Fedora Linux Support Community & Resources Center
  #1  
Old 17th January 2012, 11:59 PM
david m Offline
Registered User
 
Join Date: Jan 2012
Location: Spain
Posts: 9
linuxfirefox
how to enable local user on localhost vsftpd?

Please help! Either I figure this out or I have to find another distro.

I installed a localhost web server for Wordpress development on Fedora. It needs ftp server and credentials.

But I get a 530 login incorrect if I try to login with my local user in terminal.

What is NOT the problem:
  • In vsftpd.conf, local_enable=YES.
  • The local user is not in any of the two blocked user lists (ftpusers and user_list).
  • Disabling SELinux makes no difference.

I've been banging my head with caging, chroot, pam, virtual users, for three solid evenings, and a) I haven't understood a word b) no code I have copypasted has solved anything.

Any ideas? How to enable your local user from scratch for dummies? Thanks.
Reply With Quote
  #2  
Old 18th January 2012, 01:41 AM
AlexDudko Offline
Registered User
 
Join Date: Mar 2007
Location: Ukraine
Posts: 381
linuxsusefirefox
Re: how to enable local user on localhost vsftpd?

Have you opened ports 21(20) in firewall?
Reply With Quote
  #3  
Old 18th January 2012, 08:17 PM
david m Offline
Registered User
 
Join Date: Jan 2012
Location: Spain
Posts: 9
linuxfirefox
Re: how to enable local user on localhost vsftpd?

Quote:
Originally Posted by AlexDudko View Post
Have you opened ports 21(20) in firewall?
No. Does the firewall prevent localhost connections?
Reply With Quote
  #4  
Old 18th January 2012, 08:58 PM
jpollard Online
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,878
linuxfedorafirefox
Re: how to enable local user on localhost vsftpd?

It depends on how you access vsftfpd...

If you use "localhost" or "127.0.0.1", then no it does not.

If you use your hostname, and that host name is associated with your external IP number... Then yes.
Reply With Quote
  #5  
Old 18th January 2012, 09:18 PM
david m Offline
Registered User
 
Join Date: Jan 2012
Location: Spain
Posts: 9
linuxfirefox
Re: how to enable local user on localhost vsftpd?

The command I use is ftp localhost.
Reply With Quote
  #6  
Old 19th January 2012, 01:47 AM
jpollard Online
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,878
linuxfedorafirefox
Re: how to enable local user on localhost vsftpd?

How about posting the actual error and the sftpd configuration file.

Was there a log of the error?
Reply With Quote
  #7  
Old 19th January 2012, 03:10 PM
david m Offline
Registered User
 
Join Date: Jan 2012
Location: Spain
Posts: 9
linuxfirefox
Re: how to enable local user on localhost vsftpd?

Quote:
Originally Posted by jpollard View Post
How about posting the actual error and the sftpd configuration file.

Was there a log of the error?
Sorry, I'm totally new to FTP setup (and to Fedora by the way...).

This is the terminal output (regardless of SELinux being permissive or enforcing):

Code:
[david@totoro ~]$ ftp localhost
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.3.4)
Name (localhost:david): david
331 Please specify the password.
Password: ********
530 Login incorrect.
Login failed.
ftp>
/etc/vsftpd/vsftpd.conf:

Code:
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_acc$
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
# 
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
/etc/pam.d/vsftpd:

Code:
#%PAM-1.0
session    optional     pam_keyinit.so    force revoke
auth	   required     pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers o$
auth	   required     pam_shells.so
auth	   include	password-auth
account    include	password-auth
session    required     pam_loginuid.so
session    include	password-auth
Thank you.
Reply With Quote
  #8  
Old 19th January 2012, 03:42 PM
RupertPupkin Offline
Registered User
 
Join Date: Nov 2006
Location: Detroit
Posts: 5,713
linuxfedorafirefox
Re: how to enable local user on localhost vsftpd?

What are the contents of your /etc/hosts.allow and /etc/hosts.deny files, if any? Since you've enabled tcp wrappers those files will have an effect.
__________________
OS: Fedora 20 x86_64 | Machine: HP Pavilion a6130n | CPU: AMD 64 X2 Dual-Core 5000+ 2.6GHz | RAM: 5GB PC5300 DDR2 | Disk: 400GB SATA | Video: ATI Radeon HD 4350 512MB | Sound: Realtek ALC888S | Ethernet: Realtek RTL8201N
Reply With Quote
  #9  
Old 19th January 2012, 06:13 PM
david m Offline
Registered User
 
Join Date: Jan 2012
Location: Spain
Posts: 9
linuxfirefox
Re: how to enable local user on localhost vsftpd?

Quote:
Originally Posted by RupertPupkin View Post
What are the contents of your /etc/hosts.allow and /etc/hosts.deny files, if any? Since you've enabled tcp wrappers those files will have an effect.
Both files are empty.

Maybe I should add that I just installed Fedora from scratch, installed vsftpd, changed permissions and SELinux configuration for the wordpress folder, and did nothing else. Everything is default.

Oh, and something else, actually I don't care about enabling my local user to ftp on localhost, any user would do, a new ftp user, a virtual user, whatever. But I couldn't understand how to do that neither (my user setup skills are limited to the Gnome 3 dialog...).
Reply With Quote
  #10  
Old 29th January 2012, 01:24 PM
david m Offline
Registered User
 
Join Date: Jan 2012
Location: Spain
Posts: 9
linuxfirefox
Re: how to enable local user on localhost vsftpd?

I have done small progresses but at the cost of a lot of my mental health.

Is there any way to completely disable SELinux for vsftpd? I think that would solve all my problems.

I have read http://docs.fedoraproject.org/en-US/...-securitylevel but that only tells people to read half a dozen manuals in a difficult to understand technical language.

By the way, is there any way to get a GUI for configuring SELinux? system-config-selinux has vanished with Gnome3, I guess.
Reply With Quote
  #11  
Old 29th January 2012, 02:04 PM
jpollard Online
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,878
linuxfedorafirefox
Re: how to enable local user on localhost vsftpd?

SELinux has nothing to do with vsftpd disabling logins.

I suspect that you have a conflicting configuration where local users and remote users are disabled.

I suspect, though I don't use vsftpd, that turning on userlist_enable, AND setting pam "sense=deny file=/etc/vsftpd/ftpusers" causes the failures. My reasoning is that enabling uslist_enable tells vsftpd to use the users in the file... and the "sense=deny" causes PAM to disallow these users. Using one or the other (but not both) may work.

Last edited by jpollard; 29th January 2012 at 02:05 PM. Reason: typo...
Reply With Quote
  #12  
Old 29th January 2012, 03:25 PM
david m Offline
Registered User
 
Join Date: Jan 2012
Location: Spain
Posts: 9
linuxfirefox
Re: how to enable local user on localhost vsftpd?

Please, if I disable SELinux, it works. I need to disable SELinux for ftp (or maybe for httpd, actually I'm not sure where the problem is).

I'll explain more properly. At the moment, after reinstalling Fedora and performing the same steps of the previous time, ftp with local user works (yeah, same steps, different outcome). That means that if I do an ftp localhost and write my username, it works.

But the reason of all this is having a working Wordpress site on localhost. If I enter my username in the Wordpress dialog that asks for ftp credentials, it still doesn't work (the error message is different, by the way). I disable SELinux, it works.

I have no idea where the error is (which user is actually being denied what) and after two weeks without a proper computer, reading tutorials I couldn't even grasp (and thus learning nothing of use), I don't want to try to understand it anymore. It worked by default in other Linuxes I've used. I really prefer Fedora, but this is way too much for me.

Last edited by david m; 29th January 2012 at 03:58 PM.
Reply With Quote
  #13  
Old 29th January 2012, 05:27 PM
jpollard Online
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,878
linuxfedorafirefox
Re: how to enable local user on localhost vsftpd?

That doesn't sound like a vsftpd issue - it sounds more like a wordpress issue. Different place to look.

Not sure this would help (I don't use wordpress): http://www.jamison.org/2010/12/04/ho...ftp-in-ubuntu/

Note also that if this is being used to update user files, they must be labeled properly... and it is possible that the destination directory isn't correct (either what is treated as the home directory, or the directory that vsftpd is attempting to write into. don't know which is actually reporting the error, either wordpress or vsftpd..)

There should be some system logs reporting the problem. But again, SELinux isn't the problem unless you have not got the configuration quite right. Fedora uses a targeted model, and that puts services into separate security jails to prevent inadvertent system penetrations.
Reply With Quote
  #14  
Old 29th January 2012, 05:37 PM
david m Offline
Registered User
 
Join Date: Jan 2012
Location: Spain
Posts: 9
linuxfirefox
Re: how to enable local user on localhost vsftpd?

Thanks, but I have already looked into that.

I don't know where the issue is, but setenforce permissive lets me go on with my life. Can I do a setenforce permissive just for vsftpd?

(Already tried setsebool -P ftpd_disable_trans 1. Didn't work.)
Reply With Quote
  #15  
Old 29th January 2012, 11:13 PM
jpollard Online
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,878
linuxfedorafirefox
Re: how to enable local user on localhost vsftpd?

No.

It is either on or off (and permissive is the same as off).
Reply With Quote
Reply

Tags
authentication problem, can't log in, enable, fedora, ftp, local, localhost, user, vsftpd

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I set up a local domain to (www.localhost.loc) to redirect to a file in my OS TheCodah Servers & Networking 2 15th March 2011 11:00 PM
vsftpd +local users chowell Servers & Networking 2 17th March 2007 03:08 AM
enable authentication for vsftpd cuongvt Servers & Networking 21 29th September 2006 10:30 AM
vsftpd local user permissions BrandonV Using Fedora 3 22nd August 2005 07:04 PM
vsftpd local user login denied upsco2002 Using Fedora 5 1st July 2005 06:08 AM


Current GMT-time: 01:48 (Tuesday, 25-11-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Narra Photos - Vizianagaram Travel Photos on Instagram - Tagum Instagram Photos