i am running VSFTPD in centos for FTP server.

i was able to login to FTP server from other unix boxes using root user.

when i tried to overwrite a file from a windows box using editplus,
553: unable to create the file error was thrown.

then i enabled chroot_list_enable=YES in my vsftpd.conf and restarted the service. then i got 500 : Oops error.

then i commented chroot_list_enable=YES in vsftpd.conf file.

from then, am not able to login into ftp server using root user. it says

[root@wlan-avenger ~]# ftp x.x.x.x
Connected to x.x.x.x.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (x.x.x.x:root): root
331 Please specify the password.
Password:<<typed the right password>>
530 Login incorrect.
Login failed.
ftp> bye
221 Goodbye.
[root@wlan-avenger ~]#

My VSFTPD file looks like this:
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
#anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
#xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
# The name of log file when xferlog_enable=YES and xferlog_std_format=YES
# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
#xferlog_file=/var/log/xferlog
#
# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

Can somebody please help?

Hello,

imho there is 100% no reason to access your server through ftp as a root user
(everytime you login, the pwd is then transferred as plaintext).

Its better when you add a pure ftp user (or even better you use ssh or scp to provide secure encrypted communications between two untrusted hosts over an insecure network).

If you still want to access with root and through ftp your server .... do you
have these 2 files /etc/vsftpd/vsftpd.ftpusers, /etc/vsftpd/vsftpd.user_list? If so,
open it and delete the lines with root in it and restart vsftpd.

nice greetings
bagi

Hi madhavanss.


Enable in vsftpd.conf file

chroot_local_user=YES

#chroot_list_enable=YES comment these line

As i mentioned the root user was working earlier. still i referred those files and there are no root entries

Tried this also. not working.

But in the Editplus software, there is an option called use SFTP. if i check that option, i can login to the server using root creds and can modify a file. in passive mode its not working. still its not working from other UNIX boxes.

how can i make VSFTPD work in passive mode again??

SFTP is not exactly FTP, SFTP uses openSSH not vsftpd , that's the reason you can access it because you're using OpenSSH not VSFTPD.

well, i tried creating a user called ftpuser. added it to the groups ftpuser, root and ftp.

tried logging in from a unix box and the result is same.

[root@wlan-avenger ~]# ftp x.x.x.x
Connected to x.x.x.x.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (x.x.x.x:root): ftpuser
331 Please specify the password.
Password:<<typed right password here>>
530 Login incorrect.
Login failed.
ftp> bye
221 Goodbye.
[root@wlan-avenger ~]#

i have no clue why this is happening. the vsftpd service is also running.

[root@pdt-sim4 ~]# /etc/init.d/vsftpd status
vsftpd (pid 6315) is running...

here is my ftpusers file
and userlist

can some one help???

this time tried enabling anonymous user and it worked.

still root user /ftpuser are not working. there is something going bad at the time validating the password in the server.

if i want to configure everything from the scratch, how can i proceed? replacing the files from other server will work?

Hello, no one's there to help???

just one more update:

my config file says

[root@wlan-avenger ~]# [root@wlan-avenger ~]# ftp x.x.x.x
Connected to x.x.x.x.
220 Welcome to PDT-SIM4 FTP service.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (x.x.x.x:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd pub
250 Directory successfully changed.
ftp> bi
200 Switching to Binary mode.
ftp> has
Hash mark printing on (1024 bytes/hash mark).
ftp> get ftpfile
local: ftpfile remote: ftpfile
227 Entering Passive Mode (10,204,243,204,47,62)
150 Opening BINARY mode data connection for ftpfile (4688 bytes).
####
226 File send OK.
4688 bytes received in 2.9e-05 seconds (1.6e+05 Kbytes/s)
ftp> bye
221 Goodbye.
[root@wlan-avenger ~]#[/QUOTE]

i could recommend to reinstall your vsftpd pacakge and just make chroot_local_user=yes in your vsftpd.conf and restart your service



Make a look after my vsftpd configuration

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# The name of log file when xferlog_enable=YES and xferlog_std_format=YES
# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
#xferlog_file=/var/log/xferlog
#
# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

Am running CentOS 5.5 and this VSFTPD is a service there and i started it. am not aware of how to reinstall packages in Linux.

just googled about that and got yum reinstall vsftpd as response in many places.

This server cannot be connected to internet and am not sure how yum will reinstall this package.

can you help me on that?

I have vsftpd as a daemon running (if i wanted i am able to login as root).

Maybe the vsftpd-FAQ can help you ...

Q) Help! Local users cannot log in.
A) There are various possible problems.
A1) By default, vsftpd disables any logins other than anonymous logins. Put
local_enable=YES in your /etc/vsftpd.conf to allow local users to log in.
A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to
find out whether this has happened or not). If vsftpd links with PAM, then
you will need to have a PAM file installed for the vsftpd service. There is
a sample one for RedHat systems included in the "RedHat" directory - put it
under /etc/pam.d
A3) If vsftpd didn't link with PAM, then there are various possible issues. Is
the user's shell in /etc/shells? If you have shadowed passwords, does your
system have a "shadow.h" file in the include path?
A4) If you are not using PAM, then vsftpd will do its own check for a valid
user shell in /etc/shells. You may need to disable this if you use an invalid
shell to disable logins other than FTP logins. Put check_shell=NO in your
/etc/vsftpd.conf."
(copied from: https://security.appspot.com/vsftpd/FAQ.txt)


Thats the vsftpd-related part of my inetd.conf:
...
# These are standard services:
#
# Very Secure File Transfer Protocol (FTP) server.
ftp stream tcp nowait root /usr/sbin/tcpd vsftpd
#
...

anonymous_enable=NO
local_enable=YES
local_root=/path/
write_enable=YES
local_umask=0777
dirmessage_enable=YES
xferlog_enable=NO
connect_from_port_20=YES
xferlog_std_format=YES
ftpd_banner=¨°º© ©º°¨¨°º© ©º°¨¨°º© welcome ©º°¨¨°º© ©º°¨¨°º© ©º°¨¨
chroot_list_file=/etc/vsftpd.chroot_list
ls_recurse_enable=YES
listen=NO


maybe irc can help you too:
#vsftpd IRC channel at irc.freenode.net

or .. maybe this thread can be useful:
https://www.centos.org/modules/newbb...29985&forum=37

i just tried this.

stopped VSFTPD service

deleted all the vsftpd related files from the server (/etc/vsftpd)

copied the files from other server.

Started the service and bingo...it started working...

Thanks everyone for your time and help.

Marking this thread as solved.

Hi



Before making any changes to default configuration make a backup .So it could help you for better troubleshooting

.

yum install vsftpd --install package from default centos repository ,there is no neccesssary to connect to internet to install the package