vsftpd issue

da1 · 10-02-2007, 05:25 PM

my vsftpd conf file

Code:

background=YES
listen=NO
anonymous_enable=YES
local_enable=YES
write_enable=YES
#local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
#chown_uploads=YES
#chown_username=whoever
xferlog_file=/var/log/vsftpd/vsftpd.log
#xferlog_std_format=YES
idle_session_timeout=300
data_connection_timeout=120
nopriv_user=ftp
#async_abor_enable=YES
ascii_upload_enable=NO
ascii_download_enable=YES
ftpd_banner=Welcome to dchub.da1.ro VSFTPD service.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#ls_recurse_enable=YES
secure_chroot_dir=/usr/local/share/vsftpd/empty

chroot_local_user=YES

it runs from inetd, and runs well from console (local or through ssh), but rom mozilla, IE or anykind of ftp client i get 500 OOPS: child died.

logs:

Code:

Wed Oct  3 00:34:49 2007 [pid 8110] CONNECT: Client "127.0.0.1"
Wed Oct  3 00:34:53 2007 [pid 8109] [da1] OK LOGIN: Client "127.0.0.1"
Wed Oct  3 00:35:09 2007 [pid 8126] CONNECT: Client "192.168.0.2"
Wed Oct  3 00:35:09 2007 [pid 8125] [ftp] OK LOGIN: Client "192.168.0.2", anon password "mozilla@example.com"
Wed Oct  3 00:36:47 2007 [pid 8295] CONNECT: Client "192.168.0.2"
Wed Oct  3 00:36:47 2007 [pid 8294] [ftp] OK LOGIN: Client "192.168.0.2", anon password "mozilla@example.com"

freebsd 6.2, custom kernel.....
ideas?

ps: no firewall anywhere

indienick · 10-02-2007, 08:44 PM

I think the second line of the conf file you posted might have something to do with it:

Quote:

background=YES
listen=NO
anonymous_enable=YES
...

Change listen to "YES" and see what happens.

da1 · 10-02-2007, 09:38 PM

is i set it yo YES] then i must run vsftpd as standalone daemon, and not through inetd. and that is kinna the opposite of what i whant.....and anyway, the error remains (in the browsers i get the windows to enter the user and password, but after that i get the error)

indienick · 10-02-2007, 09:51 PM

Okay, well...since it's not an option within the vsftpd conf file, perhaps it may be a setting in the inetd conf file (FYI. I don't use inetd or xinetd).

Try checking through there, and if there aren't any hints, post your inetd conf file, and the rest of us can take a look at it.

da1 · 10-02-2007, 11:13 PM

the line in inetd for vsftpd is

Code:

ftp     stream  tcp     nowait  root    /usr/local/libexec/vsftpd       vsftpd

but i seriously doubt this is the problem. why? because from console it works (local and ssh)

anomie · 10-03-2007, 09:40 AM

What does sockstat -4 show?

da1 · 10-03-2007, 10:10 AM

a wholle lot of conexions (as i have a dc++ hub), but regarding the curent issue, this is the only relevant line

Code:

root     inetd      83441 6  tcp4   *:22                  *:*

ps: you want the entire output ?

anomie · 10-03-2007, 10:34 AM

Sure, let's see the full output. The line you posted indicates that inetd is listening for all interfaces on tcp 22..?? That is typically used by sshd. Did you intend for vsftpd to listen on a non-standard port?

Actually sockstat -4l would be even better (only listening sockets).

da1 · 10-03-2007, 11:58 AM

ow s#it, i'm sorry.....it's 21, but i copied the wrong line. the correct one is

Code:

root     inetd      83441 5  tcp4   *:21                  *:*

yes, i know this indicated inetd runs vsftpd and runs it well.
the entire output of sockstat -4l is as follows

Code:

USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
www      httpd      66659 3  tcp4   *:80                  *:*
www      httpd      66658 3  tcp4   *:80                  *:*
www      httpd      66657 3  tcp4   *:80                  *:*
www      httpd      66656 3  tcp4   *:80                  *:*
www      httpd      66655 3  tcp4   *:80                  *:*
www      httpd      66654 3  tcp4   *:80                  *:*
root     httpd      66652 3  tcp4   *:80                  *:*
da1      verlihub   6644  5  tcp4   *:4111                *:*
root     inetd      83441 5  tcp4   *:21                  *:*
root     inetd      83441 6  tcp4   *:22                  *:*
root     sendmail   868   4  tcp4   127.0.0.1:25          *:*
mysql    mysqld     867   10 tcp4   *:3306                *:*
root     syslogd    724   6  udp4   *:514                 *:*

as you can see, inetd listens on 21 for the ftp daemon

anomie · 10-03-2007, 01:46 PM

It's listening on all interfaces, so the next thing I would do is use netcap or nmap from one of the client machines to confirm that tcp port 21 (on your FBSD box) is open to it.

It sounds like you're using Windows clients, so nmap is probably a better choice.

If tcp 21 is open to the clients, you can narrow things down to something at the application level.

da1 · 10-03-2007, 03:19 PM

windows nmap confirms port 21 to be open

Code:

PORT     STATE   SERVICE
21/tcp     open   ftp

if say the port wasn't open on my fbsd bo, i would not have received the error vsftpd throws at me ( 500 OOPS: child died )

anomie · 10-03-2007, 03:27 PM

From here what I'd do is temporarily revert to the default vsftpd configuration file (IIRC, it is operational and allowing anonymous authentication) that was installed by the port, and test again. Still broken?

da1 · 10-03-2007, 03:43 PM

solved it. i reverted back to the standard conf file, and it worked with a minor issue: the home ftp (/home/ftp) folder was owned by the ftp user (and that is not right). so i changed ownership of the ftp user to root and the daemon worked. afterward i reverted back to my configuration and everything is fine now.

thx for the support.