proftpd Fatal Error on start
I'm running Apache as a web server, and I just installed and configured proftpd so that I can control who uploads things to my computer. When I start the service (/usr/local/etc/proftpd.conf - I installed as user) it gives me
Code:
- Fatal: DefaultServer: DefaultServer has already been set. Code:
ServerName "ProFTPD Default Installation" And on a similar note, how do I create users with access rights for the FTP service? i.e. I know I set the service to run under my username, but is there a setting (I couldn't find one) to list usernames and passwords, along with permissions just for proftpd? Thanks very much, Laura |
ProFTPD should be run as user/group nobody. It's better for security.
Second: Maybe it's already running, if so, either kill the server (check with ps -aux) and then restart, or simply restart. As for users, it uses the regular users on your system. So create them as you would any user, simply give them less priviledges than you would a user on your system, such as use rbash as their default shell, confine then with DefaultRoot and so on. :) For more info on things I've mentioned either post back (I'll be glad to clarify) or search this site, proftpd is actually covered quite well here. Cool |
No, it's not running already, and I get the same error message when I try restarting it.
How do I confine users with DefaultRoot? I assume that's the setting mentioned in the proftpd.conf file. I have it set to one folder - the one I want to be common to all users' uploads, which is fine. However, does making that their default root folder actually confine them there, or just make that the starting point? I really don't want them anywhere else in my system. thanks! ~Laura |
If your DefaultRoot looks like this in your proftpd.conf file:
DefaultRoot ~ Then they will be confined to their home directory and all subdir. If it looks like: DefaultRoot /var/www/ftpuploads Then they will be confined there. I'd also change their home directory in /etc/passwd or /etc/shadow (depending on what you are using) to the home of which you want them confined, then if they try to access another directory with something like ssh then, assuming you are using rbash or something similar, they will be confined there as well. Check your inetd/xinetd settings to see if you already have an FTP server defined and/or running that you don't want. Something like wu-ftp or whatever might have already been installed and setup, and maybe this will show you. Cool |
Slight misunderstanding here, I think....I don't want them each confined to their home directory...Id' rather they didn't even have one. I want each user to be able to upload things via ftp to one directory on my hard drive, i.e. /var/www/Uploads. I want them all have access to this directory, and none other (not even ~).
|
Then that's fine, just use the specific DefaultRoot:
DefaultRoot /var/www/Uploads The other option I was referring to was in case you wanted them to be confined there, and others (maybe anonymous or yourself) to start in a home directory of some sort. In that case you should set the DefaultRoot to ~ (which means home directory) and then edit their home directories in /etc/passwd to reflect /var/www/Uploads then that's where they will start. Either way should work, it just depends on what 'else' you might be doing with ftp that should determine which method you use. Cool |
Ah, I see. Sorry about the misunderstanding :)
About that "Default Server" error...poring through the posts and FAQs makes me think that Apache and proFTPD are fighting for control of the DefaultServer title... someone else has posted his proftpd.conf file (http://www.linuxquestions.org/questi...threadid=33724) and they have 'ServerType inetd'...does that just mean that xinetd starts the server on startup?...I've only got a vague idea of what I'm groping towards here, sorry, but what I'm trying to say is: What sets the Default Server? And how can I change it so that I can have more than one server running at the same time (i.e. Apache and proFTPD)? |
...And if xinetd is supposed to start the ftp server, as the proFTPD FAQ seemed to suggest, how do I go about telling xinetd that it should do that??
|
Post it up. xinetd or inetd are dependant upon which distro you are using. If you look at the files themselves, usually you can suss out what part you need to edit to work with your FTP server. For example, mine:
Code:
# File Transfer Protocol (FTP) server: :) Cool |
bother.
/etc/inetd.conf doesn't exist (in fact, it doesn't exist anywhere on the system) and although xinetd.conf does, all it has in it is this: Code:
# |
Assuming your sidebar info is correct, check the Mandrake Control Center for info on what services are started up, and there might even be an option there to set "defaults". Although....
IF ps -aux (as root) isn't returning anything "FTP looking" then I'd suspect something else might be going on, check that first and let me know what you think. I'll start thinking outside this box if that's the case ;) Cool |
AAAAARGH...I'm positive that I'm making this harder than it should be.
I got proFTPD started by commenting out the line about DefaultServer, and it didn't seem to complain. However, I couldn't actually connect and see a directory listing (either with an ftp client or my browser). Once the username/password dialog popped up, but after I entered them it just sat there 'waiting for response'. I uninstalled proFTPD, and installed vsftpd...it instills itself in xinetd, and I've restarted xinetd each time I change the config file. Even with the default configuration (ftp://vsftpd.beasts.org/users/cevans...TE/vsftpd.conf) I get the same thing, though...a client or browser just sits there and tries to connect. All I should have to do is ftp://myip:21, correct?? Or what else do I have to enable?? |
Update:
from the commandline, Code:
ftp localhost.localdomain What reasons could there be for it not working through a client, though? I can't even think how to explain ftp commands to some of the users for this thing :-/ |
yeah...hmmmmmmm......127.0.0.1 works fine, but the actual IP returns "no Server available to handle request on <myhostname.mydomain>"
netstat -l gives me: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:32768 *:* LISTEN tcp 0 0 *:6753 *:* LISTEN tcp 0 0 localhost.localdo:45549 *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:x11 *:* LISTEN tcp 0 0 *:ftp *:* LISTEN tcp 0 0 *:ipp *:* LISTEN udp 0 0 *:32768 *:* udp 0 0 *:sunrpc *:* udp 0 0 *:631 *:* Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 3370 /tmp/.font-unix/fs-1 unix 2 [ ACC ] STREAM LISTENING 4989 /tmp/.X11-unix/X0 unix 2 [ ACC ] STREAM LISTENING 352820 /tmp/gaim_laura.24235 unix 2 [ ACC ] STREAM LISTENING 3242 /dev/gpmctl So I know it's listening. Why it's not responding, though, is the mystery. |
ok, progress:
Connecting over port 20 (what vsftp listens over (?!), according to the config file) gives me "Connection refused." Using 2 terminals, I tried this: Terminal 1: nc -l -p 20 128.226.198.93 20 Terminal 2: ftp 128.226.198.93 20 Terminal 1: nc -l -p 20 128.226.198.93 20 invalid connection to [128.226.198.93] from (UNKNOWN) [128.226.198.93] 46801 What else is there besides a firewall (iptables is stopped) that could block port 20?? |
A router. What's your network setup? Have you forwarded port 21 (or 20 for this other ftp server you've tried)?
Use probe my ports: https://grc.com/x/ne.dll?bh0bkyd2 To see if 21 is open. If it is, then we know that's not the problem. Tell me about your network setup, and also which distro it is you are trying this on. Cool |
21 is open. (Don't know about 20, but I can tell it to listen on 21, so that's ok.)
I'm using Mandrake 9.0, on the binghamton U campus network, but they don't block anything that I know of (esp. since the port is open). No routers, &c of my own. I'm rather stumped, actually :-/ |
Ok, sorry to suggest this, but it's an idea...
Uninstall vsftp and put proftpd back on. Then, check the log files (which are defined in the proftpd.conf file) and post em up. On my system it's located /var/log/proftpd.log and /var/log/xfer.log So you might see what's going on there. Also, you might look at other logs, maybe there is one for your vsftp that you could look at. Either way, just try to find a reason on why it won't connect, it'll make troubleshooting that much easier ;) If you have questions on the files, post up the files so we can take a look at em. Cool |
Ok, no problem. But before I do that, I took a look through the daemon error logs in general, and /var/log/daemons/errors has been getting this:
Code:
Apr 4 01:31:58 localhost xinetd[16452]: bind failed (Address already in use (errno = 98)). service = ftp I'm not entirely sure what all that means, but if it's not helpful then I'll just do the reinstall. Thanks! Laura |
Are you running your own DNS/bind server? Or just a normal network setup through the college, where you specify a remote DNS server in /etc/resolv.conf (or do you run DHCP to find your IP)?
Cool |
DHCP to get an IP on bootup.
|
Since your port is open, you can ftp into your localhost just fine, and you are sure you are using the correct IP to ftp in with (check here ) I am becoming quite stumpt without those error log files (/var/log/proftpd.log and /var/log/xferlog)
The main difference from ftp://localhost and ftp://actualip is your request. ftp://localhost goes straight from your command to your computer, it processes the request locally and gives instant feedback. ftp://actual-ip sends the request out of your PC to your ISP's server (or similar) translates the IP to your line, sends the request back into your computer (very simplified, but shows that the request actually leaves the box). So it would appear that if: ftp localhost is working fine and ftp 1.2.3.4 isn't, then it would be a network problem much more than an application error. The proftp error log will show you that, or xferlog might; either way, that's something to go with for now ;) Cool |
OK.
Unfortunately, I'm not home now, and won't be back at my computer 'til tomorrow night. When I get home, though, I'll post those error logs and see if we can't get this thing figured out. Thank you very much! Laura |
OK, I uninstalled vsftp, reinstalled proftpd and configured it to start via xinetd (http://forums.devshed.com/archive/33/2002/07/4/40004)
Now, no matter what IP I try to connect to, I get "connection refused" (even 127.0.0.1). There isn't anything in /var/log/xferlog, but /var/log/daemons/errors ends with this: Code:
Apr 7 16:01:09 localhost proftpd[2197]: localhost.localdomain - unable to set daemon groups: Operation not permitted |
You set that in your proftpd.conf file; mine is:
/var/log/proftpd.log and here is the entry in my conf file: Code:
SystemLog /var/log/proftpd.log |
:o ok, let me see what that generates
|
I tried that, still running it through xinetd...I think there was still something wrong in that setup, so I changed the ServerType back to standalone, stopped xinetd, and started proftpd. Now, at least, I'm back to the errors I was getting initially.
Here's the output of proftpd.log, once I changed it back to standalone (it wasn't outputting anything before that, which makes me think that it wasn't getting started at all): Code:
Apr 07 22:22:52 localhost.localdomain proftpd[6309] localhost.localdomain: ProFTPD 1.2.8 (stable) (built Wed Apr 2 00:11:46 EST 2003) standalone mode STARTUP Still nothing in xferlog, as I can't connect enough to transfer anything :) |
I don't see any errors there... Are there actual errors in proftpd.log when you connect to ftp://128.226.198.93 ?
Or none at all, and syslog shows nothing either? How about /var/log/messages? Cool |
Here is what I get when I try to ftp into your IP:
Quote:
Cool |
Contents of /usr/local/etc/proftpd.conf:
# This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "ProFTPD Default Installation" ServerAdmin "somebody@SomewhereNotHere.com" ServerIdent off ServerType standalone DefaultServer off SystemLog /var/log/proftpd.log TransferLog /var/log/xferlog # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances 30 # Set the user and group under which the server will run. User nobody Group nogroup <Global> RequireValidShell off LoginPasswordPrompt off <Limit LOGIN> DenyUser anonymous </Limit> MaxLoginAttempts 3 # To cause every FTP user to be "jailed" (chrooted) into a directory, # uncomment this line. DefaultRoot /var/www/UPLOADS AllowStoreRestart on AllowRetrieveRestart on # Normally, we want files to be overwriteable. <Directory /*> AllowOverwrite on </Directory> </Global> # A basic anonymous configuration, no upload directories. If you do not # want anonymous users, simply delete this entire <Anonymous> section. #<Anonymous ~ftp> # User ftp # Group ftp # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # Limit the maximum number of anonymous logins # MaxClients 10 # # We want 'welcome.msg' displayed at login, and '.message' displayed # # in each newly chdired directory. # DisplayLogin welcome.msg # DisplayFirstChdir .message # # Limit WRITE everywhere in the anonymous chroot # <Limit WRITE> # DenyAll # </Limit> #</Anonymous> |
Does the user/group nobody/nogroup exist? Check /etc/passwd and /etc/group to find out.
And what happens if you change to "DefaultServer on"? Cool |
I changed DefaultServer to 'on', restarted the service, and it worked! Heavens know why it worked this time, but I can now log on with any of the users on my system ('cept root of course) using my real IP...thank you so much! I really appreciate all of your help!
~Laura |
Cool! Glad you got it working :)
Feel free to post back if it starts acting up... Cool |
If you are using xinetd, which it seems you are from an ealier post, you need to do two things. The fist is to edit the proftpd.conf file to look like this:
----------------------------------------------------------------------------------- # This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "ProFTPD Default Installation" ServerType inetd DefaultServer on # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and #files from being group and world writable. Umask 022 # To prevent DoS attacks, set the maximum number of child #processes to 30. If you need to allow more than 30 concurrent #connections at once, simply increase this value. Note that this #ONLY works in standalone mode, in inetd mode you should use #an inetd server that allows you to limit maximum number of #processes per service (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User nobody Group nobody # Normally, we want files to be overwriteable. <Directory /*> AllowOverwrite on </Directory> # A basic anonymous configuration, no upload directories. <Anonymous ~ftp> User ftp Group ftp # We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp # Limit the maximum number of anonymous logins MaxClients 10 # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLogin welcome.msg DisplayFirstChdir .message # Limit WRITE everywhere in the anonymous chroot <Limit WRITE> DenyAll </Limit> </Anonymous> ----------------------------------------------------------------------------------- And the second add a file in /etc/xinetd.d/ called proftpd (no ext.) and in that file you will need the following: ----------------------------------------------------------------------------------- service ftp { flags = REUSE socket_type = stream instances = 50 wait = no user = root server = /usr/sbin/proftpd bind = <the-ip-you-wish-to-bind-to> log_on_success = HOST PID log_on_failure = HOST RECORD } ----------------------------------------------------------------------------------- There are two things to change in the above. The first is the path to the executable proftpd, server =, and the second is the IP address to bind to, bind = . Once this file exists in /etc/xinetd.d/ the ftp service will start when you boot via xinetd. |
All times are GMT -5. The time now is 11:02 PM. |