| noisebleed |
01-17-2008 08:59 AM |
(FTP Server) Proftpd: 530-Unable to set anonymous privileges.
Hi. I'm trying to setup a ftp server with Proftpd but without success. :(
I want a tech user (alias of ftp) to login with password.
/etc/proftpd/proftpd.conf:
Code:
ServerName "NG-001"
ServerType standalone
DefaultServer on
RequireValidShell off
AuthPAM off
AuthPAMConfig ftp
Port 21
PassivePorts 49000 49010
Umask 022
MaxInstances 10
SystemLog /var/log/proftpd.log
User ftp
Group ftp
DefaultRoot ~
<Directory />
AllowOverwrite on
</Directory>
<Anonymous /var/www/tech/>
User ftp
Group ftp
UserAlias tech ftp
AnonRequirePassword on
RequireValidShell off
MaxClients 10
DisplayLogin welcome.msg
DisplayFirstChdir .message
<Limit LOGIN>
Order deny,allow
Allow from all
</Limit>
# Hide all files owned by user 'root'
HideUser root
<Limit WRITE>
Deny from all
</Limit>
<Directory ./>
<Limit READ WRITE DIRS STOR CWD CDUP>
AllowAll
</Limit>
</Directory>
</Anonymous>
I'm trying to establish a connection through FileZilla but all I get is:
Code:
Resposta: 220 ProFTPD 1.3.1rc2 Server (NG-001) [10.17.1.1]
Comando: USER tech
Resposta: 331 Password required for tech
Comando: PASS ********
Resposta: 530-Unable to set anonymous privileges.
Resposta: 530 Login incorrect.
From the log file /var/log/proftpd.log:
Code:
Jan 17 12:34:59 porteiro proftpd[20228] porteiro.noisebleed.pt: ProFTPD 1.3.1rc2 (devel) (built Ter Jan 15 14:41:25 WET 2008) standalone mode STARTUP
Jan 17 12:35:18 porteiro proftpd[20240] porteiro.noisebleed.pt (10.17.1.19[10.17.1.19]): FTP session opened.
Jan 17 12:35:18 porteiro proftpd[20240] porteiro.noisebleed.pt (10.17.1.19[10.17.1.19]): ftp: Directory /var/www/tech/ is not accessible.
Jan 17 12:35:19 porteiro proftpd[20240] porteiro.noisebleed.pt (10.17.1.19[10.17.1.19]): FTP session closed.
I have /var/www/tech and it is the home of the ftp user.
The password for ftp user was defined through passwd in a root shell. Is this ok?
The ftp also has the shell /bin/ftp = /bin/false defined in /etc/shells.
The Proftpd version installed is 1.3.1_rc2-rc3 and was compiled with the following flags (Gentoo specific).
Code:
USE="acl mysql ncurses nls opensslcrypt pam radius ssl tcpd -authfile -clamav -hardened -ifsession -ipv6 -ldap -noauthunix -postgres -rewrite (-selinux) -shaper -sitemisc -softquota -vroot -xinetd"
Is it ok to have proftpd compiled with acl?
When i try the 503 error still occurs.
Then i edited /etc/pam.d/ftp
Code:
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth include system-auth
# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
#
# If you enable this, it is recommended that you do *not* give the 'ftp'
# user a real shell. Instead, give the 'ftp' user /bin/false for a shell and
# add /bin/false to /etc/shells.
# auth required pam_shells.so
account include system-auth
session include system-auth
and uncommented
Code:
auth required pam_shells.so
and tryed with again with but i didn't get any improvement.
Also when i start the proftpd service i get:
Code:
* Starting proftpd ...
- warning: the DisplayFirstChdir directive is deprecated and will be removed in
a future release. Please use the DisplayChdir directive. [ ok ]
Can anyone help me on this configuration? Thanks. |
