anonymous login allowed on vsftpd, local login not allowed

Fibonacci · #1 19th September 2006, 04:02 AM

Hello,

I installed vsftpd via yum, and followed this instructions to get a working FTP server on my machine, except for one: anonymous_enable=YES, because I want read-only access for anonymous users.
Well, the thing is, I can log in as an anonymous user (login: anonymous, passwd: anything), but when trying to log as a local user, I always get "530 Login incorrect." I'm positive I'm typing the password right - tested it with SSH.

Is there any way of allowing read-only access for anonymous users, and r-w access for local users? What am I doing wrong?

Thanks in advance,

-Fibo

powereds · #2 19th September 2006, 05:24 AM

try to put 'local_enable=YES'
or uncomment it.

Fibonacci · #3 19th September 2006, 05:43 AM

Quote:

Originally Posted by powereds

try to put 'local_enable=YES'
or uncomment it.

local_enable=YES is already uncommented (see the attached vsftpd.conf file).
And the problem hasn't yet been solved.

powereds · #4 19th September 2006, 06:36 AM

ok. please enable/uncomment 'xferlog_file=/var/log/vsftpd.log'
so we will be able to troubleshoot and further examine your vsftpd server
with the help of vsftpd log.

powereds · #5 19th September 2006, 06:51 AM

i cant find where the logfile of vsftpd daemon is located.
it is very important because it can help us troubleshoot
your vsftpd server.

try to examine /var/log/vsftpd.log file if you can see the
status of your vsftpd daemon.

Fibonacci · #6 19th September 2006, 06:54 AM

Quote:

Originally Posted by powereds

i cant find where the logfile of vsftpd daemon is located.
it is very important because it can help us troubleshoot
your vsftpd server.

Apparently /var/log/vsftpd.log logs transfers only.
Of course, since I can't even log in, there are no transfers at all.

Fibonacci · #7 19th September 2006, 07:15 AM

Quote:

Originally Posted by powereds

try to examine /var/log/vsftpd.log file if you can see the
status of your vsftpd daemon.

Tried it. The file is empty, and does not change during anonymous login OR during failed login attempt.
But it does change when transferring files, and this is what it displays:

Code:

Tue Sep 19 06:22:24 2006 1 200.106.209.30 8 /file.txt b _ o a ? ftp 0 * c
Tue Sep 19 06:22:53 2006 1 200.106.209.30 0 /pub b _ o a mozilla@example.com ftp 0 * i
Tue Sep 19 06:22:58 2006 1 200.106.209.30 8 /pub/file.txt b _ o a mozilla@example.com ftp 0 * c
Tue Sep 19 06:23:51 2006 1 200.106.209.30 0 / b _ o a mozilla@example.com ftp 0 * i
Tue Sep 19 06:23:54 2006 1 200.106.209.30 8 /file.txt b _ o a mozilla@example.com ftp 0 * c

Actions taken to generate such log:
1- logged as anonymous user from the CLI FTP utility and downloaded the file /file.txt.
2- Opened my ftp server on Mozilla Firefox, and in doing so, automatically listed the contents of the directory /pub.
3- Downloaded file /pub/file.txt (which is a symlink to /file.txt).
4- Still in Firefox, opened FTP root.
5- Downloaded /file.txt once again.

powereds · #8 19th September 2006, 07:41 AM

yes. it doesnt indicate about the vsftpd daemon.
right now im digging on my system and googling trying to find the log of the vsftpd daemon

powereds · #9 19th September 2006, 07:52 AM

have you reinstalled your vsftpd? via yum?

Fibonacci · #10 19th September 2006, 01:13 PM

Quote:

Originally Posted by powereds

have you reinstalled your vsftpd? via yum?

Just reinstalled it via YUM. Same problem.

Black_Templar · #11 19th September 2006, 07:45 PM

Does the userid that is trying to login listed in either the /etc/vsftpd.ftpusers or /etc/vsftpd.user_list?

If so, then that id will *NOT* be allowed to login.

Fibonacci · #12 19th September 2006, 11:31 PM

Quote:

Originally Posted by Black_Templar

Does the userid that is trying to login listed in either the /etc/vsftpd.ftpusers or /etc/vsftpd.user_list?

The file /etc/vsftpd.user_list contains ONLY my username. Shouldn't it allow me to log in, then?

EDIT: Tried putting my uid (as displayed by the id program) instead of my username, restarted vsftpd, and still the same thing: anonymous login OK, local login fails.

Black_Templar · #13 20th September 2006, 04:00 PM

Quote:

Originally Posted by Fibonacci

The file /etc/vsftpd.user_list contains ONLY my username. Shouldn't it allow me to log in, then?

No - its counter-intuitive. The header for the user_list file says:

Quote:

If userlist_deny=YES (default), never allow users in this file, and do not even prompt for a password.

In your vsftpd.conf file, if you have userlist_enable=YES and have your userid in the vsftpd.user_list file - that user will not be able to log in. Remove it from the file and try the ftp again.

Fibonacci · #14 20th September 2006, 06:09 PM

I'm not at home right now, so I cannot change it, but one thing I remember: it DOES prompt for a password when I try to use the username in vsftpd.user_list.

moonpup · #15 20th September 2006, 06:17 PM

Can you post your complete vsftpd.conf file as well as the /etc/vsftpd.ftpusers or /etc/vsftpd.user_list ?