LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-06-2003, 04:27 AM   #1
Corellon
LQ Newbie
 
Registered: Jun 2003
Distribution: Redhat 7.3
Posts: 14

Rep: Reputation: 0
ProFTPD problems


Hi I have the following problem with ProFTPD

I created a user and I can connect with it to my ftp but the problem is that I canít create directories or store files Ö only read from it.

If I log in as root (which is very unwanted) I can store and create directories. I understand that the problem is with user permissions, where do I create the permissions for ftp user?

Thank you in advance.
 
Old 06-06-2003, 07:54 AM   #2
Slasher
Member
 
Registered: Oct 2002
Location: Norway
Distribution: Gentoo
Posts: 36

Rep: Reputation: 15
In your proftpd.conf (vitualhost, anonymous, et al), put something like:
Code:
<Directory upload>
    <Limit STOR CWD APPE READ RMD DELE MKD>
            AllowAll
    </Limit>
</Directory>
 
Old 06-06-2003, 08:31 AM   #3
Corellon
LQ Newbie
 
Registered: Jun 2003
Distribution: Redhat 7.3
Posts: 14

Original Poster
Rep: Reputation: 0
I did exactly that and still have the same problem can login but cant make directories or store files. Here is my proftpd.conf file:


ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on

# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

RootLogin on

<Directory /*>
<Limit STOR CWD APPE READ RMD DELE MKD>
AllowAll
</Limit>
</Directory>
 
Old 06-06-2003, 09:07 AM   #4
Slasher
Member
 
Registered: Oct 2002
Location: Norway
Distribution: Gentoo
Posts: 36

Rep: Reputation: 15
I believe you have to put the <Directory> inside a virtualhost or anonymous. Example with one virtualhost and one anonymous:

Code:
<VirtualHost my.dns.com>
<Anonymous /some/path>
        User someuser
        Group somegroup
        AnonRequirePassword on     #(or off)
        RequireValidShell off     #(or off)
        <Limit WRITE>
                DenyAll
        </Limit>
        <Limit LOGIN>
                AllowAll
        </Limit>
        <Directory upload>
                <Limit STOR CWD APPE READ RMD DELE MKD>
                        AllowAll
                </Limit>
        </Directory>
</Anonymous>
</VirtualHost>
Hope it helps

Last edited by Slasher; 06-06-2003 at 09:08 AM.
 
Old 06-06-2003, 11:27 AM   #5
Corellon
LQ Newbie
 
Registered: Jun 2003
Distribution: Redhat 7.3
Posts: 14

Original Poster
Rep: Reputation: 0
ok I made the changes also could you explain for what the

<anonymous>
</anonymous>

stands for, because I define within another user and I donít quite understand those tags. What I mean does it define rules for anonymous login or for all logins?

Anyhow here are the changes that I made and still with the same effect.

---------

ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on

# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

RootLogin on

<Anonymous /var/www/html/>
User test
Group ftpuser
AnonRequirePassword on #(or off)
RequireValidShell off #(or off)
<Limit WRITE>
AllowAll
</Limit>
<Limit LOGIN>
AllowAll
</Limit>
<Directory /*>
<Limit STOR CWD APPE READ RMD DELE MKD>
AllowAll
</Limit>
</Directory>
</Anonymous>

Thanks a lot.

Last edited by Corellon; 06-06-2003 at 11:28 AM.
 
Old 06-06-2003, 11:44 AM   #6
Slasher
Member
 
Registered: Oct 2002
Location: Norway
Distribution: Gentoo
Posts: 36

Rep: Reputation: 15
The <anonymous> part is basicly for anonymous ftp. (with or without password, singleuser or multiuser)

Here is a proftpd configuration example with one vitualhost and one anonymous inside. I'v tested this on my system, it works like a charm:

Code:
 
ServerName "FTP Server"
ServerType inetd
DefaultServer on
Port 13795
Umask 022

# Some basic defaults
TimeoutLogin         120
TimeoutIdle          600
TimeoutNoTransfer    600
TimeoutStalled       600

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    30

# Set the user and group under which the server will run.
User root
Group root

# Normally, we want files to be overwriteable.
<Directory /*>
        AllowOverwrite on
        AllowRetrieveRestart on
        AllowStoreRestart on
</Directory>

# Deny login for users with shellaccess
<Limit LOGIN>
    DenyAll
</Limit>

<Global>
        PassivePorts 51000 51999    # for passive mode
        AllowRetrieveRestart on
        AllowStoreRestart on
        DeferWelcome off
        IdentLookups off
        RootLogin off
        AllowForeignAddress on   # Allow FXP
</Global>

<VirtualHost my.dns.net>
ServerAdmin user@server.net
ServerName "1337 FTP site"

# Anonymous, but only user "ftpuser" of group "ftp"has access
<Anonymous /some/path>
        User ftpuser
        Group ftp
        AnonRequirePassword on
        RequireValidShell off   #User ftpuser has shell /bin/false

        MaxClients 20 "Sorry, max %m users -- try again later"

        <Limit WRITE>
                DenyAll
        </Limit>
        <Limit LOGIN>
                AllowAll
        </Limit>
        <Directory upload>
                <Limit STOR CWD APPE READ RMD DELE MKD>
                        AllowAll
                </Limit>
        </Directory>
</Anonymous>
</VirtualHost>
A bit lengthy code, but it's complete and works. Of course one would have to add user "ftpuser" and group" ftp" to the system with "useradd" and so on.

If there's anything else, don't hesitate to ask
 
Old 06-06-2003, 12:46 PM   #7
Corellon
LQ Newbie
 
Registered: Jun 2003
Distribution: Redhat 7.3
Posts: 14

Original Poster
Rep: Reputation: 0
I did that and this is the error that I get when I use ServerType inetd:

Failed to start FTP server : You cannot start the server daemon when in inetd mode.

And if I make this configuration with ĎServerType standaloneí it works but with the same effect as before - can login but canít upload.

What is the difference between standalone and inetd ?

Thank you.
 
Old 06-06-2003, 01:22 PM   #8
Slasher
Member
 
Registered: Oct 2002
Location: Norway
Distribution: Gentoo
Posts: 36

Rep: Reputation: 15
With standalone, you start the server with the "proftpd" command. With inetd/xinetd mode, inetd/xinetd start the server for you. The latter mean you have to add the server to inetd/xinetd's configuration, and add proftpd's connection port (21 or other) to the server list.

To do so, add the following (I'm assumng xinetd):


Modify your proftpd.conf file:
Code:
ServerType inetd

In /etc/xinetd.d/, add a file named "proftpd" containing:
Code:
service proftpd
{
   disable = no
   flags           = REUSE
   socket_type     = stream
   instances       = 50
   wait            = no
   user            = root
   server          = /usr/local/sbin/proftpd
   log_on_success  = HOST PID
}

In /etc/services, add the following line (or modify the line containing the port you want to use for your ftp server(s):
Code:
proftpd         21/tcp                       # ProFTPd connection port

Reload the configuration for xinetd with the command:
Code:
# service xinetd reload

And your set to go!
From now on xinetd will handle all connections to your ftp server, and spawn as many proftpd processes as neccessary. The "MaxInstances" variable in proftpd.conf specify the max number of processes xinetd are allowed to start.

Hope it helps
 
Old 06-06-2003, 03:23 PM   #9
Corellon
LQ Newbie
 
Registered: Jun 2003
Distribution: Redhat 7.3
Posts: 14

Original Poster
Rep: Reputation: 0
I did all the above steps and I still get this message when I try to start proftpd. xinetd reload was ok with the setting you stated above, but still get the same error

Failed to start FTP server : You cannot start the server daemon when in inetd mode.
 
Old 06-06-2003, 07:21 PM   #10
Slasher
Member
 
Registered: Oct 2002
Location: Norway
Distribution: Gentoo
Posts: 36

Rep: Reputation: 15
I'm a litte confused about what you're saying. You are not supposed to start proftpd manually when in inetd mode. Just connect and inetd/xinetd starts a proftpd process and reloads the config file.
 
Old 06-06-2003, 07:52 PM   #11
Corellon
LQ Newbie
 
Registered: Jun 2003
Distribution: Redhat 7.3
Posts: 14

Original Poster
Rep: Reputation: 0
Sorry I misunderstood.

Ok I changed to inetd and now I have another problem I canít connect at all, I get instant timeout all the time.

any ideas ?
 
Old 06-07-2003, 07:22 AM   #12
Slasher
Member
 
Registered: Oct 2002
Location: Norway
Distribution: Gentoo
Posts: 36

Rep: Reputation: 15
This probably means yor system is rejecting the connecting. Two things can cause this behavior: Either you have a firewall (iptables perhaps? You didn't say if you connect from localhost or another machine), or xinetd is configured incorrectly. I'm guessing the latter. Look over your configuration again, and see if:

A) There is duplicate entrys for your FTP port in /etc/services. By default port 21 is already set up for FTP connection. Delete the duplicate entry.
B) Is /etc/xinetd.d/proftpd correct? The path for "server" needs to be valid, and the user the server runs under have to have access to the executable.

Hopefully this will help, if not, pleas post your entire proftpd.conf, /etc/services, /etc/xinet.d/proftpd and include information about your system (linux distro in particular). For future, It's a good idea to put your linux distro in your LQ profile
 
Old 06-07-2003, 08:37 AM   #13
Corellon
LQ Newbie
 
Registered: Jun 2003
Distribution: Redhat 7.3
Posts: 14

Original Poster
Rep: Reputation: 0
I rechecked all the settings, could not find any errors.

About proftpd in /etc/xinetd.d/proftpd

----
service proftpd
{
disable = no
flags = REUSE
socket_type = stream
instances = 50
wait = no
user = root
server = /usr/local/sbin/proftpd
log_on_success = HOST PID
}
my /usr/local/sbin/ is empty while /usr/sbin/proftpd contains a proftpd file so I use the second (I tried both options)
----



Ok here we go the entire configuration

--------proftpd.conf---------
ServerName "FTP Server"
ServerType inetd
DefaultServer on
#Port 13795
Port 21
Umask 022

# Some basic defaults
TimeoutLogin 300
TimeoutIdle 600
TimeoutNoTransfer 600
TimeoutStalled 600

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30

# Set the user and group under which the server will run.
User root
Group root

# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
AllowRetrieveRestart on
AllowStoreRestart on
</Directory>

# Deny login for users with shellaccess
<Limit LOGIN>
AllowAll
</Limit>

<Global>
PassivePorts 51000 51999 # for passive mode
AllowRetrieveRestart on
AllowStoreRestart on
DeferWelcome off
IdentLookups off
RootLogin on
AllowForeignAddress on # Allow FXP
</Global>

<VirtualHost ďmy-ip-addressĒ>
ServerAdmin mithrandir_ice@hotmail.com
ServerName "testing server"

# Anonymous, but only user "ftpuser" of group "ftp"has access
<Anonymous /var/www/html/>
#User ftpuser
#Group ftp
User andrew
Group andrew
AnonRequirePassword on
RequireValidShell off #User ftpuser has shell /bin/false

MaxClients 20 "Sorry, max %m users -- try again later"

<Limit WRITE>
DenyAll
</Limit>
<Limit LOGIN>
AllowAll
</Limit>
<Directory realms>
<Limit STOR CWD APPE READ RMD DELE MKD>
AllowAll
</Limit>
</Directory>
</Anonymous>
</VirtualHost>
-----------------------------
Now /etc/services itís a long one so I include only the start up to port 21
-----------------------------
# /etc/services:
# $Id: services,v 1.31 2002/04/03 16:53:20 notting Exp $
#
# Network services, Internet style
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
# even if the protocol doesn't support UDP operations.
# Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports
# are included, only the more common ones.
#
# The latest IANA port assignments can be gotten from
# http://www.iana.org/assignments/port-numbers
# The Well Known Ports are those from 0 through 1023.
# The Registered Ports are those from 1024 through 49151
# The Dynamic and/or Private Ports are those from 49152 through 65535
#
# Each line describes one service, and is of the form:
#
# service-name port/protocol [aliases ...] [# comment]

tcpmux 1/tcp # TCP port service multiplexer
tcpmux 1/udp # TCP port service multiplexer
rje 5/tcp # Remote Job Entry
rje 5/udp # Remote Job Entry
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
systat 11/udp users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote
qotd 17/udp quote
msp 18/tcp # message send protocol
msp 18/udp # message send protocol
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp-data 20/udp
# 21 is registered to ftp, but also used by fsp
proftpd 21/tcp # ProFTPd connection port
#ftp 21/tcp
#ftp 21/udp fsp fspd

----------------------
/etc/xinet.d/proftpd
--------------------
service proftpd
{
disable = no
flags = REUSE
socket_type = stream
instances = 50
wait = no
user = root
server = /usr/local/sbin/proftpd
log_on_success = HOST PID
}

I use redhat 7.3

Thatís about it.

Thank you for all your help.
 
Old 06-07-2003, 08:51 AM   #14
Slasher
Member
 
Registered: Oct 2002
Location: Norway
Distribution: Gentoo
Posts: 36

Rep: Reputation: 15
Ok, I admit it, this is really odd. Now I'm confused. But, there's allways a solution

Could you try this:

Open a terminal, su to root, and write "tail -f /var/log/messages" (I believe thats the main system log for RH 7.3, if not, change to the correct file and path). Then try to connect to your ftp. Possibly the system will log something to the systemlog. If so, please post it here

You could also try this:

Change servertype to standalone, remove proftpd from /etc/services (uncomment the ftp port 21 line), remove the /etc/xinet.d/proftpd file (just move it to another location), and start proftpd manually with debug on. Then try to connect to your ftp and watch whatever is printed to the terminal you started proftpd:

Code:
# proftpd -d
Hopefully this will give us some idea as to what is wrong
 
Old 06-07-2003, 09:13 AM   #15
Corellon
LQ Newbie
 
Registered: Jun 2003
Distribution: Redhat 7.3
Posts: 14

Original Poster
Rep: Reputation: 0
ok here is what was added in the messages log after I tried to connect:

Jun 7 09:23:40 sls-ce3p11 proftpd[21188]: sls-ce3p11.dca2.superb.net (bzq-218-58-150.cablep.bezeqint.net[my ip]) - FTP no transfer timeout, disconnected
Jun 7 09:23:40 sls-ce3p11 PAM_pwdb[21188]: (ftp) session closed for user andrew
Jun 7 09:23:40 sls-ce3p11 proftpd[21188]: sls-ce3p11.dca2.superb.net (bzq-218-58-150.cablep.bezeqint.net[my ip]) - FTP session closed.

Last edited by Corellon; 06-07-2003 at 11:05 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Proftpd problems soulwatcher1974 Linux - Software 4 06-04-2005 11:01 PM
proFTPd problems wiky007 Linux - General 11 09-22-2004 12:49 PM
proftpd problems mindfestival Linux - Newbie 7 08-16-2004 08:18 AM
Problems with proftpd alitrix Linux - Software 0 12-13-2003 04:58 AM
Problems with Proftpd Inexactitude Linux - Networking 4 11-21-2003 07:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration