tcp        0      0 server1.torrentz2.o:www 202.91.18.245:54264     TIME_WAIT  -
    tcp        0      0 server1.torrentz2.o:www vc-196-207-33-198:32138 ESTABLISHED-
    tcp        0      0 server1.torrentz2.o:www vc-196-207-32-38.:24289 TIME_WAIT  -
    




    vsftpd.conf:

    Code:
    ftp_username=root
    #
    # The default compiled in settings are fairly paranoid. This sample file
    # loosens things up a bit, to make the ftp daemon more usable.
    # Please see vsftpd.conf.5 for all compiled in defaults.
    #
    # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
    # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
    # capabilities.
    #
    #
    # Run standalone?  vsftpd can run either from an inetd or as a standalone
    # daemon started from an initscript.
    listen=YES
    #
    # Run standalone with IPv6?
    # Like the listen parameter, except vsftpd will listen on an IPv6 socket
    # instead of an IPv4 one. This parameter and the listen parameter are mutually
    # exclusive.
    listen_ipv6=NO
    #
    # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
    anonymous_enable=NO
    #
    # Uncomment this to allow local users to log in.
    local_enable=YES
    #
    # Uncomment this to enable any form of FTP write command.
    write_enable=YES
    #
    # Default umask for local users is 077. You may wish to change this to 022,
    # if your users expect that (022 is used by most other ftpd's)
    local_umask=078
    #
    # Uncomment this to allow the anonymous FTP user to upload files. This only
    # has an effect if the above global write enable is activated. Also, you will
    # obviously need to create a directory writable by the FTP user.
    #anon_upload_enable=YES
    #
    # Uncomment this if you want the anonymous FTP user to be able to create
    # new directories.
    #anon_mkdir_write_enable=YES
    #
    # Activate directory messages - messages given to remote users when they
    # go into a certain directory.
    dirmessage_enable=YES
    #
    # Activate logging of uploads/downloads.
    xferlog_enable=YES
    #
    # Make sure PORT transfer connections originate from port 20 (ftp-data).
    connect_from_port_20=YES
    #
    # If you want, you can arrange for uploaded anonymous files to be owned by
    # a different user. Note! Using "root" for uploaded files is not
    # recommended!
    #chown_uploads=YES
    #chown_username=whoever
    #
    # You may override where the log file goes if you like. The default is shown
    # below.
    #xferlog_file=/var/log/vsftpd.log
    #
    # If you want, you can have your log file in standard ftpd xferlog format
    #xferlog_std_format=YES
    #
    # You may change the default value for timing out an idle session.
    idle_session_timeout=600
    #
    # You may change the default value for timing out a data connection.
    data_connection_timeout=120
    #
    # It is recommended that you define on your system a unique user which the
    # ftp server can use as a totally isolated and unprivileged user.
    #nopriv_user=ftpsecure
    #
    # Enable this and the server will recognise asynchronous ABOR requests. Not
    # recommended for security (the code is non-trivial). Not enabling it,
    # however, may confuse older FTP clients.
    #async_abor_enable=YES
    #
    # By default the server will pretend to allow ASCII mode but in fact ignore
    # the request. Turn on the below options to have the server actually do ASCII
    # mangling on files when in ASCII mode.
    # Beware that on some FTP servers, ASCII support allows a denial of service
    # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
    # predicted this attack and has always been safe, reporting the size of the
    # raw file.
    # ASCII mangling is a horrible feature of the protocol.
    #ascii_upload_enable=YES
    #ascii_download_enable=YES
    #
    # You may fully customise the login banner string:
    ftpd_banner=Welcome to torrentz.lv FTP service.
    #
    # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    # useful for combatting certain DoS attacks.
    deny_email_enable=NO
    # (default follows)
    #banned_email_file=/etc/vsftpd.banned_emails
    #
    # You may restrict local users to their home directories.  See the FAQ for
    # the possible risks in this before using chroot_local_user or
    # chroot_list_enable below.
    #chroot_local_user=YES
    #
    # You may specify an explicit list of local users to chroot() to their home
    chroot_local_user=NO
    # users to NOT chroot().
    chroot_list_enable=NO
    # (default follows)
    #chroot_list_file=/etc/vsftpd.chroot_list
    #
    # You may activate the "-R" option to the builtin ls. This is disabled by
    # default to avoid remote users being able to cause excessive I/O on large
    # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    # the presence of the "-R" option, so there is a strong case for enabling it.
    #ls_recurse_enable=YES
    #
    #
    # Debian customization
    #
    # Some of vsftpd's settings don't fit the Debian filesystem layout by
    # default.  These settings are more Debian-friendly.
    #
    # This option should be the name of a directory which is empty.  Also, the
    # directory should not be writable by the ftp user. This directory is used
    # as a secure chroot() jail at times vsftpd does not require filesystem
    # access.
    secure_chroot_dir=/var/run/vsftpd
    #
    # This string is the name of the PAM service vsftpd will use.
    pam_service_name=vsftpd
    #
    # This option specifies the location of the RSA certificate to use for SSL
    # encrypted connections.
    rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    # This option specifies the location of the RSA key to use for SSL
    # encrypted connections.
    rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    force_dot_files=NO
    #hide_file=
    #anon_max_rate=
    #local_max_rate=
    

    why I have vsftpd_127.0.0.1.conf and vsftpd_MY_EXTERNAL_IP.conf?


    my /etc/hosts:
    Code:
    127.0.0.1 localhost.localdomain localhost
    193.46.236.141 server1.torrentz2.oo.lv server1
    
    # The following lines are desirable for IPv6 capable hosts
    ::1     ip6-localhost ip6-loopback server1.torrentz2.oo.lv
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    

    When I try to CHMOD using PHP, I have error: permission denied (this file can be 644, 777, 660 but always the same error...)
     
    Last edited: Feb 25, 2008
  17. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Please set
    Code:
    local_umask=022
    in your vsftpd.conf. I'd also set
    Code:
    chroot_local_user=YES
    because otherwise FTP users can browse all directories on the server.
     
  18. malinens

    malinens New Member

    Problem solved :)
    Thank you, falko!
    You are the best!
     

Share This Page