Quick question, how do I start vsftpd with inetd? I searched a little but I couldnt find it. I am on slackware 8.1. I added the following to /etc/inetd.conf:

ftp stream tcp nowait root /usr/sbin/tcpd /usr/local/sbin/vsftpd

Do I then have to restart inetd.conf somehow?
If I do:
/usr/local/sbin/vsftpd

I get the following error message:
vsftpd: does not run standalong, must be started from inetd.

Thanks

I dont know what I did, but now I am getting a different error message, when I try to start vsftpd (/usr/local/sbin/vsftpd) I get the following error message:

500 OOPS: could not bind listening socket

What does that mean?

If I try to ftp in I get the same message.

Thanks

Hi,

I run RH and it is started from xinetd so it's a little different but I have a file in /etc/xinetd.d named vsftpd that looks like this:

# default: off
# description: The vsftpd FTP server serves FTP connections. It uses \
# normal, unencrypted usernames and passwords for authentication.
service ftp
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
nice = 10
}

You also need to edit the conf files, you have to have it run under a non-privledged user that has a home dir and you must have a dir named /usr/share/empty

I recommend making the login shell for the non-priv user /dev/null or /sbin/nologin. Also so for paranoia sake, all of the folks I give an FTP login to get /sbin/nologin as a shell, just in case... You can make the users home dir the dir you want them to access or if you want them to each have thier own home dir, create it and then add them to the vsftpd.chroot_list file.

I am having the same problem and have the same /etc/xinetd.d/vsftpd file with same entries. Still not getting where it is stuck.
Could you pls. clarify further on running it under non-priv user having home dir with the nologin shell - is it somewhere in the vsftpd conf file?

Thanks

lnxsdp,

Create a user, let's call the user vsftd-run. Make a home dir for them ( /home/vsftpd-run/ ). Make sure you have a dir /usr/share/empty with following rights, dr-xr-xr-x
Then su -c "chown root:root /usr/share/empty"

I'm not sure what kind of GUI SW8 has for user modification, but from the command line, as root, usermod -s /dev/null vsftpd-run and that "should" set the login script to /dev/null for the user vsftpd-run. This makes sure no body can get in as the vsftpd-run user.

In the /etc/vsftpd.conf file, change the line that says something like:
nopriv_user=ftp to read nopriv_user=vsftpd-run and save it.

Be sure these lines are not commented out:
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

That should get it up and running. To add FTP users, create a user as normal, change the shell to /dev/null or /sbin/nologin if you wabt then to only have FTP usage. Add the user(s) names to the file /etc/vsftpd.chroot_list if you want to lock them down to their home dir. Don't add vsftpd-run to this file!!

Edit the /etc/vsftpd.ftpusers file and make sure all system accounts (root, bin, daemon, lp, sync, etc...) are in there. This file holds names of accounts who do NOT have FTP access, so add anyone els who you don't want ftp'ing if they have an account.

I also disallow anonymous usage in vsftpd.conf file.
Let me know if you still have problems and I'll send you my [modified] .conf file.

Sorry boss - didn't work.
Tell me if the following is right or wrong:
1. when a ftp request comes at port 21 xinetd starts vsftpd
2. then vsftpd goes through its conf files and the pam(authentication) setup(as in /etc/pam.d/vsftpd) for proper authorisation.

If the above is right then something else (may be the pam configuration - don't know) is wrong as I get exactly the same error message "500 OOPS: could not bind listening port" even if I do the following:
"> telnet <my ip> 21"
i.e. send telnet request at port 21.

Thanks in advance if you can provide further help.

Hey!
AFAIK, #1 is correct, xinetd starts vsftpd when a request is received on port you define, 21 by default. #2 is correct as well...

What do you get if you ftp localhost or ftp 127.0.0.1? Note that you will have to enable local logins in the vsftpd.conf file. Are you running (or did you install) any other ftp servers like wuftp? As root, try ps -aux | grep ftp and see if you come up with anything. How about ipchains or iptables blocking port 21 in or outbound? Any other firewall on the box? Try netstat -ln | less and look for 0.0.0.0:21

Also if you have latest vsftpd (I think 1.1.3 or later), you can add listen=YES as last line in vsftpd.conf file and that will tell it it is not started via inetd. Then, as root, run /usr/local/sbin/vsftpd & or wherever you put it. Try ftp localhost and see what happens. Look at /var/log/vsftpd.log and see what it has in it.

My vsftpd.conf file (without comments) follows:

##############################
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=ftp-up
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
idle_session_timeout=600
data_connection_timeout=120
nopriv_user=vsftpd-run
ftpd_banner=Welcome to YourNameHere FTP services.
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

pam_service_name=vsftpd
##############################

First of all both before & after executing your suggestions ( including old/modified vsftpd.conf file entries like yours + restarting of xinetd) the result is same. i.e. doesn't matter wherefrom I do ftp to my linux box (from local or remote box) the error is always:

=======================================
Connected to <ip for the box or localhost(127.0.0.1) >
500 OOPS: could not bind listening socket
Connection closed by the remote host.
=======================================

I repeated the above error msg. because those words may ring something! And also in prevoius post I said 'port' instead of 'socket'.

The above commands definitely include "ftp localhost"/"ftp 127.0.0.1". The 3rd line appears obviously only in case the ftp request is sent from another machine.

Now I am going through the firewall stuff - don't know extensive commands for it. Could you suggest some?( I have already tried the "iptables -L" from which I couldn't make out something likely to be offending). This is a fresh installation so - don't think other firewall is there.

"netstat -ln" shows the right stuff ie. the server is listening on port 21.

I'm quite surprised that telnet is working fine which is on port 23 whereas ftp is just next -> 21(ftp-data on 20)!

I guess you would agree from the error message that there is no problem with the server listening at port 21. Things are going wrong somewhere in the process flow AFTER the request is accepted by xinetd.

Thanks in advance.

Anything in the log files?

From the README included with vsftpd. It mentions your exact error code... Please check your vsftpd.log file for errors.

This example shows how to run vsftpd in "standalone" mode - i.e. without
needing to run an inetd of some kind (inetd, xinetd, tcpserver etc).

vsftpd has supported standalone mode since v1.1.0.

With the release of v1.1.3, the feature list of standalone mode has grown so
that large internet sites no longer need to use an inetd.
Previously, large internet sites were forced to use xinetd for the important
feature of "limit number of concurrent connections from a single IP address".
Unfortunately, there seem to be xinetd stability issues - various larger
sites are reporting that xinetd's session counting can go wrong and incorrectly
kick off users because it thinks the FTP site is full when it is not.

vsftpd now natively handles maximum session counts and maximum session per IP
counts. It can also do native access control via tcp_wrappers integration and
even per-connect-IP configurability.

To use this example config:

1) Copy the vsftpd.conf file in this directory to /etc/vsftpd.conf.

2) Start up vsftpd, e.g.
vsftpd &

3) That should be it!

The example vsftpd.conf is based on the vsftpd.conf from the INTERNET_SITE
example. Let's look at the differences (at the top):

# Standalone mode
listen=YES

This tells vsftpd to run in standalone mode. Do NOT try and run vsftpd from
an inetd with this option set - it won't work, you may well get 500 OOPS:
could not bind listening socket.

max_clients=200
max_per_ip=4

The maximum number of session is 200 (new clients will get refused with a
busy message). The maximum number of sessions from a single IP is 4 (the
5th connect will get refused with a suitable message).


One further note on standalone mode, regarding virtual IPs. This is very
easy - just run one copy of vsftpd per virtual IP (remembering to give each
a separate config file on the command line).
Distinguish which vsftpd is for which virtual IP with a setting like this
in the vsftpd.conf:

listen_address=192.168.1.2

And launch vsftpd with a specific config file like this:
vsftpd /etc/vsftpd.conf.site1 &

Thanks very much for your notes. I finally got it running in standalone mode.
I guess what was going wrong:
xinetd was starting up (part of startup scripts) and was holding the ftp port -> 21 but vsftpd.conf was having "listen=YES" (i.e. standalone). So whenever ftp request was going vsftpd failed to bind socket which has been already taken by xinetd. So I removed the portion to listen for ftp service from xinetd conf. directory and things were fine after that.

May be I am not clear exactly what went wrong - could you pls. guess whether I am talking right?

Thanks

No problem! Glad I could help.

You are right, if standalone = yes the only way it will start is in standalone mode. If you comment out that line, it should start from xinetd whenever a request to port 21 comes in. I'm glad you got it working!

I'm gettin this error and i'm not sure what to do about it... Wonderring if you had any ideas??


phil@FeelmaChin:~$ ftp 192.168.0.6
Connected to 192.168.0.6.
500 OOPS: vsftpd: not found: directory given in 'secure_chroot_dir'
ftp>

Hmmm...

Not sure but I think that this error has something to do with /usr/share/empty dir. I'm not really sure...

Check to make sure you have a /usr/share/empty dir with the following rights:
dr-xr-xr-x
Create it if you don't and let me know what happens.

That was the problem... you really know your stuff man... thanks alot :-)