Find the answer to your Linux question:
Results 1 to 6 of 6
Hi, I'm running Suse 9.2 and have just installed and configured vsftpd to run standalone, as a first step to validate the config. If I use ftp client, I can ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2005
    Posts
    3

    Local login fails on new vsftp install


    Hi,

    I'm running Suse 9.2 and have just installed and configured vsftpd to run standalone, as a first step to validate the config. If I use ftp client, I can connect to the server and I get the username and password prompts. But whatever I enter for username and password I get "Login failed" as the response.

    Below is the contents of my vsftpd.conf file.

    Any help appreciated.

    ====================================

    # If you do not change anything here you will have a minimum setup for an
    # anonymus FTP server.
    #
    # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
    # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
    # capabilities.

    # General Settings
    #
    # Uncomment this to enable any form of FTP write command.
    #
    #write_enable=YES
    #
    # Activate directory messages - messages given to remote users when they
    # go into a certain directory.
    #
    dirmessage_enable=YES
    #
    # It is recommended that you define on your system a unique user which the
    # ftp server can use as a totally isolated and unprivileged user.
    #
    #nopriv_user=ftpsecure
    #
    # You may fully customise the login banner string:
    #
    #ftpd_banner="Welcome to FOOBAR FTP service."
    #
    # You may activate the "-R" option to the builtin ls. This is disabled by
    # default to avoid remote users being able to cause excessive I/O on large
    # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    # the presence of the "-R" option, so there is a strong case for enabling it.
    #
    #ls_recurse_enable=YES
    #
    # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    # useful for combatting certain DoS attacks.
    #
    #deny_email_enable=YES
    #
    # (default follows)
    #
    #banned_email_file=/etc/vsftpd.banned_emails
    #
    # If enabled, all user and group information in
    # directory listings will be displayed as "ftp".
    #
    #hide_ids=YES

    # Local FTP user Settings
    #
    # Uncomment this to allow local users to log in.
    #
    local_enable=YES
    #
    # Default umask for local users is 077. You may wish to change this to 022,
    # if your users expect that (022 is used by most other ftpd's)
    #
    #local_umask=022
    #
    # Uncomment to put local users in a chroot() jail in their home directory
    # after login.
    #
    chroot_local_user=YES
    #
    # You may specify an explicit list of local users to chroot() to their home
    # directory. If chroot_local_user is YES, then this list becomes a list of
    # users to NOT chroot().
    #
    #chroot_list_enable=YES
    #
    # (default follows)
    #
    #chroot_list_file=/etc/vsftpd.chroot_list
    #
    # The maximum data transfer rate permitted, in bytes per second, for
    # local authenticated users. The default is 0 (unlimited).
    #
    #local_max_rate=7200

    # Anonymus FTP user Settings
    #
    # Allow anonymous FTP?
    #
    anonymous_enable=YES
    #
    # Anonymous users will only be allowed to download files which are
    # world readable.
    #
    anon_world_readable_only=YES
    #
    # Uncomment this to allow the anonymous FTP user to upload files. This only
    # has an effect if the above global write enable is activated. Also, you will
    # obviously need to create a directory writable by the FTP user.
    #
    #anon_upload_enable=YES
    #
    # Default umask for anonymus users is 077. You may wish to change this to 022,
    # if your users expect that (022 is used by most other ftpd's)
    #
    #anon_umask=022
    #
    # Uncomment this if you want the anonymous FTP user to be able to create
    # new directories.
    #
    #anon_mkdir_write_enable=YES
    #
    # Uncomment this to enable anonymus FTP users to perform other write operations
    # like deletion and renaming.
    #
    #anon_other_write_enable=YES
    #
    # If you want, you can arrange for uploaded anonymous files to be owned by
    # a different user. Note! Using "root" for uploaded files is not
    # recommended!
    #
    #chown_uploads=YES
    #chown_username=whoever
    #
    # The maximum data transfer rate permitted, in bytes per second, for anonymous
    # authenticated users. The default is 0 (unlimited).
    #
    #anon_max_rate=7200


    # Log Settings
    #
    # Log to the syslog daemon instead of using an logfile.
    #
    #syslog_enable=YES
    #
    # Uncomment this to log all FTP requests and responses.
    #
    log_ftp_protocol=YES
    #
    # Activate logging of uploads/downloads.
    #
    #xferlog_enable=YES
    #
    # You may override where the log file goes if you like. The default is shown
    # below.
    #
    vsftpd_log_file=/var/log/vsftpd.log
    #
    # If you want, you can have your log file in standard ftpd xferlog format.
    # Note: This disables the normal logging unless you enable dual_log_enable below.
    #
    #xferlog_std_format=YES
    #
    # You may override where the log file goes if you like. The default is shown
    # below.
    #
    #xferlog_file=/var/log/xferlog
    #
    # Enable this to have booth logfiles. Standard xferlog and vsftpd's own style log.
    #
    #dual_log_enable=YES
    #
    # Uncomment this to enable session status information in the system process listing.
    #
    #setproctitle_enable=YES

    # Transfer Settings
    #
    # Make sure PORT transfer connections originate from port 20 (ftp-data).
    #
    connect_from_port_20=YES
    #
    # You may change the default value for timing out an idle session.
    #
    #idle_session_timeout=600
    #
    # You may change the default value for timing out a data connection.
    #
    #data_connection_timeout=120
    #
    # Enable this and the server will recognise asynchronous ABOR requests. Not
    # recommended for security (the code is non-trivial). Not enabling it,
    # however, may confuse older FTP clients.
    #
    #async_abor_enable=YES
    #
    # By default the server will pretend to allow ASCII mode but in fact ignore
    # the request. Turn on the below options to have the server actually do ASCII
    # mangling on files when in ASCII mode.
    # Beware that turning on ascii_download_enable enables malicious remote parties
    # to consume your I/O resources, by issuing the command "SIZE /big/file" in
    # ASCII mode.
    # These ASCII options are split into upload and download because you may wish
    # to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
    # without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
    # on the client anyway..
    #
    #ascii_upload_enable=YES
    #ascii_download_enable=YES
    #
    # Set to NO if you want to disallow the PASV method of obtaining a data
    # connection.
    #
    #pasv_enable=NO

    # PAM setting. Do NOT change this unless you know what you do!
    #
    pam_service_name=vsftpd

    # Set listen=YES if you want vsftpd to run standalone
    #
    listen=YES

  2. #2
    Linux Engineer
    Join Date
    May 2003
    Location
    Greece / Athens
    Posts
    1,169
    uncomment this #syslog_enable=YES and check in:
    vsftpd_log_file=/var/log/vsftpd.log
    type what it has ...
    Linux For Ever!

  3. #3
    Just Joined!
    Join Date
    Jan 2005
    Posts
    3
    I tried uncommenting the line suggested but no such log file is being created. And I really DID restart the daemon after editing :-)

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Jan 2005
    Posts
    3
    Progress! An email from colleague advised I check /var/log/messages and from there I could see that PAM was refusing the authentication for FTP client. On looking at /etc/pam.d I can see there is no directory for vsftpd so I guess this is the cause of the problem.

    Still cannot work out why I can't get the specified log file created, but that's a smaller problem.

  6. #5
    Just Joined!
    Join Date
    May 2007
    Posts
    5

    local vsftpd users unable to login

    Hi,
    I was having the same problem with local users and vsftpd. I could login as anonymous but not as a local user. I had to add this line to my vsftpd.conf:
    pam_service_name=vsftpd

    Reason being if you don't specify a pam service name it will default to ftpd, but the /etc/pam.d config file was named /etc/pam.d/vsftpd.

  7. #6
    Just Joined!
    Join Date
    May 2007
    Location
    Germany/Netherlands
    Posts
    39

    vsftpd - working configuration

    I had vsftp problems with SuSE too. Later I tried to get it done on Fedora fc6 but I think this should probably work for SuSE. I'll try SuSE myself again, sometime soon.

    Maybe, if you don't need all of this, you could just pick the elements you need. Good luck!

    You probably know what's in this paragraph, but for newbies who might read this: keep in mind that in order to use ftp, port 21 must be open in your Firewall and router. If you have SELinux enabled, you must modify SELinux (System => Administration => Security Level) to allow ftp.

    I use vsftpd as a standalone server, without inet and the like.

    From now on, I assume that you operate as root. I modify files using Gedit, not vi, but that doesn't really matter.

    Before you start, keep in mind that virtual users are in fact guest users. A guest user may only get access if there is a real user who 'invites' the guest. This means you need to create a real user for ftp purposes. That's what we'll do later on.


    Step 1 - PACKAGES

    Required packages:
    pam (installed by default)
    db (my version of Fedora has db4 installed by default)
    compat-db (provides db42_load; this might not be required for SuSE)
    vsftpd

    Check which db is installed
    TERMINAL: rpm -qa | grep -i db
    If the list that appears does not contain a database, i.e. db, db3 or db4, you've got to install it.
    TERMINAL: yum install db4
    (SuSE probably has db installed as default)

    Install compat-db (might not be necessary for SuSE)
    TERMINAL: yum install compat-db

    Check if you've got vsftpd
    TERMINAL: rpm -q vsftpd
    If the message says vsftpd is not installed, then
    TERMINAL: yum install vsftpd


    Step 2 - CONFIGURE PAM

    Find pam_userdb.so
    TERMINAL: locate pam_userdb.so
    You'll probably get: /lib/security/pam_userdb.so
    If necessary, adjust the location in the file you're going to edit now

    Edit the following file in Gedit or vi:
    /etc/pam.d/vsftpd
    This is what it should look like:

    #%PAM-1.0
    session optional pam_keyinit.so force revoke
    auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_users
    account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_users
    #auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
    #auth required pam_shells.so
    #auth include system-auth
    #account include system-auth
    #session include system-auth
    #session required pam_loginuid.so

    You only need the first three lines to work. Any other lines need to be commented out (#) because they might just bar your beloved virtual users.


    Step 3 - CREATE A REAL USER

    You need a user that may invite guest users. Let's call him: inviter. In fact, inviter is not going to do anything, but he's got to exist.
    TERMINAL: adduser -d /home/inviter inviter

    You have now created:
    user: inviter
    group: inviter
    home directory: home/inviter

    The home directory of user inviter is /home/inviter. Since we want /var/www/vhosts (or whatever you chose) to be the home directory, we change it now
    TERMINAL: usermod -d /var/www/vhosts inviter


    Step 4 - CONFIGURE VSFTPD FOR VIRTUAL USERS

    Edit /etc/vsftpd/vsftpd.conf in Gedit or vi.

    Leaving out the commented lines (#), this is what the file should look like (you may set anonymous_enable to YES if that's what you want):

    anonymous_enable=NO
    local_enable=YES
    write_enable=YES
    local_umask=022
    dirmessage_enable=YES
    xferlog_enable=YES
    connect_from_port_20=YES
    xferlog_file=/var/log/vsftpd.log
    xferlog_std_format=YES
    chroot_local_user=YES
    listen=YES
    pam_service_name=vsftpd
    userlist_enable=YES
    tcp_wrappers=YES

    # Virtual users will be logged into /var/www/vhosts/[username]/ (or whatever path you chose earlier, in which case you must change the path of local_root below)
    user_sub_token=$USER
    local_root=/var/www/vhosts/$USER
    guest_enable=YES
    guest_username=inviter
    # Umask applied for virtual users and anon
    anon_umask=022
    # Allows uploading by virtual users
    anon_upload_enable=YES
    # Allows creation of directories by virtual users
    anon_mkdir_write_enable=YES
    # Allows deletion of files and directories by virtual users
    anon_other_write_enable=YES

    Now, check if vsftpd is running
    TERMINAL: /etc/init.d/vsftpd status

    If vsftpd is not running, start it up
    TERMINAL: /etc/init.d/vsftpd start

    If vsftpd is running, restart it
    TERMINAL: /etc/init.d/vsftpd restart

    You must always restart vsftpd in order for changes in the vsftpd.conf file to take effect.


    Step 5 - SET UP VIRTUAL USERS

    You can only make a database file indirectly. Therefore, first create a text file in directory /etc/vsftpd and give it any name. The name could be: vsftpd_users.txt. The file is going to contain your guest users aka virtual users and their passwords. Always write them on alternate lines, i.e., user1 on line 1, the password for user1 on line 2, user2 on line 3, the password for user2 on line 4 et cetera. Let's create three users (if you want a fourth one, you may add Ringo):

    john
    johnpw
    paul
    paulpw
    george
    georgepw

    You should keep the vsftpd_users.txt file for two reasons: (1) to always know what names and passwords are in the database, and (2) to load the data of this file into the database.

    If the directory /etc/vsftpd/ already contains the file vsftpd_users.db remove it first
    TERMINAL: rm /etc/vsftpd/vsftpd_users.db

    Now we recreate it and feed it with the users inside our text file
    TERMINAL:
    db42_load -T -t hash -f /etc/vsftpd/vsftpd_users.txt /etc/vsftpd/vsftpd_users.db
    (SuSE-users should probably use db_load instead of db42_load)

    Now we set the correct permissions:
    TERMINAL: chmod 600 /etc/vsftpd/vsftpd_users.db /etc/vsftpd/vsftpd_users.txt


    Step 6 - CREATE DIRECTORIES FOR YOUR VIRTUAL USERS

    In directory /var/www/vhosts (or whatever you made up yourself) create the directories john, paul and george. Put something inside them, so you recognize them when you're going to check them out later.

    Permissions: since virtual users are treated like anonymous guests you will have to write-enable their directories and content for 'others' in order to allow those users to upload and modify their files.
    TERMINAL:
    cd /var/www/vhosts
    chmod 777 john paul george


    Your virtual hosts should now be working.

    ISSUES
    Sometimes the database gets quirky and ftp does too. Simply delete vsftpd_users.db and upload vsftpd_users.txt again (see Step 5)

    Don't forget to open port 21 of your Firewall and router. And make sure SELinux allows ftp connections.

    Should you encounter any problems, make sure to check /var/log/secure first.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •