Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Michael Sullivan <michael@××××××××××××.com>
To: gentoo-user <gentoo-user@l.g.o>
Subject: [gentoo-user] OT - vsftpd won't let local users connect
Date: Tue, 06 Nov 2007 21:59:36
Message-Id: 1194385882.9281.14.camel@camille.espersunited.com
1 My vsftpd server won't let users with accounts connect. This used to
2 work, and the only thing I can think of after checking the docs is that
3 pam got upgraded. Here is my info:
4
5 baby pam.d # emerge --info
6 Portage 2.1.3.16 (hardened/x86/2.6, gcc-4.1.1, glibc-2.6.1-r0,
7 2.6.19-hardened-r6 i686)
8 =================================================================
9 System uname: 2.6.19-hardened-r6 i686 AMD Duron(tm) Processor
10 Timestamp of tree: Sun, 04 Nov 2007 12:00:01 +0000
11 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632)
12 [disabled]
13 app-shells/bash: 3.2_p17
14 dev-java/java-config: 1.3.7, 2.1.2-r1
15 dev-lang/python: 2.4.4-r6
16 dev-python/pycrypto: 2.0.1-r6
17 sys-apps/baselayout: 1.12.9-r2
18 sys-apps/sandbox: 1.2.18.1-r2
19 sys-devel/autoconf: 2.13, 2.61-r1
20 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2,
21 1.10
22 sys-devel/binutils: 2.18-r1
23 sys-devel/gcc-config: 1.3.16
24 sys-devel/libtool: 1.5.24
25 virtual/os-headers: 2.6.22-r2
26 ACCEPT_KEYWORDS="x86"
27 CBUILD="i686-pc-linux-gnu"
28 CFLAGS="-O2 -march=i686 -pipe"
29 CHOST="i686-pc-linux-gnu"
30 CONFIG_PROTECT="/etc /var/bind"
31 CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
32 CXXFLAGS="-O2 -march=i686 -pipe"
33 DISTDIR="/usr/portage/distfiles"
34 FEATURES="distlocks metadata-transfer sandbox sfperms strict
35 unmerge-orphans userfetch"
36 GENTOO_MIRRORS="http://distfiles.gentoo.org
37 http://distro.ibiblio.org/pub/linux/distributions/gentoo"
38 LINGUAS="en fr es"
39 MAKEOPTS="-j9"
40 PKGDIR="/usr/portage-packages/baby"
41 PORTAGE_RSYNC_EXTRA_OPTS="--human-readable"
42 PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times
43 --compress --force --whole-file --delete --delete-after --stats
44 --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages
45 --filter=H_**/files/digest-*"
46 PORTAGE_TMPDIR="/var/tmp"
47 PORTDIR="/usr/portage"
48 PORTDIR_OVERLAY="/usr/local/portage /usr/local/portage/bscharpf"
49 SYNC="rsync://rsync.gentoo.org/gentoo-portage"
50 USE="apache2 apm bash-completion berkdb bind-mysql cli cracklib crypt
51 cups dhcp doc encode examples exim foomaticdb fortran gdbm geoip gif gpm
52 gstreamer hal hardened imap imlib innodb ithreads java jpeg kerberos
53 libclamav libg++ libwww midi mikmod mmx mode-owner mpm-leader mysql
54 ncurses nls nptl nptlonly oav offensive pam pcre perl perlsuid pic png
55 ppds python readline ruby samba search session slp spell ssl syslog tcpd
56 tetex threads truetype unicode urandom usb virus-scan x86 xml xorg
57 zaptel zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x
58 ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801
59 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx
60 via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare
61 dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter
62 mulaw multi null plug rate route share shm softvol" ELIBC="glibc"
63 INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz
64 cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en fr
65 es" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev
66 glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon
67 rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident
68 tseng v4l vesa vga via vmware voodoo"
69 Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG,
70 LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS
71
72
73 baby pam.d # emerge -pv vsftpd
74
75 These are the packages that would be merged, in order:
76
77 Calculating dependencies... done!
78 [ebuild R ] net-ftp/vsftpd-2.0.5-r3 USE="pam ssl tcpd -caps
79 -logrotate (-selinux) -xinetd" 0 kB
80
81 Total: 1 package (1 reinstall), Size of downloads: 0 kB
82
83
84 baby pam.d # cat /etc/vsftpd/vsftpd.conf
85 #
86 # Example vsftpd config file
87 #
88 # See man 5 vsftpd.conf for more information.
89 #
90 # $Header: /var/cvsroot/gentoo-x86/net-ftp/vsftpd/files/vsftpd.conf,v
91 1.3 2004/07/18 03:56:09 dragonheart Exp $
92
93 # Allow anonymous FTP?
94 anonymous_enable=YES
95
96 # Uncomment this to allow local users to log in.
97 local_enable=YES
98
99 # Uncomment this to enable any form of FTP write command.
100 write_enable=YES
101
102 # Default umask for local users is 077. You may wish to change this to
103 022,
104 # if your users expect that (022 is used by most other ftpd's)
105 local_umask=022
106
107 # Uncomment this to allow the anonymous FTP user to upload files. This
108 only
109 # has an effect if the above global write enable is activated. Also, you
110 will
111 # obviously need to create a directory writable by the FTP user.
112 #anon_upload_enable=YES
113
114 # Uncomment this if you want the anonymous FTP user to be able to create
115 # new directories.
116 #anon_mkdir_write_enable=YES
117
118 # Activate directory messages - messages given to remote users when they
119 # go into a certain directory.
120 dirmessage_enable=YES
121
122 # Make sure PORT transfer connections originate from port 20 (ftp-data).
123 connect_from_port_20=YES
124
125 # If you want, you can arrange for uploaded anonymous files to be owned
126 by
127 # a different user. Note! Using "root" for uploaded files is not
128 # recommended!
129 #chown_uploads=YES
130 #chown_username=whoever
131
132 # Activate logging of uploads/downloads.
133 xferlog_enable=YES
134
135 # If you want, you can have your log file in standard ftpd xferlog
136 format
137 #xferlog_std_format=YES
138
139 # You may override where the log file goes if you like. The default is
140 shown
141 # below.
142 xferlog_file=/var/log/vsftpd/vsftpd.log
143
144 # You may change the default value for timing out an idle session.
145 idle_session_timeout=12000
146
147 # You may change the default value for timing out a data connection.
148 data_connection_timeout=24000
149
150 # It is recommended that you define on your system a unique user which
151 the
152 # ftp server can use as a totally isolated and unprivileged user.
153 nopriv_user=nobody
154
155 # Enable this and the server will recognise asynchronous ABOR requests.
156 Not
157 # recommended for security (the code is non-trivial). Not enabling it,
158 # however, may confuse older FTP clients.
159 #async_abor_enable=YES
160
161 # By default the server will pretend to allow ASCII mode but in fact
162 ignore
163 # the request. Turn on the below options to have the server actually do
164 ASCII
165 # mangling on files when in ASCII mode.
166 # Beware that turning on ascii_download_enable enables malicious remote
167 parties
168 # to consume your I/O resources, by issuing the command "SIZE /big/file"
169 in
170 # ASCII mode.
171 # These ASCII options are split into upload and download because you may
172 wish
173 # to enable ASCII uploads (to prevent uploaded scripts etc. from
174 breaking),
175 # without the DoS risk of SIZE and ASCII downloads. ASCII mangling
176 should be
177 # on the client anyway..
178 #ascii_upload_enable=YES
179 #ascii_download_enable=YES
180
181 # You may fully customise the login banner string:
182 ftpd_banner=Welcome to baby.espersunited.com FTP service.
183
184 # You may specify a file of disallowed anonymous e-mail addresses.
185 Apparently
186 # useful for combatting certain DoS attacks.
187 #deny_email_enable=YES
188 # (default follows)
189 #banned_email_file=/etc/vsftpd/vsftpd.banned_emails
190
191 # You may specify an explicit list of local users to chroot() to their
192 home
193 # directory. If chroot_local_user is YES, then this list becomes a list
194 of
195 # users to NOT chroot().
196 #chroot_list_enable=YES
197 # (default follows)
198 #chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
199
200 # You may activate the "-R" option to the builtin ls. This is disabled
201 by
202 # default to avoid remote users being able to cause excessive I/O on
203 large
204 # sites. However, some broken FTP clients such as "ncftp" and "mirror"
205 assume
206 # the presence of the "-R" option, so there is a strong case for
207 enabling it.
208 #ls_recurse_enable=YES
209
210 pasv_promiscuous=YES
211 listen=YES
212
213
214 baby pam.d # cat ftp
215 # Provided by ftpbase (dont remove this line!)
216 # Standard pam.d file for ftp service packages.
217 #
218 $Header: /var/cvsroot/gentoo-x86/net-ftp/ftpbase/files/ftp-pamd-include,v 1.1 2005/06/28 14:52:26 uberlord Exp $
219
220 auth required pam_listfile.so item=user sense=deny
221 file=/etc/ftpusers onerr=succeed
222 auth include system-auth
223
224 # If this is enabled, anonymous logins will fail because the 'ftp' user
225 does
226 # not have a "valid" shell, as listed in /etc/shells.
227 #
228 # If you enable this, it is recommended that you do *not* give the 'ftp'
229 # user a real shell. Instead, give the 'ftp' user /bin/false for a shell
230 and
231 # add /bin/false to /etc/shells.
232 # auth required pam_shells.so
233
234 account include system-auth
235
236 session include system-auth
237
238
239 Is all this correct? Is there something I'm missing? Please help!
240
241
242
243 --
244 gentoo-user@g.o mailing list
Report Message
Find on MARC Find on Google Groups