ok, ok... I know there's TON's of threads on this... because I read through most of them, but I still can't get into my box via FTP. here's what happens:

when I try to log in as user, this is what happens:

[/usr/src/sources/proftpd-1.2.6][07:20:37]> ncftp -u adam 192.168.1.101
NcFTP 3.1.4 (Jul 02, 2002) by Mike Gleason (ncftp@ncftp.com).
Connecting to 192.168.1.101...
ProFTPD 1.2.6 Server (ProFTPD Default Installation) [adam.org]
Logging in...
Password requested by 192.168.1.101 for user "adam".

Password required for adam.

Password: *********
Login incorrect.
Could not open host 192.168.1.101: username and/or password was not accepted for login.
#########################################################

then, in /var/log/daemon.log, it gives me this:

Oct 28 08:30:44 adam proftpd[5755]: adam.org - unable to set daemon groups: Operation not permitted

When I try to log in anonymously, I get this in the log:

Oct 28 08:33:23 adam proftpd[5760]: adam.org (adam.org[192.168.1.101]) - wtmp /var/log/wtmp: Permission denied
Oct 28 08:33:23 adam proftpd[5760]: adam.org (adam.org[192.168.1.101]) - error: unable to set groups: Operation not permitted
Oct 28 08:33:23 adam proftpd[5760]: adam.org (adam.org[192.168.1.101]) - ftp chroot("/home/ftp"): Operation not permitted
Oct 28 08:33:23 adam proftpd[5760]: adam.org (adam.org[192.168.1.101]) - error: unable to set anonymous privileges


My config file is pretty much out of the box, and I added users ftp & nobody as well as groups ftp & nogroup

What am I doing wrong?

The easiest way to help you out would be posting your proftpd.conf here ...

Here it is. Any suggestions?


ServerName "ProFTPD Default Installation"
ServerType inetd
DefaultServer on
RootLogin on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 10
# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>
<limit LOGIN>
AllowAll
</limit LOGIN>

# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>

</Anonymous>
(END)

###########################################################

Thanks in advance

RootLogin on
Do you really want to transmit your root password UNENCRYPTED? This is a SERIOUS security task, if you want your box secure do NOT permit root logins!

Does the ftp user/group exist?

What about posting your inetd.conf or your xinetd file that is starting proftpd. Which user is proftpd originally started as? This should be root.

Also what are the uid and gid numbers of the user nobody/nogroup? This information is in the /etc/passwd and /etc/groups files.

You could maybe avoid this altogether by using ssh (and sftp), if you don't have any requirement for anonymous ftp. Lazy I know, but if it does the job who cares.

well, here's my xinetd configuration for ftpd:
service ftp
{
disable = no
socket_type = stream
wait = no
user = nobody
server = /usr/sbin/proftpd
instances = 10
log_on_success = HOST PID
log_on_failure = HOST RECORD
#server_args = '-c /etc/proftpd.conf'
#flags = REUSE
#nice = 10
}

and exerpts from /etc/passwd:
ftp:x:1003:102::/home/ftp:/bin/bash
nobody:x:1004:103::/home:/bin/bash

and /etc/group:
ftp:x:102:
nogroup:x:103:

#############################################

Why do I need 'user=root' in xinetd.conf? I have seen other configurations w/ out that?

thanks for the warning nonamenobody. I was planning on following some of the docs on the proftpd site to encrypt the passwords through ssh. I am setting this up purely out of interest.... I already have sshd on my system.

It wasn't particularly a warning. I was just suggesting a lazier way to get similar functionality, sftp is a front end to scp, it gives you an ftp like interface, but works via scp (which is part of ssh-tools, so all you need is a working ssh server).

Still, you will learn a lot more by getting your ftp server working, than you will if go for the easy option, like I would (spose that is why you are use LFS after all (from your info under your name)).

Well according to the proftpd site root access is needed for the following things:

binding to ports < 1024, setting resource limits, reading configuration information and some network code

Since you are spawning the daemon from xinetd the binding to ports < 1024 shouldn't be a problem. But several of the other things could give you problems. In the proftpd.conf file you set proftpd to run as user nobody.nogroup so most of the actions won't be done as root anyway. So you don't win much security wise by not initially starting proftpd as root.

Does it work if you change the user to root? If it doesn't then there are probably some more things which aren't set correctly.

Does Adam belong to group ftp? Did you start pure-ftpd as superuser?

Thank you for all of the replys. I put user=root in xinetd.conf, and It works o.k. It just seems like I shouldn't have to do that, but I guess I need to learn more about how it all works w/ the system.

thanks again for the help

-Adam