Fedora Linux Support Community & Resources Center
  #1  
Old 6th August 2010, 06:36 PM
3nforcer Offline
Registered User
 
Join Date: Mar 2010
Posts: 16
linuxfedorafirefox
vsftpd

Hello there,

i having problems to get vsftp successfully running on my system. It tells me everytime i login, that the login is incorrect, so to make it short and really understandable i will paste the code here, so you can see what i try.

After all it seems that the user exists with all of his dependencies. The password seems to be right and the system dosn't protect anything, so it should be a problem of vsftpd itself, but i can't get what it is. I hope someone can help me.

Thank you for that!


/etc/vsftpd/vsftpd.conf
Code:
anonymous_enable=NO

userlist_deny=NO
userlist_enable=YES
userlist_file=/etc/vsftpd/vsftpd.user_list

chroot_local_user=YES
chroot_list_enable=NO
chmod_enable=NO
guest_enable=NO

hide_ids=YES
download_enable=YES
write_enable=NO

listen=YES
local_enable=YES
pasv_enable=YES
port_enable=YES

ftp_data_port=1131  #ssh port
listen_port=1132
local_max_rate=10240
max_clients=3
max_per_ip=1
pasv_address=**.**.***.***
pasv_min_port=1133
pasv_max_port=1133

pam_service_name=ftp
cmds_allowed=PASV,RETR,QUIT,USER,PASS,PORT,PWD,CWD,TYPE,LIST,STOR,DELE,MKD,SITE,CHMOD,RM
cmds_denied=
/etc/vsftpd/vsftpd-user_list
Quote:
x-ray
http
ftp
apache
skiba
test
Code:
[root@LXServer X-Ray]# service vsftpd restart
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]
[root@LXServer X-Ray]# ftp localhost 1132
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:X-Ray): test
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp> quit
221 Goodbye.
[root@LXServer X-Ray]# ftp localhost 1132
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:X-Ray): test
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp> quit
221 Goodbye.
[root@LXServer X-Ray]# su test
[test@LXServer X-Ray]$ passwd
Changing password for user test.
Changing password for test.
(current) UNIX password: 
New password:
password seems to be right here

Code:
[test@LXServer X-Ray]$ ps -ef | grep vsftpd
root     10488 10436  0 16:52 pts/1    00:00:00 vi /etc/vsftpd/vsftpd.user_list
root     10523 10436  0 17:11 pts/1    00:00:00 vi /etc/vsftpd/vsftpd.conf
root     12206     1  0 18:55 ?        00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
test     12237 12216  0 18:58 pts/0    00:00:00 grep vsftpd
/etc/passwd
Code:
...
vsftpd:x:491:50::/var/run/vsftpd/:/bin/bash
http:x:1133:50::/srv/www/:/sbin/nologin
ftp:x:1135:50::/srv/ftp/:/sbin/nologin
skiba:x:1137:50::/srv/ftp/skiba:/sbin/nologin
x-ray:x:1138:50::/srv/ftp/x-ray:/sbin/nologin
test:x:1139:50::/srv/ftp/test:/bin/bash
Code:
...
root:x:0:root
...
ftp:x:50:skiba,x-ray,test
...
sshd:x:490:
...
X-Ray:x:500:
apache:x:486:
mysql:x:27:
vsftpd:x:483:
http:x:1133:
skiba:x:1137:
x-ray:x:1138:
Code:
[root@LXServer X-Ray]# ls -l /srv/ftp/
total 16
-rwxrwx---. 1 X-Ray ftp    1 Jun 19 19:42 readme.txt
drwxrwx---. 4 skiba ftp 4096 Aug  6 18:40 skiba
drwxrwx---. 4 test  ftp 4096 Aug  6 19:15 test
drwxrwx---. 4 x-ray ftp 4096 Aug  6 17:59 x-ray
[root@LXServer X-Ray]# ls -l /srv/ftp/test
total 0
lrwxrwxrwx. 1 root root 14 Aug  6 19:15 BackupServer -> /BackupServer/
lrwxrwxrwx. 1 root root 11 Aug  6 19:14 FileServer -> /FileServer
[root@LXServer X-Ray]# ls -l /
total 126
drwxrwxr-x.  32 X-Ray ftp     4096 Jul 31 10:01 BackupServer
dr-xr-xr-x.   2 root  root    4096 Aug  1 03:13 bin
dr-xr-xr-x.   5 root  root    1024 Aug  6 16:43 boot
drwxr-xr-x.   2 root  root    4096 Jun 24 12:45 cgroup
drwxr-xr-x.  21 root  root    3900 Aug  6 16:34 dev
drwxr-xr-x. 119 root  root   12288 Aug  6 19:10 etc
drwxrwxr-x.  91 X-Ray ftp    20480 Aug  2 11:52 FileServer
drwxr-xr-x.   3 root  root    4096 Jun 16 15:53 home
dr-xr-xr-x.  13 root  root    4096 Jul 31 10:07 lib
dr-xr-xr-x.   9 root  root   12288 Aug  1 03:13 lib64
drwx------.   2 root  root   16384 May 19 01:30 lost+found
drwxr-xr-x.   5 root  users   4096 Aug  6 16:35 media
drwxr-xr-x.   3 root  root    4096 Jun 16 15:51 mnt
drwxr-xr-x.   2 root  root    4096 Oct  1  2009 opt
dr-xr-xr-x. 181 root  root       0 Aug  6 18:34 proc
dr-xr-x---.  12 root  root    4096 Aug  6 18:54 root
dr-xr-xr-x.   2 root  root   12288 Aug  1 03:13 sbin
drwxr-xr-x.   7 root  root       0 Aug  6 18:34 selinux
drwxrwxr-x.   5 X-Ray apache  4096 Jun 24 19:27 srv
...

lets take a look at selinux:
Code:
[root@LXServer X-Ray]# getsebool -a
abrt_anon_write --> off
allow_console_login --> off
allow_corosync_rw_tmpfs --> off
allow_cvs_read_shadow --> off
allow_daemons_dump_core --> on
allow_daemons_use_tty --> off
allow_domain_fd_use --> on
allow_execheap --> off
allow_execmem --> on
allow_execmod --> off
allow_execstack --> on
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> on
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
allow_gssd_read_tmp --> off
allow_guest_exec_content --> off
allow_httpd_anon_write --> off
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
allow_java_execstack --> off
allow_kerberos --> on
allow_mount_anyfile --> on
allow_mplayer_execstack --> off
allow_nfsd_anon_write --> off
allow_nsplugin_execmem --> on
allow_polyinstantiation --> off
allow_postfix_local_write_mail_spool --> off
allow_ptrace --> off
allow_rsync_anon_write --> off
allow_saslauthd_read_shadow --> off
allow_smbd_anon_write --> off
allow_ssh_keysign --> off
allow_staff_exec_content --> on
allow_sysadm_exec_content --> on
allow_unconfined_nsplugin_transition --> off
allow_unconfined_qemu_transition --> off
allow_user_exec_content --> on
allow_user_mysql_connect --> off
allow_user_postgresql_connect --> off
allow_write_xshm --> off
allow_xguest_exec_content --> off
allow_xserver_execmem --> off
allow_ypbind --> off
allow_zebra_write_config --> off
cdrecord_read_content --> off
clamd_use_jit --> off
cobbler_anon_write --> off
cron_can_relabel --> off
dhcpc_exec_iptables --> off
domain_kernel_load_modules --> off
exim_can_connect_db --> off
exim_manage_user_files --> off
exim_read_user_files --> off
fcron_crond --> off
fenced_can_network_connect --> off
ftp_home_dir --> on
ftpd_connect_db --> off
git_session_bind_all_unreserved_ports --> off
git_system_enable_homedirs --> off
git_system_use_cifs --> off
git_system_use_nfs --> off
global_ssp --> off
gpg_agent_env_file --> off
gpg_web_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> on
httpd_enable_cgi --> on
httpd_enable_ftp_server --> on
httpd_enable_homedirs --> off #but i think that means "myserver.de/~myuser"
httpd_execmem --> on
httpd_read_user_content --> off
httpd_setrlimit --> off
httpd_ssi_exec --> on
httpd_tmp_exec --> on
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
init_upstart --> on
irssi_use_full_network --> off
mmap_low_allowed --> off
mozilla_read_content --> off
mysql_connect_any --> off
nagios_plugin_dontaudit_bind_port --> off
named_write_master_zones --> off
nfs_export_all_ro --> on
nfs_export_all_rw --> on
nscd_use_shm --> on
nsplugin_can_network --> on
openvpn_enable_homedirs --> on
piranha_lvs_can_network_connect --> off
pppd_can_insmod --> off
pppd_for_user --> off
privoxy_connect_any --> on
puppet_manage_all_files --> off
qemu_full_network --> on
qemu_use_cifs --> on
qemu_use_comm --> off
qemu_use_nfs --> on
qemu_use_usb --> on
racoon_read_shadow --> off
rgmanager_can_network_connect --> off
rsync_client --> off
rsync_export_all_ro --> off
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
secure_mode --> off
secure_mode_insmod --> off
secure_mode_policyload --> off
sepgsql_enable_users_ddl --> on
sepgsql_unconfined_dbadm --> on
sftpd_anon_write --> off
sftpd_enable_homedirs --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off
smartmon_3ware --> off
spamassassin_can_network --> off
spamd_enable_home_dirs --> off
squid_connect_any --> off
squid_use_tproxy --> off
ssh_sysadm_login --> off
telepathy_tcp_connect_generic_network_ports --> off
tftp_anon_write --> off
tor_bind_all_unreserved_ports --> off
unconfined_login --> on
use_lpd_server --> off
use_nfs_home_dirs --> off
use_samba_home_dirs --> off
user_direct_dri --> off
user_direct_mouse --> off
user_ping --> off
user_rw_noexattrfile --> on
user_setrlimit --> on
user_tcp_server --> off
user_ttyfile_stat --> off
varnishd_connect_any --> off
virt_use_comm --> off
virt_use_fusefs --> off
virt_use_nfs --> off
virt_use_samba --> off
virt_use_sysfs --> on
virt_use_usb --> on
webadm_manage_user_files --> off
webadm_read_user_files --> off
wine_mmap_zero_ignore --> off
xdm_sysadm_login --> off
xen_use_nfs --> off
xguest_connect_network --> on
xguest_mount_media --> on
xguest_use_bluetooth --> on
xserver_object_manager --> off
let us try it without selinux:
Code:
[test@LXServer X-Ray]$ su -c "setenforce 0"
Password: 
[test@LXServer X-Ray]$ cat /selinux/enforce
0[test@LXServer X-Ray]$ ftp localhost 1132
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:X-Ray): test
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp> quit
221 Goodbye.
__________________
Quote:
Ah! My Goddess:
Das was du tun willst und das was du in der Lage bist zu tun, du kennst die Antwort dafür am Besten.
[SIGPIC][/SIGPIC]

Last edited by 3nforcer; 6th August 2010 at 07:15 PM.
Reply With Quote
  #2  
Old 6th August 2010, 07:05 PM
marvin_ita Offline
Registered User
 
Join Date: Jun 2007
Location: Como - Italy
Posts: 258
linuxfedorafirefox
Re: vsftpd

mmm I use vsftpd-2.2.2-7.fc13.x86_64 and for me is running fine.

This is my vsftpd.conf if you want to try with that:
Code:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
userlist_file=/etc/vsftpd/user_list
pasv_max_port=1024
I also have SElinux disabled and my ftp user is set to /sbin/nologin instead of /bin/bash:
Code:
utenteftp:x:501:501::/home/utenteftp:/sbin/nologin
With this configuration in user_list file are specified users that cannot login with FTP. So the user "utenteftp" is NOT in the user_list file.

Code:
[root@Algol marvin]# service vsftpd start
Avvio di vsftpd per vsftpd:                                [  OK  ]
[root@Algol marvin]# ftp localhost
Trying ::1...
ftp: connect to address ::1Connessione rifiutata
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:marvin): utenteftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221 Goodbye.
Reply With Quote
  #3  
Old 6th August 2010, 07:30 PM
3nforcer Offline
Registered User
 
Join Date: Mar 2010
Posts: 16
linuxfedorafirefox
Re: vsftpd

Code:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
port_enable=YES
listen_port=1132
pasv_enable=YES
pasv_address=95.**.***.***
ftp_data_port=1131
hide_ids=YES
download_enable=YES
write_enable=NO
local_max_rate=10240
max_clients=3
max_per_ip=1
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
userlist_file=/etc/vsftpd/user_list
pasv_min_port=1133
pasv_max_port=1133
chmod_enable=NO

cmds_allowed=PASV,RETR,QUIT,USER,PASS,PORT,PWD,CWD,TYPE,LIST,STOR,DELE,MKD,SITE,CHMOD,RM
cmds_denied=
Thank you, so it works now on the port in passive mode over nat . But i couldn't use your config,i used it to insert necessary values and it works now, it has to be one of the dropped values. or sth strange.
__________________
Quote:
Ah! My Goddess:
Das was du tun willst und das was du in der Lage bist zu tun, du kennst die Antwort dafür am Besten.
[SIGPIC][/SIGPIC]
Reply With Quote
Reply

Tags
vsftpd

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help vsftpd not there Twinsen Servers & Networking 2 22nd October 2005 08:13 PM
vsftpd FC3 yuzz Using Fedora 3 29th July 2005 01:43 AM
how to set /etc/vsftpd/vsftpd.conf talkstock888 Servers & Networking 4 15th March 2005 10:04 PM
vsftpd - no one can log in crisponions Servers & Networking 3 22nd December 2004 10:10 PM


Current GMT-time: 15:50 (Friday, 18-04-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat