| View previous topic :: View next topic |
| Author |
Message |
Luc484
Veteran
Joined: 26 Mar 2005
Posts: 1035
Location: Italy
|
 Posted: Tue Jul 24, 2007 7:22 pm Post subject: [Solved] Proftpd cannot access directory |
 |
|
Hi! I just noticed my proftpd configuration stopped working. When I try to login I get "Unable to set anonymous privileges.". In /var/log/messages I see "directory ~/ftp is not accessible". I tried to change the user in proftpd.conf with the one I commonly use to login, but I get the same:
| Code: | # This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anonymous access.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
RequireValidShell off
AuthPAM off
AuthPAMConfig ftp
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit the maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User luca
Group users
# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>
# A basic anonymous configuration, with no upload directories.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp".
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins.
MaxClients 10
AnonRequirePassword off
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot.
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
|
Any idea why? What can I do to understand what's wrong?
Thank you.
Last edited by Luc484 on Thu Jul 26, 2007 9:37 am; edited 1 time in total |
|
| Back to top |
|
 |
mattsteven
Apprentice
Joined: 27 Oct 2003
Posts: 240
Location: Your Planet
|
| Posted: Tue Jul 24, 2007 8:01 pm Post subject: |
|
|
Ciao- Some questions to ask yourself:
Have you looked at the permissions of /home/ftp? Is it owned by "ftp"? Do you have a "ftp" user in the system?
_________________
Matthew Steven
Linux-only desktop since 1998
Graying hair since 2006 |
|
| Back to top |
|
|
Luc484
Veteran
Joined: 26 Mar 2005
Posts: 1035
Location: Italy
|
| Posted: Wed Jul 25, 2007 8:57 am Post subject: |
|
|
| mattsteven wrote: | Ciao- Some questions to ask yourself:
Have you looked at the permissions of /home/ftp? Is it owned by "ftp"? Do you have a "ftp" user in the system? |
Yes. Everything was ok. I tried to search with google and I found out that these could be possible problems. So I checked.
Now I'm trying to do everything again, following the gentoo proftpd guide. I removed the user ftp and I'm trying to create it again. I used the command:
| Code: | | useradd -d /home/ftp -s /bin/ftp -g ftp ftp |
to add the new user. Now I can see it:
| Code: | cluca home # grep ftp /etc/passwd
ftp_priv:x:1002:100::/usr/ftp_private:/bin/false
proftp:x:1003:100::/home/proftp:/bin/ftp
proftpd:x:1005:100::/home/proftpd:/bin/ftp
tesi:x:1006:1006::/home/tesi:/bin/ftp
ftp:x:1007:1011::/home/ftp:/bin/ftp |
So the user exists, right?
And the directory seems to me to have the correct privileges:
| Code: | cluca home # ls -l
total 12
drwxr-xr-x 2 ftp ftp 4096 2007-07-25 09:54 ftp
drwxrwxrwx 92 luca users 8192 2007-07-24 19:25 luca |
Do you see anything wrong?
Thanks for your help! |
|
| Back to top |
|
|
mattsteven
Apprentice
Joined: 27 Oct 2003
Posts: 240
Location: Your Planet
|
| Posted: Wed Jul 25, 2007 7:33 pm Post subject: |
|
|
I would suggest you change the shell of user ftp to /bin/false. You're unlikely to want the ftp user to log in just to use ftp again in a shell. No shell at all would be better.
Also add | Code: | | RequireValidShell off |
in your Anonymous block to permit logins from users that are not using something that is in /etc/shells. /bin/ftp is probably not there.
I would also run the overall server as user 'nobody' as this is the usual practice.
| Code: | # Set the user and group that the server normally runs at.
User nobody
Group nobody
|
This should make it work, but if it doesn't you should be reading the log file - probably /var/log/proftpd.log or similar, it will normally tell you exactly what is wrong.
_________________
Matthew Steven
Linux-only desktop since 1998
Graying hair since 2006 |
|
| Back to top |
|
|
Luc484
Veteran
Joined: 26 Mar 2005
Posts: 1035
Location: Italy
|
| Posted: Wed Jul 25, 2007 10:40 pm Post subject: |
|
|
I tried to apply all the changes you suggested but nothing seemed to change. Always the same answer. I set the DebugLevel to 9 and I looked at the /var/log/messages. This is what I see:
| Code: | Jul 25 23:14:17 cluca proftpd[26483]: cluca - ProFTPD 1.3.1rc2 (devel) (built Mon Jul 2 18:25:52 CEST 2007) standalone mode STARTUP
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - performing ident lookup
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ident lookup returned 'UNKNOWN'
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - connected - local : 82.50.190.222:21
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - connected - remote : 192.168.0.9:49322
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - FTP session opened.
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_tls
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_core
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_core
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_delay
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_auth
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching CMD command 'USER anonymous' to mod_ratio
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching CMD command 'USER anonymous' to mod_auth
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching POST_CMD command 'USER anonymous' to mod_delay
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching LOG_CMD command 'USER anonymous' to mod_log
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_tls
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_wrap
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching CMD command 'PASS (hidden)' to mod_auth
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ROOT PRIVS at mod_auth.c:478
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - RELINQUISH PRIVS at mod_auth.c:480
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ROOT PRIVS at mod_auth.c:965
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - SETUP PRIVS at mod_auth.c:980
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ROOT PRIVS at mod_auth.c:1000
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - SETUP PRIVS at mod_auth.c:1015
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ftp: Directory ~ftp/ is not accessible.
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log
Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_tls
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_core
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_core
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_delay
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_auth
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching CMD command 'USER anonymous' to mod_ratio
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching CMD command 'USER anonymous' to mod_auth
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching POST_CMD command 'USER anonymous' to mod_delay
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching LOG_CMD command 'USER anonymous' to mod_log
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_tls
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_wrap
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching CMD command 'PASS (hidden)' to mod_auth
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ROOT PRIVS at mod_auth.c:478
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - RELINQUISH PRIVS at mod_auth.c:480
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ROOT PRIVS at mod_auth.c:965
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - SETUP PRIVS at mod_auth.c:980
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ROOT PRIVS at mod_auth.c:1000
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - SETUP PRIVS at mod_auth.c:1015
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ftp: Directory ~ftp/ is not accessible.
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth
Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - FTP session closed. |
I see always the same error message about ~ftp. Any idea?
Thank you very much for your help!
EDIT: Ok, I found the solution. It was sufficient to add the USE -acl. I thought it was sufficient to not have it in make.conf.
Thanks to everyone. |
|
| Back to top |
|
|
|
Networking & Security
