Can't make vsftp works on Ubuntu - Users can't login
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can't make vsftp works on Ubuntu - Users can't login
Hello
I am a "light" user of Linux, not a totally newbie but rather inexpert with advanced configurations (and some basics concepts, of course ).
I have an Ubuntu 9.10 server and i need to use an ftp server. I installed vsftp but i can't make it to work. What doesn't work is that can't login to the ftp server with my user(s).
I created a user ("AddressBookUser") that should access to some files located on "/var/www/fpt/rubriche/". I set this folder as his home.
Here is the row for this user in /etc/passwd:
# Follwing rows have been added by me (LZ)
userlist_enable=YES
userlist_file=/etc/vsftpd_user_list
My /etc/vsftpd_user_list contains the following:
AddressBookAdmin
AddressBookUser
vsftpd.chroot_list exists, but as you see above the chroot_list_file directive is disabled.
When i try to connect to the FTP server the connections is established but after i insert "AddressBookUser" as user name and confirm i get a "530 permission denied" message. This occurs both from the network (LAN) computers and locally:
Quote:
webs@webs:/etc$ ftp localhost
Connected to localhost.
220 Welcome to WEBS FTP service!
Name (localhost:webs): AddressBookUser
530 Permission denied.
Login failed.
I can't figure out what is the problem but my thought was that it's a problem related to the user configuration rather than vsftp configuration, but it's only my supposition. If i try to login with the "main" user of my Ubuntu server, "webs" i can login correctly.
I googled a lot but found anything useful.
Anyone can help me?
Thank you
1) first of all check if you have enabled your vsftpd daemon running
if not use following command.
"sudo /etc/init.d/vsftpd start"
2) have you created rule on your ip tables to allow incoming traffic for ftp?
in that case you ca try flushing them "sudo iptables -F"
NOTE: note flushing iptables in not good choice but you can try it for temperory testing.
3) have you set correct permission on your ftp share folder/file?
So, since AddressBookUser is a member of the "rubriche_ro" group he has only read access to that folder. And this is what i want.
Differently, i created another user, "AddressBookAdmin", member of the "ftpusers" group. This group has write access to that folder (that is the home for this user, too) but he can't login, neither.
If this thread is true, I think that having AddressBookUser having their console set to /bin/false may be a problem. There apparently a number of ways to solve this one. If you google "vsftpd bin false" you'll find a bunch. I'm not sure which one you would be more comfortable following, so I'll leave that to you.
I missed to tell it before, but i've already tried to set the console to something different than "false", as "sh" or "bash", but it doesn't solve the problem. Even with this values i can't login. But, as i said, if i try to login with the "main" Ubuntu user i can regularly log in. So there must be something else related to the users. Maybe they'd have to be member of some other groups in addition to the one thy are member of? I don't have the concepts clear about this.
Some additional infos. The problem seems to be not related to the FTP service, but rather it's a problem of correct definition of the user(s) on my system. I realized that i can't login to the system neither with any of the users i have created nor with any other new one that i can try to create. I mean not only the login trough fpt but every type of login (local shell, via Putty from another machine, ecc.). So it's something wrong on the user definition, but i can't figure out what.
Have you looked in the vsftpd log files? It is usually pretty good about logging stuff, so there may be some additional clues as to why this is happening.
The only other thing I can think of is to start turning off options in vsftpd.conf one at a time and see if anything allows AddressBookUser to log in. Personally I'd start with the userlist directives in case something is misconfigured there. Then I'd try turning off chrooting.
At this point there are so many possibilities that we can't really give guidance until we have a better idea of where things are goofed up. If the logs aren't helping, then trying one at a time changes is really the best way to diagnose the problem.
Some additional infos. The problem seems to be not related to the FTP service, but rather it's a problem of correct definition of the user(s) on my system. I realized that i can't login to the system neither with any of the users i have created nor with any other new one that i can try to create. I mean not only the login trough fpt but every type of login (local shell, via Putty from another machine, ecc.). So it's something wrong on the user definition, but i can't figure out what.
Well, since you've got their shells set to /bin/false, they shouldn't be able to log in. You might be able to su to them from root (su - AddressBookUser). I think root can do that even if the shell is /bin/false.
[EDIT] I take that back, you can't su to a /bin/false user. However, if the user is invalid, it appears that su complains whereas a valid user it doesn't.[/EDIT]
You should set the above to NO to allow access to the user(s) in userlist_file. Read vsftpd.conf documentation for more details.
Note also that /bin/false is correct as a shell if you don't want that user to have shell access to your box.
Regards
No, I think he's got it right:
Quote:
Originally Posted by man vsftpd.conf
userlist_enable If enabled, vsftpd will load a list of usernames, from the filename given by userlist_file. If a user tries to log in using a name in this file, they will be denied before they are asked for a password. This may be useful in preventing cleartext passwords being transmitted. See also userlist_deny. Default: NO
However, now that I look at userlist_deny, cianoz may need to set that to no:
Quote:
userlist_deny
This option is examined if userlist_enable is activated. If you set this setting to NO, then users will be denied login unless they are explicitly listed in the file specified by userlist_file. When login is denied, the denial is issued before the user is asked for a password.
I get a "530 permission denied" just after inserting the login name (and i am not asked for the pw).
If i comment them (that is the same as setting "userlist_enable=NO", AFAIK) i get i a different response: i am prompted for the password and after i insert it i receive a "530 login incorrect". Obviously, i take care to insert the correct pw.
Regarding to the setting of the shell: i consciously set it to "/bin/false" because i don't want the user can log in shell. Anyway, at the moment i tried to change it to "/bin/bash" to reduce the potential problems, but anything changes.
Update guys!
I tried to update/change the password for my two users and now one of the two can finally login!
But there's still something that i can't understand here. So, here you are the situation:
(Note: i changed the name of the users to shorter and simplier names)
user "abadmin" is currently set with shell "/bin/bash"
user "abuser" is currently set with shell "/bin/false"
directives "userlist_enable" and "userlist_file" are disabled (commented)
With this settings "abadmin" can login, both with via ftp client and a shell. "abuser" instead still can't login.
Perhaps the passwords have been badly set previously and reassigning them has fixed things. Anyway, the value of the shell for the users seems to be something that still play a role here. AFAIK setting the shell to "false" for the ftp users is common practive, but here seems to determine if ftp users can login or not.
I still have some confusion about this.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.