LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-23-2003, 12:31 PM   #16
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 49

Is your server uptodate with the patches?

if my memory serves me right, there was a vsftpd patch too.

Catch up with the RedHat updates...
 
Old 07-23-2003, 12:43 PM   #17
markstevens
Member
 
Registered: Jun 2003
Posts: 86

Original Poster
Rep: Reputation: 15
Yep it is up2date Although there are a couple to download today none of them have to do with any of the internet services.
 
Old 07-23-2003, 12:46 PM   #18
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 49
Wanted to add...

that vsftpd update was for tcpwrappers fix only.

Ask shadowman!
 
Old 07-23-2003, 05:03 PM   #19
markstevens
Member
 
Registered: Jun 2003
Posts: 86

Original Poster
Rep: Reputation: 15
two days of trying to fix this problem and still no luck.

I am on the RedHat-list mailing list and still nothinr.

Does anyone know of any other linux, redhat message boards or mail lists that I can get on... especially if they are frequented by the "GURUs" ... would love to get ahold of a RedHat developer...
 
Old 07-24-2003, 09:25 AM   #20
markstevens
Member
 
Registered: Jun 2003
Posts: 86

Original Poster
Rep: Reputation: 15
Seems that this is the impossible question. I really am suprised at how many resources I have been to and no one seems to know what the problem is or how to fix it.

Does anyone know of any other lists or boards I can try?

A few updates.

Connecting to the ftp server via the command prompt or shell window tells me that it is anonymous only. When i connect as anonymous and do ls it asks me to login with user password.

The service seems to be running while this is happening and suddenly the service status goes to running with a PID. but i can not log in as a user and I can not do anything as anonymous.

Help?

Last edited by markstevens; 07-24-2003 at 03:11 PM.
 
Old 07-24-2003, 03:43 PM   #21
markstevens
Member
 
Registered: Jun 2003
Posts: 86

Original Poster
Rep: Reputation: 15
My config file
----------------------------------------------------------------------------------
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are very paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
#
# Allow anonymous FTP?
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=NO
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=NO
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
ascii_upload_enable=YES
ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to the FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES

pam_service_name=vsftpd
userlist_deny=YES
#enable for standalone mode
listen=YES
tcp_wrappers=YES
--------------------------------------------------------------------


The pam file
------------------------------------------------------------------
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth

---------------------------------------------------------------------------

Anyone? Anything?


Anywhere else I should look?

Why say it is anonymous and then ask for authentication???
 
Old 07-24-2003, 05:09 PM   #22
markstevens
Member
 
Registered: Jun 2003
Posts: 86

Original Poster
Rep: Reputation: 15
AHA!!!!

Found it...

There was an entry in the xinetd.conf file for vsftpd. I simply removed all reference to it and that solved the problem.

Funny....
 
Old 07-25-2003, 04:12 AM   #23
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 49
Hey Mark

Have a look at my post#5. Great you persisted and resolved this nagging issue.

However, I had tried starting vsftpd from xinetd as well as a standalone on my pc and surprisingly it did not give me any errors.
 
Old 07-25-2003, 09:41 AM   #24
markstevens
Member
 
Registered: Jun 2003
Posts: 86

Original Poster
Rep: Reputation: 15
You were on the right track I just was not aware of the conf file impacts of running inside xinetd or stand alone. Now I have a lil better idea. Sad to say that this is how I learn most of my stuff.

After reading several articles on these types of problems we found that xinetd was defaulting to an anon service to start vsftpd but once started the vsftpd service wanted user authentication.

The best I can tell is we used to run vsftpd under xinetd. When we installed the patch for vsftpd and tcp wrappers we hadn't rebooted and once we rebooted vsftpd came back stand alone... but with xinetd still trying to run it the two services were in conflict with one another.

Thanks again for the help and patience.
 
Old 07-26-2003, 11:46 AM   #25
moerwen
LQ Newbie
 
Registered: Jul 2003
Location: Oslo Norway
Distribution: Redhat Linux 9
Posts: 8

Rep: Reputation: 0
vsftp error

Hello good news. send me your e'mail adress.
My E'mail is: m.andersen@ma-data.no
I will forward you a vsftpd.conf file i have edited, and tis actually works. I lock real users to their home catalog and disable anonymus logins.
It is very important to know that if you add lines to the file.
the position of the added line is important.

DO NOT OPEN SPACE BETWEEN THE LINES IN THE ORIGINAL.
ADD LINES AT THE END
 
Old 07-27-2003, 08:45 AM   #26
moerwen
LQ Newbie
 
Registered: Jul 2003
Location: Oslo Norway
Distribution: Redhat Linux 9
Posts: 8

Rep: Reputation: 0

# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are very paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
#
# Allow anonymous FTP?
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.

write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create

# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they

# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown

# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
chroot_local_user=YES (Added lines must be added here! Omit this from the vsftpd.conf file )
pam_service_name=vsftpd
userlist_enable=YES
#enable for standalone mode
listen=YES
tcp_wrappers=YES


this setup works on my server an make anonymus logins disabled, and external users are set up as real users with the ftp directory as their home directory
 
Old 07-30-2003, 02:50 AM   #27
shortbus
LQ Newbie
 
Registered: Jul 2003
Posts: 3

Rep: Reputation: 0
Having the same thing happen.

vsftpd dead but subsys locked

I followed the whole post and notting seems to work.


vsftpd.conf

# Allow anonymous FTP?
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Uncomment this to allow guest access
#guest_enable=YES
#guest_username=virtual
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to Wombo's FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
pam_service_name=vsftpd
#Changes Are Here
userlist_enable=YES
#enable for standalone mode
listen=YES
tcp_wrappers=YES

tail messages

Jul 29 22:14:07 lv-2 vsftpd: vsftpd shutdown failed
Jul 29 22:17:22 lv-2 vsftpd: true startup succeeded
Jul 29 23:07:25 lv-2 vsftpd: true startup succeeded
Jul 29 23:35:40 lv-2 vsftpd: true startup succeeded

Server is stand alone.

Had this thing running on 8 for ever, just updated to 9
Have not been able to get it to run on 9
 
Old 07-30-2003, 09:21 AM   #28
markstevens
Member
 
Registered: Jun 2003
Posts: 86

Original Poster
Rep: Reputation: 15
ok first check /etc/xinted.conf and make sure there is nothing about vsftpd there.

For some reason I found an entry in there and it caused my problem.

What was happening is that xinetd was starting vsftpd and then when vsftpd would start it would find the lock file but the pid did not belong to vsftpd so it would say it was locked.

Strange ...

So check that...
 
Old 07-30-2003, 01:19 PM   #29
shortbus
LQ Newbie
 
Registered: Jul 2003
Posts: 3

Rep: Reputation: 0
Copy of xinted.conf

Followed the post so far to the letter with no luck.

Here is what xinetd.conf

Looks like

#
# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/

defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}

includedir /etc/xinetd.d



Here is what is in xinetd.d


[root@ xinetd.d]# ls
chargen daytime-udp finger ipop2 pop3s rsh services telnet
chargen-udp echo imap ipop3 rexec rsync sgi_fam time
daytime echo-udp imaps ntalk rlogin servers talk time-udp
[

See vsftpd no place.

Any other ideas?
 
Old 07-30-2003, 01:54 PM   #30
markstevens
Member
 
Registered: Jun 2003
Posts: 86

Original Poster
Rep: Reputation: 15
have you already gone to /var/lock/subsys and removed the vsftpd file?

do that and then.... service vsftpd start
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
httpd dead but subsys locked paleogryph Linux - Software 3 05-18-2016 11:37 AM
vsftpd settingd and VSFTPD DEAD BUT SUBSYS LOCKED pc_copat Linux - Newbie 15 11-05-2009 11:31 PM
sshd dead but subsys locked phyrko Linux - Networking 9 03-26-2009 06:17 AM
vsftpd dead but subsys locked? ciberrust Linux - Software 6 11-29-2004 08:11 AM
vsftpd dead but subsys locked jon_k Linux - Software 2 07-16-2003 05:19 PM


All times are GMT -5. The time now is 04:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration