Assistance with VSFTP

[Herculeon]

---

I am not sure what I need to adjust. I have SELinux off. Anonymous off then I changed to on. There are other things I have done as well. To give a basic run down on what is happening, here are the 2 issues.

1. After it processes a logon, it waits roughly 10 seconds before you can actually do something. I need it to be immediate.

2. When you start an upload, every file wants a fresh logon attempt. If you have 5 files, not that big a deal. When you upload 1000 files, it becomes a real problem.

I am sure it is something rudimentary, but I just cannot seem to figure it out.

Below is a copy of my VSFTP.CONF:

local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
ftpd_banner=Welcome to Fedora FTP service.
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
ls_recurse_enable=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
local_root=/var/www/html
use_localtime=YES
anonymous_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
write_enable=YES
anon_root=/var/www/html
pasv_min_port=49152
pasv_max_port=65534

[Rexilion]

I can see you have enabled the following major features:

- anonymous write access
- features for compatibility (e.g. connect_from_port_20=YES)
- chroot
- pam authentication
- tcp wrappers

You could try toggling these on and off and see if it makes a difference. However, my first suggestion would be:

Try another FTP client and see how it goes?

FTP clients are 'interesting' pieces of software.

[Herculeon]

I have toggled the settings on and off. I tried each setting off one at a time, then followed the matrix until they were all off. I have used coreftp and filezilla. I still get the same reactions or I cannot connect at all. Any further ideas?

[Rexilion]

At the server, check it's logs with tail and see where things hang.

At the client, check it's logs and see where things hang. Filezilla displays commands send to the FTP server.

You should probably see a specific command hang each time.

[Herculeon]

there appears to be no issues or errors within the logs for both the server and the client. When you login with the FTP client, it connects, displays the welcome message, the password gets sent and then it waits about 10 seconds before processing the rest of the connection. that will happen with each file that is uploaded.

[Rexilion]

Apparently I failed to correctly state my intention.

Using filezilla, you can see what FTP command takes 10 seconds (e.g. long hang). E.g. is it at logging in, is it at listing dirs is it at traversing dirs etc etc... . Just look at what stuff scrolls by in the upper panel in Filezilla.

Did you check your firewall?
Did you change between active and passive mode?
Try another root directory for sharing?

[Herculeon]

what I gave you is what displays. here is a copy of the response windows to where it hangs:
Status: Connecting to ***.***.***.***:21...
Status: Connection established, waiting for welcome message...
Response: 220 Welcome to Fedora FTP service.
Command: USER development
Response: 331 Please specify the password.
Command: PASS **************

that is where it pauses for the 10 seconds. below is what happens after the pauses releases:
Response: 230 Login successful.
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: EPRT
Response: EPSV
Response: MDTM
Response: PASV
Response: REST STREAM
Response: SIZE
Response: TVFS
Response: UTF8
Response: 211 End
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/var/www/html"
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (172,16,0,114,236,234).
Command: LIST
Response: 150 Here comes the directory listing.
Response: 226 Directory send OK.
Status: Calculating timezone offset of server...
Command: MDTM BQquery.php
Response: 213 20121227144210
Status: Timezone offsets: Server: 0 seconds. Local: -18000 seconds. Difference: -18000 seconds.
Status: Directory listing successful

The server is an internal server, so I have the firewalls turned off. I also have my firewall turned off on my PC. I have not tried changing the server to accept active mode. It is only in passive. I have tried sharing other directories with no change. Any other ideas?

[Rexilion]

Ah, so you should probably be looking at PAM. Make a PAM file only referencing to pam_unix.so. Like this:

auth requisite pam_unix.so

And change:

pam_service_name=vsftpd

to

pam_service_name=vsftpd-2

And then try again. Make sure you restart vsftpd and that /etc/pam.d/ actually holds your PAM config files (i.e. there should be more including vsftpd).

[Herculeon]

ok, i attempted your suggestion and it did not work. I then undid the change to the vsftpd.conf. Then I went back to the vsftpd-2 file and copied it out and pasted it into the vsftpd file. I then rem'ed out all entries except the entry I coped over. Restarted the service. Then I unrem'ed out each entry one at a time until they were all unrem'ed. Once they were all unremed, I rem'ed the entry copied over over from the vsftpd-2 file. Obviuously, I restarted the service with each change. I know I have no need to repost the conf file, but I want to show what it looks like now.

anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
#connect_from_port_20=NO
xferlog_file=/var/log/vsftpd.log
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to Fedora FTP service.
chroot_local_user=YES
#chroot_local_user=NO
chroot_list_enable=YES
#chroot_list_enable=NO
chroot_list_file=/etc/vsftpd/chroot_list
ls_recurse_enable=YES
listen=YES
#listen=NO
#pam_service_name=vsftpd-2
pam_service_name=vsftpd
#pam_service_name=ftp
userlist_enable=YES
tcp_wrappers=YES
#tcp_wrappers=NO
local_root=/var/www/html
use_localtime=YES

anonymous_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
write_enable=YES
anon_root=/var/www/html

pasv_min_port=49152
pasv_max_port=65534



here is a copy of the pam.d vsftpd file:

#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_shells.so
auth include password-auth
account include password-auth
session required pam_loginuid.so
session include password-auth
#auth requisite pam_unix.so


any other config file you would like to see??
I do really appreciate the assistance you are giving to me, even if we cannot figure it out LOL

[Rexilion]

I then undid the change to the vsftpd.conf. Then I went back to the vsftpd-2 file and copied it out and pasted it into the vsftpd file. I then rem'ed out all entries except the entry I coped over. Restarted the service. Then I unrem'ed out each entry one at a time until they were all unrem'ed. Once they were all unremed, I rem'ed the entry copied over over from the vsftpd-2 file.

I want to make this sure. You copied over the old vsftpd to vsftpd-2 and then did a rule by rule 'search' to figure out what rules was causing your trouble. Right?