| View previous topic :: View next topic |
| Author |
Message |
jmarcus
Apprentice
Joined: 12 Jun 2004
Posts: 197
|
 Posted: Wed Jul 07, 2004 12:56 am Post subject: vsftpd 500 OOPS: capset error |
 |
|
I read this post but didn't get anywhere. I'm new to hardened Gentoo and the NSA kernel.
I emerged vsftpd and get this error:
| Quote: | C:\Documents and Settings\jmarcus>ftp 10.1.5.12
Connected to 10.1.5.12.
220 (vsFTPd 1.2.2)
User (10.1.5.12:(none)): jmarcus
331 Please specify the password.
Password:
230 Login successful.
500 OOPS: capset
Login failed.
ftp> ls
200 PORT command successful. Consider using PASV.
500 OOPS: vsf_sysutil_recv_peek
Connection closed by remote host.
ftp> |
Any thoughts or recommended reading?
thanks,
James |
|
| Back to top |
|
 |
krunk
Guru
Joined: 27 Jul 2003
Posts: 316
|
| Posted: Sun Oct 03, 2004 7:26 pm Post subject: |
|
|
I'm having the exact same problem as the above poster and can find no good information on the problem.
_________________
G4 1ghz iBook
PowerMac G3 (B&W) [Powered by Gentoo and Gentoo alone  ]
Dual G5
iPod 3rd generation |
|
| Back to top |
|
|
basik
n00b
Joined: 27 Nov 2004
Posts: 19
|
| Posted: Sat Nov 27, 2004 7:55 pm Post subject: vsftpd 500 OOPS: capset error |
|
|
I also get the '500 OOPS: capset' when I try to login on my vsftpd server.
A few days ago, I didn't get that message and everything worked just fine. I didn't change my vsftpd config file the past days, but i did sync and also changed a few things in the kernelconfig. Via google I only found the same problem and no solution, but it might have something to do with the kernelconfig. Although I can't think of anything I changed that could have caused the problem. |
|
| Back to top |
|
|
basik
n00b
Joined: 27 Nov 2004
Posts: 19
|
| Posted: Mon Dec 06, 2004 1:00 am Post subject: |
|
|
So, it wasn't my kernelconfig that caused the problem. If it can help somebody this is the config that DOES NOT WORK for me (the one that causes vsftpd to show '500 OOPS: capset - error'):
| Code: |
# config for standalone - anonymous ftp server
# Standalone mode
listen=YES
background=YES
pasv_enable=YES
listen_port=21
max_clients=3
max_per_ip=3
# Access rights
anonymous_enable=YES
local_enable=NO
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
# Security
anon_world_readable_only=YES
anon_root=/ftp
connect_from_port_20=YES
hide_ids=YES
pasv_min_port=50000
pasv_max_port=60000
# Features
xferlog_enable=YES
ls_recurse_enable=NO
ascii_download_enable=NO
async_abor_enable=YES
# Performance
one_process_model=YES
idle_session_timeout=120
data_connection_timeout=300
accept_timeout=60
connect_timeout=60
# 50000 is ongeveer 50KB
anon_max_rate=500000000
banner_file=banner.txt
|
and this configfile DOES WORK for me:
| Code: |
#local_enable=YES
anon_world_readable_only=YES
anon_root=/ftp
write_enable=NO
anonymous_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
guest_enable=NO
listen=YES
listen_port=21
#pasv_min_port=30000
#pasv_max_port=30999
banner_file=/banner.txt
ls_recurse_enable=NO
ascii_download_enable=NO
async_abor_enable=YES
|
and maybe someone can find what's the problem that causes the '500 OOPS: capset' |
|
| Back to top |
|
|
doggizback
n00b
Joined: 04 Dec 2004
Posts: 57
|
| Posted: Tue Sep 26, 2006 7:30 am Post subject: |
|
|
so i know this is like, 2 years old...but...
i ran into this same thing, and it drove me absolutely nuts.
merging libcap didn't help
couldn't find anything on the forums that seemed to do the trick
googled around for ages (this has been going on for about 3 weeks)
method 1 - modprobe capability
not applicable to me, because well...i hadn't built that module. dont know if it works or not, but was mentioned.
method 2 - kernel rebuild
over the past coupla weeks, trying to get alsa to work (separate issue - works now!), ive gotten reasonably comfortable with this. under menuconfig, go to
Security Options ~> well..hell, i checked off everything for safety's sake, but I reckon all I needed to check off is Enable different security models, default linux capabilities, and BSD Secure levels. Supposedly bsd secure levels is all i needed, but eh...im always paranoid building these things. saved the config, rebuilt the kernel, booted 'er on up.... no more obnoxious "OOPS - Capset" error <3
sorry if this is old-hat, but i got it working on mine in this manner...figured maybe just maybe someone else would stumble onto this and find it useful!, cause i racked my brain on it. found nothing on these forums, hardly anything on google, eventually saw something unrelated that prompted me to check my kernelconfig, and sure enough. worked a treat. |
|
| Back to top |
|
|
AA
n00b
Joined: 29 Jul 2003
Posts: 59
|
| Posted: Tue Oct 31, 2006 8:47 pm Post subject: |
|
|
Same issue. (Yet to try the above fix)
| Code: | # ftp localhost
Connected to localhost (127.0.0.1).
220 hostname FTP
Name (localhost:aa): upload
530 Please login with USER and PASS.
SSL not available
331 Please specify the password.
Password:
230 Login successful.
ftp> ls
215 UNIX Type: L8
500 OOPS: vsf_sysutil_recv_peek |
After doing some searching I found that by loading the capability module this issue should be solved.
1st problem. I am using a hardened kernel and perhaps this has something to do with the capability module, but I can't find it.
Am I being a n00b?
| Code: | elvira ~ # modprobe -l | grep capability
elvira ~ # |
|
|
| Back to top |
|
|
AA
n00b
Joined: 29 Jul 2003
Posts: 59
|
| Posted: Wed Nov 01, 2006 12:49 am Post subject: |
|
|
I was being a n00b!
In short, for those of you running hardened kernels, enable (as modules, building it into the kernel caused my system to not boot) under security:
| Quote: | <M> Default Linux Capabilities
<M> Root Plug Support
<M> BSD Secure Levels |
| Code: | elvira ~ # ftp localhost
Connected to localhost (127.0.0.1).
220 server FTP
Name (localhost:aa): upload
530 Please login with USER and PASS.
SSL not available
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -l
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
226 Directory send OK.
ftp> exit
221 Goodbye. |
|
|
| Back to top |
|
|
iaindb
n00b
Joined: 30 Jun 2004
Posts: 19
|
| Posted: Fri Jun 20, 2008 12:07 pm Post subject: USE flags |
|
|
| don't forget to compile vsftpd with the caps USE flag! |
|
| Back to top |
|
|
chiefbag
Guru
Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom
|
| Posted: Mon Dec 12, 2011 9:35 am Post subject: |
|
|
| Quote: | | method 1 - modprobe capability |
That seems to have done the trick, had trouble after an EC2 reboot but I don't recall loading that module in the first place? must have though. |
|
| Back to top |
|
|
|
Networking & Security
