Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ok, ok... I know there's TON's of threads on this... because I read through most of them, but I still can't get into my box via FTP. here's what happens:
when I try to log in as user, this is what happens:
[/usr/src/sources/proftpd-1.2.6][07:20:37]> ncftp -u adam 192.168.1.101
NcFTP 3.1.4 (Jul 02, 2002) by Mike Gleason (ncftp@ncftp.com).
Connecting to 192.168.1.101...
ProFTPD 1.2.6 Server (ProFTPD Default Installation) [adam.org]
Logging in...
Password requested by 192.168.1.101 for user "adam".
Password required for adam.
Password: *********
Login incorrect.
Could not open host 192.168.1.101: username and/or password was not accepted for login.
#########################################################
then, in /var/log/daemon.log, it gives me this:
Oct 28 08:30:44 adam proftpd[5755]: adam.org - unable to set daemon groups: Operation not permitted
When I try to log in anonymously, I get this in the log:
Oct 28 08:33:23 adam proftpd[5760]: adam.org (adam.org[192.168.1.101]) - wtmp /var/log/wtmp: Permission denied
Oct 28 08:33:23 adam proftpd[5760]: adam.org (adam.org[192.168.1.101]) - error: unable to set groups: Operation not permitted
Oct 28 08:33:23 adam proftpd[5760]: adam.org (adam.org[192.168.1.101]) - ftp chroot("/home/ftp"): Operation not permitted
Oct 28 08:33:23 adam proftpd[5760]: adam.org (adam.org[192.168.1.101]) - error: unable to set anonymous privileges
My config file is pretty much out of the box, and I added users ftp & nobody as well as groups ftp & nogroup
ServerName "ProFTPD Default Installation"
ServerType inetd
DefaultServer on
RootLogin on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 10
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>
<limit LOGIN>
AllowAll
</limit LOGIN>
# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
RootLogin on
Do you really want to transmit your root password UNENCRYPTED? This is a SERIOUS security task, if you want your box secure do NOT permit root logins!
You could maybe avoid this altogether by using ssh (and sftp), if you don't have any requirement for anonymous ftp. Lazy I know, but if it does the job who cares.
well, here's my xinetd configuration for ftpd:
service ftp
{
disable = no
socket_type = stream
wait = no
user = nobody
server = /usr/sbin/proftpd
instances = 10
log_on_success = HOST PID
log_on_failure = HOST RECORD
#server_args = '-c /etc/proftpd.conf'
#flags = REUSE
#nice = 10
}
and exerpts from /etc/passwd:
ftp:x:1003:102::/home/ftp:/bin/bash
nobody:x:1004:103::/home:/bin/bash
and /etc/group:
ftp:x:102:
nogroup:x:103:
#############################################
Why do I need 'user=root' in xinetd.conf? I have seen other configurations w/ out that?
thanks for the warning nonamenobody. I was planning on following some of the docs on the proftpd site to encrypt the passwords through ssh. I am setting this up purely out of interest.... I already have sshd on my system.
It wasn't particularly a warning. I was just suggesting a lazier way to get similar functionality, sftp is a front end to scp, it gives you an ftp like interface, but works via scp (which is part of ssh-tools, so all you need is a working ssh server).
Still, you will learn a lot more by getting your ftp server working, than you will if go for the easy option, like I would (spose that is why you are use LFS after all (from your info under your name)).
Well according to the proftpd site root access is needed for the following things:
binding to ports < 1024, setting resource limits, reading configuration information and some network code
Since you are spawning the daemon from xinetd the binding to ports < 1024 shouldn't be a problem. But several of the other things could give you problems. In the proftpd.conf file you set proftpd to run as user nobody.nogroup so most of the actions won't be done as root anyway. So you don't win much security wise by not initially starting proftpd as root.
Does it work if you change the user to root? If it doesn't then there are probably some more things which aren't set correctly.
Thank you for all of the replys. I put user=root in xinetd.conf, and It works o.k. It just seems like I shouldn't have to do that, but I guess I need to learn more about how it all works w/ the system.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.