Can't make vsftp works on Ubuntu - Users can't login
Hello
I am a "light" user of Linux, not a totally newbie but rather inexpert with advanced configurations (and some basics concepts, of course ;)). I have an Ubuntu 9.10 server and i need to use an ftp server. I installed vsftp but i can't make it to work. What doesn't work is that can't login to the ftp server with my user(s). I created a user ("AddressBookUser") that should access to some files located on "/var/www/fpt/rubriche/". I set this folder as his home. Here is the row for this user in /etc/passwd: Quote:
This is my /etc/vsftp.conf: Quote:
AddressBookAdmin AddressBookUser vsftpd.chroot_list exists, but as you see above the chroot_list_file directive is disabled. When i try to connect to the FTP server the connections is established but after i insert "AddressBookUser" as user name and confirm i get a "530 permission denied" message. This occurs both from the network (LAN) computers and locally: Quote:
I googled a lot but found anything useful. Anyone can help me? Thank you |
1) first of all check if you have enabled your vsftpd daemon running
if not use following command. "sudo /etc/init.d/vsftpd start" 2) have you created rule on your ip tables to allow incoming traffic for ftp? in that case you ca try flushing them "sudo iptables -F" NOTE: note flushing iptables in not good choice but you can try it for temperory testing. 3) have you set correct permission on your ftp share folder/file? |
vsftpd is running (as i said i can login with user "webs")
AFAIK iptables is not running. If i run sysv-rc-conf i don't see it on the list of deamons. The home of "AddressBookUser" is set as following: Quote:
Differently, i created another user, "AddressBookAdmin", member of the "ftpusers" group. This group has write access to that folder (that is the home for this user, too) but he can't login, neither. |
If this thread is true, I think that having AddressBookUser having their console set to /bin/false may be a problem. There apparently a number of ways to solve this one. If you google "vsftpd bin false" you'll find a bunch. I'm not sure which one you would be more comfortable following, so I'll leave that to you.
|
I missed to tell it before, but i've already tried to set the console to something different than "false", as "sh" or "bash", but it doesn't solve the problem. Even with this values i can't login. But, as i said, if i try to login with the "main" Ubuntu user i can regularly log in. So there must be something else related to the users. Maybe they'd have to be member of some other groups in addition to the one thy are member of? I don't have the concepts clear about this.
|
Some additional infos. The problem seems to be not related to the FTP service, but rather it's a problem of correct definition of the user(s) on my system. I realized that i can't login to the system neither with any of the users i have created nor with any other new one that i can try to create. I mean not only the login trough fpt but every type of login (local shell, via Putty from another machine, ecc.). So it's something wrong on the user definition, but i can't figure out what.
|
Have you looked in the vsftpd log files? It is usually pretty good about logging stuff, so there may be some additional clues as to why this is happening.
The only other thing I can think of is to start turning off options in vsftpd.conf one at a time and see if anything allows AddressBookUser to log in. Personally I'd start with the userlist directives in case something is misconfigured there. Then I'd try turning off chrooting. At this point there are so many possibilities that we can't really give guidance until we have a better idea of where things are goofed up. If the logs aren't helping, then trying one at a time changes is really the best way to diagnose the problem. |
Quote:
[EDIT] I take that back, you can't su to a /bin/false user. However, if the user is invalid, it appears that su complains whereas a valid user it doesn't.[/EDIT] |
Quote:
|
Hi
Quote:
Note also that /bin/false is correct as a shell if you don't want that user to have shell access to your box. Regards |
Quote:
No, I think he's got it right: Quote:
Quote:
|
A little update. As said in my first post if I enable the userlist file, as follows:
Quote:
If i comment them (that is the same as setting "userlist_enable=NO", AFAIK) i get i a different response: i am prompted for the password and after i insert it i receive a "530 login incorrect". Obviously, i take care to insert the correct pw. Regarding to the setting of the shell: i consciously set it to "/bin/false" because i don't want the user can log in shell. Anyway, at the moment i tried to change it to "/bin/bash" to reduce the potential problems, but anything changes. |
Is the directory /var/www/ftp/rubriche writable by that user?
Code:
ls -l /var/www/ftp/rubriche |
Update guys!
I tried to update/change the password for my two users and now one of the two can finally login! But there's still something that i can't understand here. So, here you are the situation: (Note: i changed the name of the users to shorter and simplier names) user "abadmin" is currently set with shell "/bin/bash" user "abuser" is currently set with shell "/bin/false" directives "userlist_enable" and "userlist_file" are disabled (commented) With this settings "abadmin" can login, both with via ftp client and a shell. "abuser" instead still can't login. Perhaps the passwords have been badly set previously and reassigning them has fixed things. Anyway, the value of the shell for the users seems to be something that still play a role here. AFAIK setting the shell to "false" for the ftp users is common practive, but here seems to determine if ftp users can login or not. I still have some confusion about this. |
Directory /var/www/ftp/rubriche (that is the home for both the ftp users) is set as follows:
Quote:
Here are the settings for these two users in /etc/passwd: Quote:
|
You have to check if /bin/false exists in /etc/shells as a valid shell.
Also check logs for hints. |
OK, after googling a little more and making some more tries i think i finally got everything working like expected!
Here is my final steps. AFAIK the reason why "abuser" couldn't login was that "/bin/false" was not listed in "/etc/shells". Then i added it there, tried to login again and... yeah! abuser has finally been able to do the login! The second and last step was to change his groups membership, assigning only "rubriche_ro" as primary group and removing any other secondary group. This way he doesn't have write access to /var/www/ftp/ (where only the owner "abadmin" and the group "ftpusers" have write access) I really hope to not encounter any other unexpected surprise. Basing me on what i see at the moment everything seems to work well. There's only still one thing that i can't make to work as i would: everything works only if i set "userlist_enable=NO" (disabled). This is somehow a limitation, because i can't define which users have to be ftp users. At the moment any user of the system is a potential ftp user. |
Quote:
As you can see it was exactly one of the things to check! |
Quote:
Code:
userlist_deny=no |
All times are GMT -5. The time now is 02:18 PM. |