LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 10-26-2007, 09:33 AM   #1
gentooox
LQ Newbie
 
Registered: Oct 2007
Posts: 3

Rep: Reputation: Disabled
Problems with anonymous login proftp 1.3.1: 530-Unable to set anonymous priviliges.


I looked through similar threads in the forum but couldn't find any answers.

My proftpd.conf file (non-anonymous users should be chroot'ed to their home dirs, anonymous users to the home directory of the user 'ftp'):

Code:
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anonymous access.

ServerName                      "ProFTPD Default Installation"
ServerType                      standalone
DefaultServer                   on
RequireValidShell               off
Port                            21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask           022

SystemLog       /var/log/proftpd.log

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit the maximum number of processes per service
# (such as xinetd).
MaxInstances    30

# Set the user and group under which the server will run.
User            proftpd
Group           proftpd
# Added this line to chroot users in their home dirs
DefaultRoot     ~

# Normally, we want files to be overwriteable.
<Directory />
        AllowOverwrite          on
</Directory>

# A basic anonymous configuration, with no upload directories.
<Anonymous ~ftp>
        User                    ftp
        Group                   ftp

        # We want clients to be able to login with "anonymous" as well as "ftp".
        UserAlias               anonymous ftp

        # Limit the maximum number of anonymous logins.
        MaxClients              10

        # We want 'welcome.msg' displayed at login, and '.message' displayed
        # in each newly chdired directory.
        DisplayLogin            welcome.msg
        DisplayChdir            .message

        # Limit WRITE everywhere in the anonymous chroot.
        <Limit WRITE>
                DenyAll
        </Limit>
</Anonymous>
The home directory I created (following the guide found on these forums) is shown below, as it appears when running the "ls -l" command. As far as a linux newbie like me can tell it says that the user 'ftp' is the owner of the folder, and that it's associated with the usergroup called 'ftp':
Code:
root ~ # ls -l /home/
total 1
drwxr-x--- 2 ftp     ftp    48 Oct 26 15:26 ftp
I haven't entered any password for the user 'ftp' after creation. He's set up to not use any shell (/bin/false), have his home dir in /home/ftp and be part of the 'ftp' usergroup. The usergroup 'ftp' was created simply with "groupadd ftp".

When trying to log in using 'anonymous' (should be valid alias) I get the following:
Code:
Status:	Connection established, waiting for welcome message...
Response:	220 ProFTPD 1.3.1rc2 Server (ProFTPD Default Installation) [::ffff:192.168.1.101]
Command:	USER anonymous
Response:	331 Anonymous login ok, send your complete email address as your password
Command:	PASS **************
Response:	530-Unable to set anonymous privileges.
Response:	530 Login incorrect.
The 'ftp' user is not in my /etc/ftpusers list so it shouldn't get blocked because of that. The home dir exists. The daemon is running, otherwise I wouldn't be able to connect.
If anyone has a suggestion to what might be wrong I'd be grateful.
If anyone could explain to me what the ~ftp in the beginning <Anonymous ~ftp> does I'd be interested as well.

Last edited by gentooox; 10-26-2007 at 09:41 AM.
 
Old 12-12-2007, 04:19 PM   #2
allein
LQ Newbie
 
Registered: Dec 2007
Posts: 1

Rep: Reputation: 0
I have the same problem. Anyone know anything about this?
 
Old 04-17-2008, 11:47 PM   #3
cyprix
LQ Newbie
 
Registered: Apr 2008
Posts: 1

Rep: Reputation: 0
I solved this issue with the following setup - the Fake listings are req'd:
Code:
<Anonymous /var/ftp/pub>
  # Allow logins if they are disabled above.
  <Limit LOGIN>
    AllowAll
  </Limit>

  # Maximum clients with message
  MaxClients                    5 "Sorry, max %m users -- try again later"

  User ftp
  Group nogroup
  DirFakeUser on ftp
  DirFakeGroup on ftp
  RequireValidShell off

  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                     anonymous ftp

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>

  # An upload directory that allows storing files but not retrieving
  # or creating directories.
  <Directory uploads/*>
    <Limit READ>
      DenyAll
    </Limit>

    <Limit STOR>
      AllowAll
    </Limit>
  </Directory>
</Anonymous>
 
Old 05-03-2009, 02:46 PM   #4
ptdsign
LQ Newbie
 
Registered: May 2009
Location: Melbourne
Posts: 3

Rep: Reputation: 0
Hi!

I was pretty frustrated again when it took me days without getting it to work as well...people keep on saying it's a problem with permissions conflicts between the actual directories and the config file, but it just isn't. Of course as with all things, once you finally know them, it makes sense.

A good how-to I reckon is:
http://ubuntuforums.org/showthread.php?t=51611

I've solved the anonymous problem with the following setup (ftp_login might not have been a good name after all, but it works):

Since you wouldn't want the ftp user you create to have a valid login shell, it should be save to have the user without a password. So what I did was creating a user like this (o and I just assume you are superuser (sudo -s)):
Code:
useradd ftp_login -p your_password -d /home/ftp -s /bin/false
When done this the user will probably be locked since it has no password yet, and since we don't want a password, we can unlock it by:
Code:
passwd -u ftp_login
Now I made a directory called temp in the home directory of ftp_login:
Code:
cd /home
mkdir ftp_login/temp
Just to be sure the permissions of the folders are right:
Code:
chmod 755 ftp_login
chmod 777 ftp_login/temp
After that I scrabled some configuration files together as this /etc/proftpd/proftpd.conf
Code:
# This configuration establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anonymous access.

ServerName			"the ftp server"
ServerType			standalone
DefaultServer 			on
RequireValidShell 		off
AuthPAM 			off
AuthPAMConfig 			ftp
# Port 21 is the standard FTP port.
Port				21


# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 			022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit the maximum number of processes per service
# (such as xinetd).
MaxInstances		30

#Allow resume download / upload (?)
AllowStoreRestart	on

PersistentPasswd	off

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/ftp_login

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

# Set the user and group under which the server will run.
User		nobody
Group 		nobody
DirFakeUser 	on nobody
DirFakeGroup	on nobody

# Valid logins
<Limit LOGIN>
	AllowUser ftp_login
	DenyALL
</Limit>

UserAlias anonymous ftp_login  

<Directory />
	AllowOverwrite	off
	<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
		DenyAll
	</Limit>
</Directory>

<Directory ~/>
	Umask 022 022
	AllowOverwrite off
</Directory>

<Directory ~/temp/>
	Umask 022 022
	AllowOverwrite off
	<Limit READ RMD DELE>
		DenyAll
	</Limit>

	<Limit STOR CWD MKD>
		AllowAll
	</Limit>
</Directory>
So how this actually works: an anonymous visitor connects to the ftp server, tries to log in as user anonymous, the server converts it to ftp_login because of the UserAlias line, and for this user is no password set so anonymous will be allowed without!

I liked the comment in the mentioned post on the syntax check to test the configuration file:
Code:
proftpd -td5
Hope it works for you!

Last edited by ptdsign; 05-03-2009 at 02:49 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ProFTPD 1.2.10 Standalone - Unable to login with non-anonymous account dalesan Linux - Networking 3 10-14-2005 06:41 PM
files uploaded to anonymous ftp not readable by anonymous TheOneAndOnlySM Linux - Software 2 11-04-2004 07:42 AM
how to establish ftp server with proftp to allow anonymous user login icoming Linux - Networking 3 10-12-2004 10:38 AM
vsftpd problems with anonymous login checta Linux - Networking 7 06-30-2004 09:25 AM
Proftp for anonymous logon VincentB Linux - Newbie 1 05-01-2004 02:30 PM


All times are GMT -5. The time now is 09:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration