Help starting ProFTPD

[macunkie]

As a "Linux Newbie" I'm trying to understand errors.
I gave up on the Fedora 17 default sftp and am now trying to get ProFtpd Started.
When I issued "service start proftpd" I get the following output:

Quote:

service proftpd start
Redirecting to /bin/systemctl start proftpd.service
Job failed. See system journal and 'systemctl status' for details.

So for starters,
Where do I access the "system journal" ?
The systemctl status reads:

Quote:

proftpd.service loaded failed failed ProFTPD FTP Server

Doesn't give me much help in trouble shooting and trying to figure out what or where to start to fix the problem.

Thanks for any help,

Samuel.

I moved on to attempting to use and configure vsfpd and command : service vsftpd start
Starting vsftpd (via systemctl): Job failed. See system journal and 'systemctl status' for details.

[RupertPupkin]

You need to stop using the "service start" commands. Fedora uses systemd now, and the general command to enable|disable|start|stop services is:

Code:

systemctl enable|disable|start|stop something.service

So, for example, to start the vsftpd service you'd do:

Code:

systemctl start vsftpd.service

If that fails to start vsftpd, then there could be some firewall issue causing the problem, so you'd have to check your iptables setup (or just disable iptables). Also, look in the /etc/vsftpd/vsftpd.conf for some option you may need to change. I have vsftpd running on my F17 machine with no problem.

[macunkie]

Quote:

Originally Posted by RupertPupkin

You need to stop using the "service start" commands. Fedora uses systemd now, and the general command to enable|disable|start|stop services is:

Code:

systemctl enable|disable|start|stop something.service

So, for example, to start the vsftpd service you'd do:

Code:

systemctl start vsftpd.service

If that fails to start vsftpd, then there could be some firewall issue causing the problem, so you'd have to check your iptables setup (or just disable iptables). Also, look in the /etc/vsftpd/vsftpd.conf for some option you may need to change. I have vsftpd running on my F17 machine with no problem.

Thanks goodness I've found someone who has vsftpd working on F17. I'm a Linux newbie but I'm determined to get vsftpd up and running. I'm including my vsftpd.conf file , my iptables, and selinuxOutput in hopes of your being able to look at them and compare to your setup and see where I can make inprovement and try to solve why "systemctl start vsftpd.service" fails on my system.

Thank you very much for any help !!

Samuel.

[RupertPupkin]

Your iptabes and selinux setups look OK. But in your /etc/vsftpd/vsftpd.conf file I noticed you have these lines:

Code:

#listen=YES
listen_ipv6=YES

Are you using IPv6 instead of IPv4 on your machine? If not then that could be why the service won't start. To fix that, just uncomment one and comment out the other, like this:

Code:

listen=YES
#listen_ipv6=YES

That's what I have in my vsftpd.conf, since I don't use IPv6. You should also try enabling the service before starting it:

Code:

systemctl enable vsftpd.service

Also, check the contents (if any) of /etc/hosts.allow, if that file exists. I have this in mine:

Code:

ALL: 192.168.1.

That allows any machine on my LAN with an IP address in the 192.168.1.1-254 range to connect.

[jpollard]

It is also possible that you are using NetworkManager to control the networks... and it f*s up a lot.

Try "systemctl enable NetworkManager-wait-online.service" to cause network manager to delay systemd until the network is actually initialized.

[macunkie]

Quote:

Originally Posted by RupertPupkin

Your iptabes and selinux setups look OK. But in your /etc/vsftpd/vsftpd.conf file I noticed you have these lines:

Code:

#listen=YES
listen_ipv6=YES

Are you using IPv6 instead of IPv4 on your machine? If not then that could be why the service won't start. To fix that, just uncomment one and comment out the other, like this:

Code:

listen=YES
#listen_ipv6=YES

That's what I have in my vsftpd.conf, since I don't use IPv6. You should also try enabling the service before starting it:

Code:

systemctl enable vsftpd.service

Also, check the contents (if any) of /etc/hosts.allow, if that file exists. I have this in mine:

Code:

ALL: 192.168.1.

That allows any machine on my LAN with an IP address in the 192.168.1.1-254 range to connect.

I used your reccomentdations and now system now works !! Vsftpd is now running in my process.

All I have to do is figure out how to add my wordpress root directory:
/usr/share/wordpress or /usr/share/wordpress/wp-content as an accessable directory for vsftpd.

When I login to update wordpress it tells me it is "uable to locate root directory".

In my oringinal setup of vsftpd I used:

CREATE PROFTPD ONLY GROUP
groupadd vsftpd
cd /home
mkdir myftp

useradd -g vsftpd -s /sbin/nologin myftp

chmod 755 myftp

GIVE THE USER A PASSWORD
passwd myftp

So how do I add the wordpress directory to access via vsfpd ?

Thanks again for all your help !

---------- Post added at 08:50 PM ---------- Previous post was at 08:48 PM ----------

Quote:

Originally Posted by jpollard

It is also possible that you are using NetworkManager to control the networks... and it f*s up a lot.

Try "systemctl enable NetworkManager-wait-online.service" to cause network manager to delay systemd until the network is actually initialized.

Thank you,

With your help and the above post I'm almost there !

Samuel.

[RupertPupkin]

Look through the /etc/vsftpd/vsftpd.conf file for your current settings. The vsftpd.conf man page explains how to set up the various access methods, like anonymous ftp, and access for local users. You'll probably want to have "local_enable=YES" to allow local users (like your myftp) to log in. And you could set the anon_root variable to /usr/share/wordpress to make that the default anonymous ftp directory. After making changes to that file you should restart the vsftpd service (systemctl restart vsftpd.service).

[droggg]

Quote:

Originally Posted by RupertPupkin

You need to stop using the "service start" commands..

thanks a lot from nuby by all head =))

[macunkie]

Quote:

Originally Posted by RupertPupkin

Look through the /etc/vsftpd/vsftpd.conf file for your current settings. The vsftpd.conf man page explains how to set up the various access methods, like anonymous ftp, and access for local users. You'll probably want to have "local_enable=YES" to allow local users (like your myftp) to log in. And you could set the anon_root variable to /usr/share/wordpress to make that the default anonymous ftp directory. After making changes to that file you should restart the vsftpd service (systemctl restart vsftpd.service).

Well I'm getting closer.
I ended up creating a new user wordpress with new password.

Quote:

useradd -g vsftpd -s /sbin/nologin wordpress

In my vsftpd.conf I added:

Quote:

local_root=/usr/share/wordpress
anon_root=/usr/share/wordpress

Now I tested my connection with fileZilla and it works fine.
But when I tested with Wordpress it was having error of being able to create directories that enable the upgrades. The directories acually exist so I was guessing wordpress was having issueds writing to the directories. I took a look at the manpages and looked at the vsftpd.conf and modified my conf to include:

Quote:

chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list

I created a chroot_list and added just one entry "wordpress".

When I try to login into wordpress and attempt to upadate I still get errors. So I looked at owner and user assignments to the directories mentioned in wordpress and infact they have been altered to owner apache and user ftp where every other directory within wordpress are root root.

So step one I need to disable the

Quote:

chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list

Then change the owner and user for the relative directories.
What are the linux term commands to change directories back to root root owner and user ?

Thanks samuel.

[RupertPupkin]

Code:

chown -Rh root:root /name/of/directory

[macunkie]

Quote:

Originally Posted by RupertPupkin

Code:

chown -Rh root:root /name/of/directory

So after successfully connecting with filezilla, wordpress still won't connect. I've fond this error:

Quote:

SELinux is preventing /usr/sbin/vsftpd from getattr access on the file /usr/share/wordpress/wp-app.php.

What is SELinux ? And how do I disable it ?

[jpollard]

SELinux is a security model that compartmentalizes services, users, applications... and prevents a security vulnerability in one area from affecting other areas. Disable it at the cost of increased vulnerability...

Mixing web services (no user identity other than that supported by the web server) and ftp (UNIX level identity) doesn't work very well.

You will find things work safer when you use the controls. Otherwise what happens is that created web pages make assumptions about their environment... that don't apply, and cause additional security problems.

man "setenforce"

[RupertPupkin]

Quote:

Originally Posted by macunkie

And how do I disable it ?

Edit the /etc/sysconfig/selinux file so that it has this line:

Code:

SELINUX=disabled

Reboot for it to take effect, or run "setenforce 0" if you have the libselinux-utils package installed.