LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-12-2012, 08:04 AM   #1
madhavanss
LQ Newbie
 
Registered: Mar 2012
Posts: 9

Rep: Reputation: Disabled
530 Login incorrect error in VSFTPD for root user


i am running VSFTPD in centos for FTP server.

i was able to login to FTP server from other unix boxes using root user.

when i tried to overwrite a file from a windows box using editplus,
553: unable to create the file error was thrown.

then i enabled chroot_list_enable=YES in my vsftpd.conf and restarted the service. then i got 500 : Oops error.

then i commented chroot_list_enable=YES in vsftpd.conf file.

from then, am not able to login into ftp server using root user. it says

[root@wlan-avenger ~]# ftp x.x.x.x
Connected to x.x.x.x.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (x.x.x.x:root): root
331 Please specify the password.
Password:<<typed the right password>>
530 Login incorrect.
Login failed.
ftp> bye
221 Goodbye.
[root@wlan-avenger ~]#

My VSFTPD file looks like this:
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
#anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
#xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
# The name of log file when xferlog_enable=YES and xferlog_std_format=YES
# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
#xferlog_file=/var/log/xferlog
#
# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

Can somebody please help?
 
Old 06-12-2012, 08:38 AM   #2
bagi
LQ Newbie
 
Registered: May 2011
Location: munich
Distribution: Slackware 12.2.0 / 13.37(x64) / 14.0 (x64)
Posts: 7

Rep: Reputation: 1
Hello,

imho there is 100% no reason to access your server through ftp as a root user
(everytime you login, the pwd is then transferred as plaintext).

Its better when you add a pure ftp user (or even better you use ssh or scp to provide secure encrypted communications between two untrusted hosts over an insecure network).

If you still want to access with root and through ftp your server .... do you
have these 2 files /etc/vsftpd/vsftpd.ftpusers, /etc/vsftpd/vsftpd.user_list? If so,
open it and delete the lines with root in it and restart vsftpd.

nice greetings
bagi
 
Old 06-12-2012, 08:43 AM   #3
jsaravana87
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 558
Blog Entries: 5

Rep: Reputation: Disabled
Hi madhavanss.


Enable in vsftpd.conf file

chroot_local_user=YES

#chroot_list_enable=YES comment these line
 
Old 06-12-2012, 11:39 PM   #4
madhavanss
LQ Newbie
 
Registered: Mar 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
If you still want to access with root and through ftp your server .... do you
have these 2 files /etc/vsftpd/vsftpd.ftpusers, /etc/vsftpd/vsftpd.user_list? If so,
open it and delete the lines with root in it and restart vsftpd.
As i mentioned the root user was working earlier. still i referred those files and there are no root entries

Quote:
Enable in vsftpd.conf file

chroot_local_user=YES

#chroot_list_enable=YES comment these line
Tried this also. not working.

But in the Editplus software, there is an option called use SFTP. if i check that option, i can login to the server using root creds and can modify a file. in passive mode its not working. still its not working from other UNIX boxes.

how can i make VSFTPD work in passive mode again??
 
Old 06-12-2012, 11:56 PM   #5
em31amit
Member
 
Registered: Apr 2012
Location: /root
Distribution: Ubuntu, Redhat, Fedora, CentOS
Posts: 190

Rep: Reputation: 55
SFTP is not exactly FTP, SFTP uses openSSH not vsftpd , that's the reason you can access it because you're using OpenSSH not VSFTPD.
 
Old 06-13-2012, 02:06 AM   #6
madhavanss
LQ Newbie
 
Registered: Mar 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
well, i tried creating a user called ftpuser. added it to the groups ftpuser, root and ftp.

tried logging in from a unix box and the result is same.

[root@wlan-avenger ~]# ftp x.x.x.x
Connected to x.x.x.x.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (x.x.x.x:root): ftpuser
331 Please specify the password.
Password:<<typed right password here>>
530 Login incorrect.
Login failed.
ftp> bye
221 Goodbye.
[root@wlan-avenger ~]#

i have no clue why this is happening. the vsftpd service is also running.

[root@pdt-sim4 ~]# /etc/init.d/vsftpd status
vsftpd (pid 6315) is running...

here is my ftpusers file
Quote:
# Users that are not allowed to login via ftp
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
and userlist

Quote:
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
#root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
can some one help???
 
Old 06-13-2012, 02:26 AM   #7
madhavanss
LQ Newbie
 
Registered: Mar 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
this time tried enabling anonymous user and it worked.

Quote:
[root@wlan-avenger ~]# ftp x.x.x.x
Connected to x.x.x.x.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (x.x.x.x:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
ftp>
ftp>
ftp>
ftp>
ftp> bye
221 Goodbye.
still root user /ftpuser are not working. there is something going bad at the time validating the password in the server.

if i want to configure everything from the scratch, how can i proceed? replacing the files from other server will work?
 
Old 06-13-2012, 04:47 AM   #8
madhavanss
LQ Newbie
 
Registered: Mar 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Hello, no one's there to help???

just one more update:

my config file says

Quote:
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
[root@wlan-avenger ~]# [root@wlan-avenger ~]# ftp x.x.x.x
Connected to x.x.x.x.
220 Welcome to PDT-SIM4 FTP service.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (x.x.x.x:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd pub
250 Directory successfully changed.
ftp> bi
200 Switching to Binary mode.
ftp> has
Hash mark printing on (1024 bytes/hash mark).
ftp> get ftpfile
local: ftpfile remote: ftpfile
227 Entering Passive Mode (10,204,243,204,47,62)
150 Opening BINARY mode data connection for ftpfile (4688 bytes).
####
226 File send OK.
4688 bytes received in 2.9e-05 seconds (1.6e+05 Kbytes/s)
ftp> bye
221 Goodbye.
[root@wlan-avenger ~]#[/QUOTE]

Last edited by madhavanss; 06-13-2012 at 04:52 AM. Reason: updated
 
Old 06-13-2012, 06:49 AM   #9
jsaravana87
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 558
Blog Entries: 5

Rep: Reputation: Disabled
i could recommend to reinstall your vsftpd pacakge and just make chroot_local_user=yes in your vsftpd.conf and restart your service



Make a look after my vsftpd configuration

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# The name of log file when xferlog_enable=YES and xferlog_std_format=YES
# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
#xferlog_file=/var/log/xferlog
#
# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
Quote:
chroot_local_user=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
 
Old 06-13-2012, 07:47 AM   #10
madhavanss
LQ Newbie
 
Registered: Mar 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Am running CentOS 5.5 and this VSFTPD is a service there and i started it. am not aware of how to reinstall packages in Linux.

just googled about that and got yum reinstall vsftpd as response in many places.

This server cannot be connected to internet and am not sure how yum will reinstall this package.

can you help me on that?
 
Old 06-13-2012, 08:42 AM   #11
bagi
LQ Newbie
 
Registered: May 2011
Location: munich
Distribution: Slackware 12.2.0 / 13.37(x64) / 14.0 (x64)
Posts: 7

Rep: Reputation: 1
I have vsftpd as a daemon running (if i wanted i am able to login as root).

Maybe the vsftpd-FAQ can help you ...

Q) Help! Local users cannot log in.
A) There are various possible problems.
A1) By default, vsftpd disables any logins other than anonymous logins. Put
local_enable=YES in your /etc/vsftpd.conf to allow local users to log in.
A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to
find out whether this has happened or not). If vsftpd links with PAM, then
you will need to have a PAM file installed for the vsftpd service. There is
a sample one for RedHat systems included in the "RedHat" directory - put it
under /etc/pam.d
A3) If vsftpd didn't link with PAM, then there are various possible issues. Is
the user's shell in /etc/shells? If you have shadowed passwords, does your
system have a "shadow.h" file in the include path?
A4) If you are not using PAM, then vsftpd will do its own check for a valid
user shell in /etc/shells. You may need to disable this if you use an invalid
shell to disable logins other than FTP logins. Put check_shell=NO in your
/etc/vsftpd.conf."
(copied from: https://security.appspot.com/vsftpd/FAQ.txt)


Thats the vsftpd-related part of my inetd.conf:
...
# These are standard services:
#
# Very Secure File Transfer Protocol (FTP) server.
ftp stream tcp nowait root /usr/sbin/tcpd vsftpd
#
...

anonymous_enable=NO
local_enable=YES
local_root=/path/
write_enable=YES
local_umask=0777
dirmessage_enable=YES
xferlog_enable=NO
connect_from_port_20=YES
xferlog_std_format=YES
ftpd_banner=¨°şİ İş°¨¨°şİ İş°¨¨°şİ welcome İş°¨¨°şİ İş°¨¨°şİ İş°¨¨
chroot_list_file=/etc/vsftpd.chroot_list
ls_recurse_enable=YES
listen=NO


maybe irc can help you too:
#vsftpd IRC channel at irc.freenode.net

or .. maybe this thread can be useful:
https://www.centos.org/modules/newbb...29985&forum=37
 
Old 06-13-2012, 09:20 AM   #12
madhavanss
LQ Newbie
 
Registered: Mar 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by arun5002 View Post
i could recommend to reinstall your vsftpd pacakge and just make chroot_local_user=yes in your vsftpd.conf and restart your service
i just tried this.

stopped VSFTPD service

deleted all the vsftpd related files from the server (/etc/vsftpd)

copied the files from other server.

Started the service and bingo...it started working...

Thanks everyone for your time and help.

Marking this thread as solved.

Last edited by madhavanss; 06-13-2012 at 09:22 AM.
 
Old 06-14-2012, 03:02 AM   #13
jsaravana87
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 558
Blog Entries: 5

Rep: Reputation: Disabled
Hi


Quote:
deleted all the vsftpd related files from the server (/etc/vsftpd)

copied the files from other server.

Before making any changes to default configuration make a backup .So it could help you for better troubleshooting

Quote:
This server cannot be connected to internet and am not sure how yum will reinstall this package
.

yum install vsftpd --install package from default centos repository ,there is no neccesssary to connect to internet to install the package

Last edited by jsaravana87; 06-14-2012 at 03:19 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd 530 login incorrect pocon Slackware 11 07-31-2015 03:56 PM
CentOS 5.5 vsftpd virtual users with pam_passwdfile, 530 login incorrect batfastad Red Hat 2 11-17-2010 05:27 AM
vsftpd : 530 login incorrect sheelavantar Slackware 7 09-14-2010 04:07 AM
vsftpd & virtual users - 530 Login incorrect mjtice Linux - Software 3 12-08-2008 03:15 PM
vsftpd 1.1.2 on redhat 7.1 -- 530 incorrect login issue triggerfish Linux - Software 4 08-17-2003 07:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration