Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello, I'm currently running a CentOS7 server with ProFTP running, however when I go to use my user from a custom .user file it presents me with the error:
Quote:
xxx.xxx.xxx.xxx (xxx.xxx.xxx.xx[xxx.xxx.xxx.xx]) - USER 7285814: no such user found from xxx.xxx.xxx.xx [xxx.xxx.xxx.xx] to ::ffff:xxx.xxx.xxx.xxx:21
Upon checking my ftp.user file the account is definitely there.
# Security-Enhanced Linux (SELinux) Notes:
#
# In Fedora and Red Hat Enterprise Linux, ProFTPD runs confined by SELinux
# in order to mitigate the effects of an attacker taking advantage of an
# unpatched vulnerability and getting control of the ftp server. By default,
# ProFTPD cannot read or write most files on a system nor connect to many
# external network services, but these restrictions can be relaxed by
# setting SELinux booleans as follows:
#
# setsebool -P allow_ftpd_anon_write=1
# This allows the ftp daemon to write to files and directories labelled
# with the public_content_rw_t context type; the daemon would only have
# read access to these files normally. Files to be made available by ftp
# but not writeable should be labelled public_content_t.
#
# setsebool -P allow_ftpd_full_access=1
# This allows the ftp daemon to read and write all files on the system.
#
# setsebool -P allow_ftpd_use_cifs=1
# This allows the ftp daemon to read and write files on CIFS-mounted
# filesystems.
#
# setsebool -P allow_ftpd_use_nfs=1
# This allows the ftp daemon to read and write files on NFS-mounted
# filesystems.
#
# setsebool -P ftp_home_dir=1
# This allows the ftp daemon to read and write files in users' home
# directories.
#
# setsebool -P ftpd_connect_all_unreserved=1
# This setting is only available from Fedora 16/RHEL-7 onwards, and is
# necessary for active-mode ftp transfers to work reliably with non-Linux
# clients (see http://bugzilla.redhat.com/782177), which may choose to
# use port numbers outside the "ephemeral port" range of 32768-61000.
#
# setsebool -P ftpd_connect_db=1
# This setting allows the ftp daemon to connect to commonly-used database
# ports over the network, which is necessary if you are using a database
# back-end for user authentication, etc.
#
# setsebool -P ftpd_is_daemon=1
# This setting is available only in Fedora releases 4 to 6 and Red Hat
# Enterprise Linux 5. It should be set if ProFTPD is running in standalone
# mode, and unset if running in inetd mode.
#
# setsebool -P ftpd_disable_trans=1
# This setting is available only in Fedora releases 4 to 6 and Red Hat
# Enterprise Linux 5, and when set it removes the SELinux confinement of the
# ftp daemon. Needless to say, its use is not recommended.
#
# All of these booleans are unset by default.
#
# See also the "ftpd_selinux" manpage.
#
# Note that the "-P" option to setsebool makes the setting permanent, i.e.
# it will still be in effect after a reboot; without the "-P" option, the
# effect only lasts until the next reboot.
#
# Restrictions imposed by SELinux are on top of those imposed by ordinary
# file ownership and access permissions; in normal operation, the ftp daemon
# will not be able to read and/or write a file unless *all* of the ownership,
# permission and SELinux restrictions allow it.
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
DefaultServer on
# Cause every FTP user except adm to be chrooted into their home directory
#DefaultRoot ~ !adm
# Use pam to authenticate (default) and be authoritative
#AuthPAMConfig proftpd
#AuthOrder mod_auth_pam.c* mod_auth_unix.c
# If you use NIS/YP/LDAP you may need to disable PersistentPasswd
#PersistentPasswd off
# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS off
# Set the user and group that the server runs as
User nobody
Group nobody
# To prevent DoS attacks, set the maximum number of child processes
# to 20. If you need to allow more than 20 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode; in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 50
# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile off
# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded
# (http://www.proftpd.org/docs/modules/...leControlsACLs)
ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *
# Enable basic controls via ftpdctl
# (http://www.proftpd.org/docs/modules/mod_ctrls.html)
ControlsEngine on
ControlsACLs all allow user root
ControlsSocketACL allow user *
ControlsLog /var/log/proftpd/controls.log
# Enable mod_vroot by default for better compatibility with PAM
# (http://bugzilla.redhat.com/506735)
<IfModule mod_vroot.c>
VRootEngine on
</IfModule>
# TLS (http://www.castaglia.org/proftpd/modules/mod_tls.html)
<IfDefine TLS>
TLSEngine on
TLSRequired on
TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertRequest
TLSVerifyClient off
#TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
TLSLog /var/log/proftpd/tls.log
<IfModule mod_tls_shmcache.c>
TLSSessionCache shm:/file=/var/run/proftpd/sesscache
</IfModule>
</IfDefine>
# Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html)
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
<IfDefine DYNAMIC_BAN_LISTS>
LoadModule mod_ban.c
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab
# If the same client reaches the MaxLoginAttempts limit 2 times
# within 10 minutes, automatically add a ban for that client that
# will expire after one hour.
BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00
# Inform the user that it's not worth persisting
BanMessage "Host %a has been banned"
# Allow the FTP admin to manually add/remove bans
BanControlsACLs all allow user ftpadm
</IfDefine>
# Set networking-specific "Quality of Service" (QoS) bits on the packets used
# by the server (contrib/mod_qos.html)
<IfDefine QOS>
LoadModule mod_qos.c
# RFC791 TOS parameter compatibility
QoSOptions dataqos throughput ctrlqos lowdelay
# For a DSCP environment (may require tweaking)
#QoSOptions dataqos CS2 ctrlqos AF41
</IfDefine>
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable
Umask 022
# Allow users to overwrite files and change permissions
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
# A basic anonymous configuration, with an upload directory
# Enable this with PROFTPD_OPTIONS=-DANONYMOUS_FTP in /etc/sysconfig/proftpd
<IfDefine ANONYMOUS_FTP>
<Anonymous ~ftp>
User ftp
Group ftp
AccessGrantMsg "Anonymous login ok, restrictions apply."
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10 "Sorry, max %m users -- try again later"
# Put the user into /pub right after login
#DefaultChdir /pub
# We want 'welcome.msg' displayed at login, '.message' displayed in
# each newly chdired directory and tell users to read README* files.
DisplayLogin /welcome.msg
DisplayChdir .message
DisplayReadme README*
# Cosmetic option to make all files appear to be owned by user "ftp"
DirFakeUser on ftp
DirFakeGroup on ftp
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE SITE_CHMOD>
DenyAll
</Limit>
DefaultRoot ~
RequireValidShell off
PersistentPasswd off
CreateHome on 777 dirmode 777
Umask 0111 0000
AllowStoreRestart on
AllowOverwrite on
TransferRate RETR 10
# Allow only video files extensions
#<Limit STOR APPE>
# Order deny, allow
# AllowFilter "\\.(avi|mkv|mpg|mpeg|vob|wmv|flv|mp4|mov|webm)$" [NC]
#</Limit>
xxx.xxx.xxx.xxx (xxx.xxx.xxx.xx[xxx.xxx.xxx.xx]) - USER 7285814: no such user found from xxx.xxx.xxx.xx [xxx.xxx.xxx.xx] to ::ffff:xxx.xxx.xxx.xxx:21
That means that proftpd cannot find the user 7285814 where it looks for it!
I suggest you to use the following settings, in order for proftpd to use your user file and not /etc/passwd.
Since I don't use Centos I'm not sure, but maybe you should disable PAM for authentication.
Code:
AuthUserFile /var/www/cgi-bin/logs/ftp.users
AuthOrder mod_auth_file.c
PersistentPasswd off
AuthPAM off
And don't forget to restart the service after making changes to the config files
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
