vsftpd

business_kid · 05-05-2021, 05:28 AM

I have vsftpd installed for file transfers, and unsurprisingly, it's not working.

It's just for the local network, so I don't need anonymous. But although I log in, I can't execute any commands at all. 'ls' produces

Code:

ls at 0  retrying …

I do have an ftp user, with files & a symlink, but I don't even know what directory I am landed in when I log in. I made this config file,

Code:

anonymous_enable=YES
local_enable=YES
dirlist_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
download_enable=YES
xferlog_enable=YES
chown_uploads=YES
chown_username=ftp
xferlog_file=/var/log/vsftpd.log
data_connection_timeout=5
nopriv_user=ftp
ftpd_banner=Welcome to RoseViolet's FTP service.
listen=YES
seccomp_sandbox=NO

and when it didn't work, I grabbed a "working" config from online, and made the minimum of mods

Code:

listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/home/ftp
pam_service_name=vsftpd
ssl_enable=NO
force_dot_files=YES

Both produce the same error and refuse any ftp commands. I gather there's a data channel, and a (separate) command channel which complicates the ftp protocol, but I couldn't link that to a config setting. Can anyone spot the obvious gaffes in either config? Thx.

michaelk · 05-05-2021, 08:09 AM

Code:

listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
#chroot_local_user=YES
secure_chroot_dir=/usr/share/empty
pam_service_name=vsftpd
ssl_enable=NO

For testing purposes I would make two changes, disable chroot_local_users and the secure_chroot_dir must be an empty directory where the FTP user does not have write permissions. This should allow regular users to login and be in their home directory.

http://vsftpd.beasts.org/vsftpd_conf.html

business_kid · 05-05-2021, 09:23 AM

Interesting and practical tips, thanks. However, better detective work here yielded another goof

Code:

sudo /usr/sbin/vsftpd &
[2] 9771
[1]   Exit 2                  /usr/sbin/vsftpd
bash-5.1$ 500 OOPS: could not bind listening IPv4 socket

Process 9771 doesn't exit, but I obviously have issues somewhere on the 'server' side. I looked this up and came across the line

Code:

pam_service_name=vsftpd[1]

which is different from what I had. So I added that as well, and tried it.

I logged in as ftp, which should land me in /home/ftp. I have no files, but a pub/ directory, and a Videos/ symlink

ls failed with a 500 OOPS error
cd actually succeeded to pub and ../Videos.
get failed with "filename.mp4 at 0" error.

And I currently have 2 pam service lines

Code:

pam_service_name=vsftpd
pam_service_name=vsftpd[1]

and don't know which is the correct one.

michaelk · 05-05-2021, 10:06 AM

Code:

sudo /usr/sbin/vsftpd &
[2] 9771
[1]   Exit 2                  /usr/sbin/vsftpd
bash-5.1$ 500 OOPS: could not bind listening IPv4 socket

Was vsftpd already running? If so it would automatically quit and the results are as expected.

I have a debian 10 VM with vsftpd running and symlinks work as expect. If chroot_local_user is still enabled symlinks do not work.

vsftpd default configuration file is /etc/vsftpd.conf, if different make sure it is a command line option.

business_kid · 05-05-2021, 10:42 AM

Quote:

Originally Posted by michaelk

Code:

sudo /usr/sbin/vsftpd &
[2] 9771
[1]   Exit 2                  /usr/sbin/vsftpd
bash-5.1$ 500 OOPS: could not bind listening IPv4 socket

Was vsftpd already running? If so it would automatically quit and the results are as expected.

I have a debian 10 VM with vsftpd running and symlinks work as expect. If chroot_local_user is still enabled symlinks do not work.

vsftpd default configuration file is /etc/vsftpd.conf, if different make sure it is a command line option.

I don't think it was running, as I've been killing it & restarting with changes to config. I know as it's a server, 'kill -hup' should have made it re-read it's config file. I'm sticking with one instance & standard config in /etc/vsftpd.conf, and no options on the command line. All the config files have to be root owned, don't they?

michaelk · 05-05-2021, 01:12 PM

Yes the config file is root owned.