proftpd Fatal Error on start
 

I'm running Apache as a web server, and I just installed and configured proftpd so that I can control who uploads things to my computer. When I start the service (/usr/local/etc/proftpd.conf - I installed as user) it gives me
The first section of the configuration file looks like this:
What am I doing wrong? Should I be setting something somewhere else?

And on a similar note, how do I create users with access rights for the FTP service? i.e. I know I set the service to run under my username, but is there a setting (I couldn't find one) to list usernames and passwords, along with permissions just for proftpd?

Thanks very much,
Laura

ProFTPD should be run as user/group nobody. It's better for security.

Second: Maybe it's already running, if so, either kill the server (check with ps -aux) and then restart, or simply restart.

As for users, it uses the regular users on your system. So create them as you would any user, simply give them less priviledges than you would a user on your system, such as use rbash as their default shell, confine then with DefaultRoot and so on.

:)

For more info on things I've mentioned either post back (I'll be glad to clarify) or search this site, proftpd is actually covered quite well here.

Cool

No, it's not running already, and I get the same error message when I try restarting it.
How do I confine users with DefaultRoot? I assume that's the setting mentioned in the proftpd.conf file. I have it set to one folder - the one I want to be common to all users' uploads, which is fine. However, does making that their default root folder actually confine them there, or just make that the starting point? I really don't want them anywhere else in my system.
thanks!
~Laura

If your DefaultRoot looks like this in your proftpd.conf file:
DefaultRoot ~

Then they will be confined to their home directory and all subdir. If it looks like:
DefaultRoot /var/www/ftpuploads

Then they will be confined there. I'd also change their home directory in /etc/passwd or /etc/shadow (depending on what you are using) to the home of which you want them confined, then if they try to access another directory with something like ssh then, assuming you are using rbash or something similar, they will be confined there as well.

Check your inetd/xinetd settings to see if you already have an FTP server defined and/or running that you don't want. Something like wu-ftp or whatever might have already been installed and setup, and maybe this will show you.

Cool

Slight misunderstanding here, I think....I don't want them each confined to their home directory...Id' rather they didn't even have one. I want each user to be able to upload things via ftp to one directory on my hard drive, i.e. /var/www/Uploads. I want them all have access to this directory, and none other (not even ~).

Then that's fine, just use the specific DefaultRoot:
DefaultRoot /var/www/Uploads

The other option I was referring to was in case you wanted them to be confined there, and others (maybe anonymous or yourself) to start in a home directory of some sort. In that case you should set the DefaultRoot to ~ (which means home directory) and then edit their home directories in /etc/passwd to reflect /var/www/Uploads then that's where they will start. Either way should work, it just depends on what 'else' you might be doing with ftp that should determine which method you use.

Cool

Ah, I see. Sorry about the misunderstanding :)

About that "Default Server" error...poring through the posts and FAQs makes me think that Apache and proFTPD are fighting for control of the DefaultServer title... someone else has posted his proftpd.conf file (http://www.linuxquestions.org/questi...threadid=33724)
and they have 'ServerType inetd'...does that just mean that xinetd starts the server on startup?...I've only got a vague idea of what I'm groping towards here, sorry, but what I'm trying to say is: What sets the Default Server? And how can I change it so that I can have more than one server running at the same time (i.e. Apache and proFTPD)?

...And if xinetd is supposed to start the ftp server, as the proFTPD FAQ seemed to suggest, how do I go about telling xinetd that it should do that??

Post it up. xinetd or inetd are dependant upon which distro you are using. If you look at the files themselves, usually you can suss out what part you need to edit to work with your FTP server. For example, mine:
That's an exerpt from Slack 8.1 /etc/inetd.conf

:)

Cool

bother.
/etc/inetd.conf doesn't exist (in fact, it doesn't exist anywhere on the system) and although xinetd.conf does, all it has in it is this:
.......this is very odd.

Assuming your sidebar info is correct, check the Mandrake Control Center for info on what services are started up, and there might even be an option there to set "defaults". Although....

IF ps -aux (as root) isn't returning anything "FTP looking" then I'd suspect something else might be going on, check that first and let me know what you think. I'll start thinking outside this box if that's the case ;)

Cool

AAAAARGH...I'm positive that I'm making this harder than it should be.
I got proFTPD started by commenting out the line about DefaultServer, and it didn't seem to complain. However, I couldn't actually connect and see a directory listing (either with an ftp client or my browser). Once the username/password dialog popped up, but after I entered them it just sat there 'waiting for response'.
I uninstalled proFTPD, and installed vsftpd...it instills itself in xinetd, and I've restarted xinetd each time I change the config file. Even with the default configuration (ftp://vsftpd.beasts.org/users/cevans...TE/vsftpd.conf) I get the same thing, though...a client or browser just sits there and tries to connect.
All I should have to do is ftp://myip:21, correct?? Or what else do I have to enable??

Update:
from the commandline,
works just fine! It asks me for a username and password, and enters ftp mode perfectly.
What reasons could there be for it not working through a client, though? I can't even think how to explain ftp commands to some of the users for this thing :-/

yeah...hmmmmmmm......127.0.0.1 works fine, but the actual IP returns "no Server available to handle request on <myhostname.mydomain>"

netstat -l gives me:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:32768 *:* LISTEN
tcp 0 0 *:6753 *:* LISTEN
tcp 0 0 localhost.localdo:45549 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:x11 *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 *:ipp *:* LISTEN
udp 0 0 *:32768 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:631 *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 3370 /tmp/.font-unix/fs-1
unix 2 [ ACC ] STREAM LISTENING 4989 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 352820 /tmp/gaim_laura.24235
unix 2 [ ACC ] STREAM LISTENING 3242 /dev/gpmctl


So I know it's listening. Why it's not responding, though, is the mystery.

ok, progress:
Connecting over port 20 (what vsftp listens over (?!), according to the config file) gives me "Connection refused."

Using 2 terminals, I tried this:
Terminal 1: nc -l -p 20 128.226.198.93 20

Terminal 2: ftp 128.226.198.93 20

Terminal 1: nc -l -p 20 128.226.198.93 20
invalid connection to [128.226.198.93] from (UNKNOWN) [128.226.198.93] 46801

What else is there besides a firewall (iptables is stopped) that could block port 20??

A router. What's your network setup? Have you forwarded port 21 (or 20 for this other ftp server you've tried)?

Use probe my ports:
https://grc.com/x/ne.dll?bh0bkyd2

To see if 21 is open.

If it is, then we know that's not the problem. Tell me about your network setup, and also which distro it is you are trying this on.

Cool

21 is open. (Don't know about 20, but I can tell it to listen on 21, so that's ok.)
I'm using Mandrake 9.0, on the binghamton U campus network, but they don't block anything that I know of (esp. since the port is open). No routers, &c of my own. I'm rather stumped, actually :-/

Ok, sorry to suggest this, but it's an idea...

Uninstall vsftp and put proftpd back on. Then, check the log files (which are defined in the proftpd.conf file) and post em up. On my system it's located /var/log/proftpd.log and /var/log/xfer.log

So you might see what's going on there. Also, you might look at other logs, maybe there is one for your vsftp that you could look at. Either way, just try to find a reason on why it won't connect, it'll make troubleshooting that much easier ;) If you have questions on the files, post up the files so we can take a look at em.

Cool

Ok, no problem. But before I do that, I took a look through the daemon error logs in general, and /var/log/daemons/errors has been getting this:
for the last however long it's been.
I'm not entirely sure what all that means, but if it's not helpful then I'll just do the reinstall.
Thanks!
Laura

Are you running your own DNS/bind server? Or just a normal network setup through the college, where you specify a remote DNS server in /etc/resolv.conf (or do you run DHCP to find your IP)?

Cool

DHCP to get an IP on bootup.

Since your port is open, you can ftp into your localhost just fine, and you are sure you are using the correct IP to ftp in with (check here ) I am becoming quite stumpt without those error log files (/var/log/proftpd.log and /var/log/xferlog)

The main difference from ftp://localhost and ftp://actualip is your request. ftp://localhost goes straight from your command to your computer, it processes the request locally and gives instant feedback. ftp://actual-ip sends the request out of your PC to your ISP's server (or similar) translates the IP to your line, sends the request back into your computer (very simplified, but shows that the request actually leaves the box). So it would appear that if:
ftp localhost
is working fine and
ftp 1.2.3.4
isn't, then it would be a network problem much more than an application error. The proftp error log will show you that, or xferlog might; either way, that's something to go with for now ;)

Cool

OK.
Unfortunately, I'm not home now, and won't be back at my computer 'til tomorrow night. When I get home, though, I'll post those error logs and see if we can't get this thing figured out. Thank you very much!

Laura

OK, I uninstalled vsftp, reinstalled proftpd and configured it to start via xinetd (http://forums.devshed.com/archive/33/2002/07/4/40004)
Now, no matter what IP I try to connect to, I get "connection refused" (even 127.0.0.1). There isn't anything in /var/log/xferlog, but /var/log/daemons/errors ends with this:
There's no sight of a proftpd error log anywhere, unless it's under some other name :-/.

You set that in your proftpd.conf file; mine is:
/var/log/proftpd.log and here is the entry in my conf file:
Cool

:o ok, let me see what that generates

I tried that, still running it through xinetd...I think there was still something wrong in that setup, so I changed the ServerType back to standalone, stopped xinetd, and started proftpd. Now, at least, I'm back to the errors I was getting initially.

Here's the output of proftpd.log, once I changed it back to standalone (it wasn't outputting anything before that, which makes me think that it wasn't getting started at all):

The "Login Successful" entry is where I connected using "ftp 127.0.0.1". The error messages are when I tried "ftp 128.226.198.93".
Still nothing in xferlog, as I can't connect enough to transfer anything :)

I don't see any errors there... Are there actual errors in proftpd.log when you connect to ftp://128.226.198.93 ?

Or none at all, and syslog shows nothing either? How about /var/log/messages?

Cool

Here is what I get when I try to ftp into your IP:
What that looks like to me is that either your uni has some setup that won't allow you to run an FTP server (maybe several PC's share the same outside IP, via some sort of NAT), or your proftpd.conf file isn't setup correctly (post it up so I/we can take a look).

Cool

Contents of /usr/local/etc/proftpd.conf:

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "ProFTPD Default Installation"
ServerAdmin "somebody@SomewhereNotHere.com"
ServerIdent off
ServerType standalone
DefaultServer off
SystemLog /var/log/proftpd.log
TransferLog /var/log/xferlog

# Port 21 is the standard FTP port.
Port 21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30

# Set the user and group under which the server will run.
User nobody
Group nogroup

<Global>
RequireValidShell off
LoginPasswordPrompt off
<Limit LOGIN>
DenyUser anonymous
</Limit>
MaxLoginAttempts 3
# To cause every FTP user to be "jailed" (chrooted) into a directory,
# uncomment this line.
DefaultRoot /var/www/UPLOADS
AllowStoreRestart on
AllowRetrieveRestart on
# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>
</Global>

# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#<Anonymous ~ftp>
# User ftp
# Group ftp

# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp

# # Limit the maximum number of anonymous logins
# MaxClients 10

# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message

# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE>
# DenyAll
# </Limit>
#</Anonymous>

Does the user/group nobody/nogroup exist? Check /etc/passwd and /etc/group to find out.

And what happens if you change to "DefaultServer on"?

Cool

I changed DefaultServer to 'on', restarted the service, and it worked! Heavens know why it worked this time, but I can now log on with any of the users on my system ('cept root of course) using my real IP...thank you so much! I really appreciate all of your help!

~Laura

Cool! Glad you got it working :)

Feel free to post back if it starts acting up...

Cool

If you are using xinetd, which it seems you are from an ealier post, you need to do two things. The fist is to edit the proftpd.conf file to look like this:
-----------------------------------------------------------------------------------
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "ProFTPD Default Installation"
ServerType inetd
DefaultServer on

# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and #files from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child #processes to 30. If you need to allow more than 30 concurrent #connections at once, simply increase this value. Note that this #ONLY works in standalone mode, in inetd mode you should use #an inetd server that allows you to limit maximum number of #processes per service (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nobody

# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>

# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Limit the maximum number of anonymous logins
MaxClients 10

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>

</Anonymous>
-----------------------------------------------------------------------------------

And the second add a file in /etc/xinetd.d/ called proftpd (no ext.) and in that file you will need the following:
-----------------------------------------------------------------------------------
service ftp
{
flags = REUSE
socket_type = stream
instances = 50
wait = no
user = root
server = /usr/sbin/proftpd
bind = <the-ip-you-wish-to-bind-to>
log_on_success = HOST PID
log_on_failure = HOST RECORD
}
-----------------------------------------------------------------------------------
There are two things to change in the above. The first is the path to the executable proftpd, server =, and the second is the IP address to bind to, bind = .

Once this file exists in /etc/xinetd.d/ the ftp service will start when you boot via xinetd.