|
ProFTPD in Slackware - Virtual Server FTP User Authorisation
Hello Everyone,
I am a :newbie: in Linux and spent about 2 weeks in searching in forums and Google for help regarding the following situation: We have just launched a Slackware 12 based server (2 Ethernet cards) It is registered as DNS and Mail server, those operations are fine. There is a ProFTPD server features installed as well, and 3 virtual domains registered (using the web interface - I am not so good in using direct typing by PuTTY screen until I get good with the commands..(But if I have to, I will do it that way, of course).. The immediate problem I am facing is: By using Core FTP program (from Vista PC) I am trying to upload web page contents to a pre-arranged folders in: /usr/local/apache2/htdocs/(domain1.com) by using ftp.domain1.com and user name / pass with admin rights; (I have tried with "ftp" user as well - same result!) COnnection session gives me error: (11004-100) The requested name is valid, but no data of the requested type was found. I have checked a few times about the reasons for this error, suggestion were wrong syntax of character in the command line. May I have some specific tuitorial link about the whole process of operating the ProFTPD server, and more specifically about: Typical Files/Contents of Files for User Assignment (User/Pass); (Copy of the relevant /etc/passwd line - this user logs are OK: Quote:
My FTP User (gives me same error 11004-100) listing in the same file is: Quote:
The current content of my proftpd.conf file (I DID NOT MANUALLY AMENDED IT'S CONTENTS SINCE REGISTERING FTP.DOMAIN1.COM AND DOMAIN2.COM THROUGH THE WEB INTERFACE) in /usr/local/etc/proftpd.conf is: Quote:
Tips about assigning Virtual Domains (we are intending to run multiple domains on the same server) and Different Users (per domain) I think this will be at least the basic to start using the server and uploading web site content. Most of my searches were resultig in the setting up of the server, most of the posts were around Anonymous FTP USer arrangements, but I have not noticed any specific references towards the files directly related to User / Access administration related to FTP What do I miss here? Please help, Thank you in advance. AT least the typicall files where I can check and edit / uncomment the lines related to this problem. I have an intuitive feeling that problem is related to SITE CHMOD setting options but not sure.. :o Apologies about the long and probably confusing explanations around my question, but my intentions were to be more specific in describing the problem I am facing at the moment. Thank you in Advance! |
Verify thest things first.
Configure FTP Server, proftpd:
cd /etc Edit proftpd.conf near the top of the file. It should look like this: #ServerType standalone ServerType inetd This causes the inetd Daemon to listen and start proftpd as needed. Next, edit inetd.conf. Look for the line: # These are standard services: Below you will see this ftp line. Uncomment it so it look like this and proftp will be started/controlled by inetd. # Professional File Transfer Protocol (FTP) server. ftp stream tcp nowait root /usr/sbin/tcpd proftpd Now add it's log files to the logrotate script: su - cd /etc/logrotate.d vi syslog and add: /var/log/proftpd.log to the list Most of these things are already properly configured on Slackware. That wasn't always the case. Just check and make sure, you may not have to do anything. I'm going to guess your problem is this: Quote:
/bin/false is a fairly new configuration setting in Slackware. It's an extra security measure to prevent logins to accounts you haven't configured properly. When you want to enable these things you have to change the shell to something valid. Post back if you have any more issues. I'll try to check back and make sure we get it working for you. |
Thanks a Lot, meetscott,
I have amended cd /etc/logrotate.d to: Quote:
ftp:x:14:50::/home/ftp:/bin/bash and will keep trying further. :) Later on I will try to sort out my directories etc. and specify each user with specific access area. Your help was great bearing in mind I am not totally confident within the entire spectrum of what I am doing here... But looks like with help like this I can get further!:study: Much Appreciated! CCTVGuru |
Quote:
I think you're missing these two lines in <anonymous></anonymous> Code:
AnonRequirePassword offQuote:
|
Quote:
Second, and I think it was Slackware 12.2, most of the system users, like apache, ftp, and many others, had /etc/passwd amended to include /bin/false for logins. Prior, this wasn't added. If I'm remembering right, the accounts were only disabled before. /bin/false was an added layer of protection. One last thing... why not use sftp or scp to transfer the files? FTP isn't necessary, although the transfer is little faster because the encryption overhead isn't there. Just a thought, but running an FTP server is a little less secure. Remember to check your logs because you will invariably get Dictionary attacks on your FTP server. You'll get them on your ssh server too, but having only one service to attack is generally better than two. Strong passwords are a must! Easy ones get guessed. These are the logs to check: /var/log/messages /var/log/secure/ /var/log/proftpd.log (as you configured in logrotate) You also may consider a firewall to help with this if the Dictionary attacks get to be a problem. Here's an example of one I wrote with the help of Martin Wolf on his blog: http://mwolf.net/archive/iptables-against-ssh/ Sorry for the confusion on /bin/false earlier. Nikosis, thanks for the correction. |
Hello meetscott and Nikosis,
Thank you for the discussion arising around my situation; What I ahve done in eantime, is: Amended passwd file content to: Quote:
/var/log/messages content is with plenty attempts to breakin (constant attacks; Failed password attempts etc. - suggetsts that I have to go fora stronger level passwords or special firewall as siggested in meetscott's post. /var/log/secure reflects I think quite correctly all logging history for users (all of them are authorized users) Recent contents of proftpd.log is: Quote:
Results with attempts to log in - CORE FTP Program: Anyway, I have tried to kog in as an ftp user and I has the same problematic results: When I use the logging as a Hostname/IP/Server name: ftp.domain1.com, I am receiving Quote:
When I use only the public IP address, or domain1.com (without ftp. !) - I am receiving the failure message: Quote:
In the recent past I was using (really as an User!) the Core FTP program to upload web site contents and it was fine for me. The bottom line now is: Anonymous users ARE NOT a must at this stage, only assigned users will be allowed to upload web page contents to the folders assigned / allowed for them. Sometimes later we can consider allowing anonymous FTP user access, but definitely not rigt now. I am using the much easier Webmin web interface and if any straightforward tuitorials are available - I would attend to them if recommended. Another clarification: I am not working on the server directly - I am logging into it remotely via secure wireless link; I think the server type definitely IS inetd I guess in this situation. Anyway, I highly appreciate the input of both of you, and hope to resolve the situation I am stuck in at the moment... Kindest Regards, CCTVGuru |
... Just to confirm the content of proftpd.conf file as I am going to amend it:
Quote:
Hope it is correct, I will keep trying. |
Quote:
Quote:
I think that should get you up and running. I don't use stand alone, but it should have to be running all the time if you do. With the inetd configuration change I'm suggesting, you probably won't see ftp processes running using Quote:
|
CCTVGuru, I'm interested to know if you ever got this working. Please let us know if this is resolved! I hate to see the thread left hanging if there's something else that's possibly been missed. You are not the only one who may have had issues with this ;-)
|
Thank you for following up and your concern, meetscott!
This FTP ... :cry: :scratch: :mad: :confused: .... I still could NOT come right unfortunately and trying small silly things like experimenting with port forwarding and trying to read around for the recommended best content for proftpd.conf; If you have any working file content please post it here and I'll try edit it !:o Port forwarding was an idea to try hard, because as I said the server is sitting 2 hops away from me (over wireless link). Now I am having another frustrating situation here: Mail services are not right! Sendmail announces: Quote:
Quote:
I am not sure, but just to ask: Isn't necessary for listing some user details in this content? Why does it then reject me even as an admin user logged in??? :cry: Quite frustrating situation over here... Someone suggested move away from Slackware and go to Centos. So much done so far with this server and abandoning it is not a pleasure... Please give some comments if you can, Much Appreciated!! I'll continue the battle and as soon as it comes right, will announce by post. Any recommendations are most welcome here, in meantime. Hope NOT Lost! Cheers! |
I'm pasting the contents of my working proftpd.conf file from the /etc directory. There are almost no customizations in it. It's close to the default shipped in Slackware. I use ftp on my lan all the time because it's faster than ssh. I use ssh outside my lan or for things I don't care about getting sniffed, I'll still use ftp.
I'll get back to you on the sendmail configuration. I use that on multiple servers as well. Sendmail is not easy and I was going to point you to http://shilo.is-a-geek.com/slack/ but I guess that's down now. I have some notes about Slackware and setting up email either with an ISP available or with MX records. Are you at home through an ISP? Let me know so I can supply the proper information and specific instructions. Keep in mind... in my opinion, there is nothing more difficult to set up in Linux than sendmail. That's just been my experience and opinion. But the steps are pretty simple once they are laid out for you. Sendmail's configuration difficulty is the reason why so many people are using things like qmail or postfix. I still use Sendmail and the reference I have on it is over a 1000 pages! Quote:
|
I've been very busy lately. Sorry for the delay in checking on this.
I wanted to mention that the default install of Slackware should allow you to start the sendmail daemon. It is also important to note that the directory tree leading up to the root or "/" of the file system only be owned and writable by the root user for security reasons. The path leading up to sendmail configuration files can be a security problem if this is not followed. I think there is something wrong with your file system permissions to give you a "Permission denied" error. That's the best I can do for your particular problem with this amount of information. The next thing I need, to help you with Sendmail configuration, is whether you are configuring MX records or just using your ISP as a "Smart Host." I hope you haven't given up. System administration is a high paying skill. I actually write code for a living but I end up doing a lot of System Adminstration as well. Be patient as you learn about this stuff. It takes years to really exploit some of these features. It is what makes this forum and Linux in general so much fun! |
| All times are GMT -5. The time now is 12:55 PM. |