Strange vsftpd configuration

• Previous message: greg: "question"
• Next in thread: Reynolds McClatchey: "Re: Strange vsftpd configuration"
• Reply: Reynolds McClatchey: "Re: Strange vsftpd configuration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 18 Jul 2005 10:07:35 -0700

I recently upgraded to Fedora Core 4, and I can't get vsftpd to work
right. I'm attempting to login to a local user account, and download a
symlink'd file from a nfs-mounted directory.

I login successfully and I see the symlink when I do an "ls", but when
I try to get the file, it tells me "550 Failed to open file." This
worked before I upgraded. I have been playing with the vsftpd.conf and
other configurations for hours now, and have not made any progress
whatsoever.

To make sure I wasn't chroot'd when I logged in, I did a "cd /" from
the ftp client and an "ls". I can see some directories, but not
others. I can't see any directories that exist on other devices (can't
see /home, /boot, or /opt). I also can't see /bin, /mnt, and several
other directories that seem to have been hand-picked out randomly. In
/dev, the subdirectories show up, but the devices themselves don't
(?#@#$@?). If I login or ssh as the user that I'm trying to ftp with,
I can see everything just fine.

### Here is my vsftpd.conf:
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_list_enable=NO
chroot_local_user=NO
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrapper=YES
tilde_user_enable=YES

### Here is my /etc/pam.d/vsftpd:
auth required pam_listfile.so item=user sense=deny
file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth

I also can't login to vsftpd from NIS accounts. It is not absolutely
necessary for this to work for me right now, but I am curious why it
doesn't, since I can telnet, ssh, and login just fine using any NIS
account.

Is this a PAM misconfiguration or yet another FTP server that's getting
too bloated for its own good?

Thanks in advance,
Aaron

• Previous message: greg: "question"
• Next in thread: Reynolds McClatchey: "Re: Strange vsftpd configuration"
• Reply: Reynolds McClatchey: "Re: Strange vsftpd configuration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Weakness introduced by denying remote logins on AIX, possibly others ... AIX 4.3.3 and AIX 5.1, ... is possible to remotely enumerate the passwords of a known AIX account. ... believed to be in the response from the login program after authentication ... Give accounts that have been restricted from remote logins strong passwords. ... (Security-Basics) Re: Please! Doesnt anyone know a better way to do this? ... account, they need to automatically be directed to the page to enter data ... session variable on the Account page. ... I assume here that you're checking a database when the user attempts to ... When a new user attempts to login or clicks to register, ... (microsoft.public.dotnet.framework.aspnet) WinXP laptop, simple-style login conn to Win2000 share, error ... So, to simplify matters, add all machines to the domain. ... local machine accounts) to keep track of... ... the local account information. ... the "pushbutton login") and configure the Laptops to auto ... (microsoft.public.windowsxp.security_admin) [Full-disclosure] Dexia website security alert ... A few days ago I sent a mail to the Dexia bank about ... one is for the online banking account and one ... The problem with the "members' login" was that ... encryption and b) if you enter a bad username or password both ... (Full-Disclosure) Dexia website security alert ... A few days ago I sent a mail to the Dexia bank about their ... one is for the online banking account and one is for some ... The problem with the "members' login" was that a) it was ... selected the wrong login by mistake your username and password were ... (Security-Basics)