Solved

FTPPro and Linux

Posted on 2000-03-02
11
224 Views
Last Modified: 2010-08-05
Cant seem to get it to use the standard passwd and shadow file.

It wants to run the linux dbase version.

Any ideas how I change it OR
How I get the dbase version going (bearing in mind I would like to run vhosts)
0
Comment
Question by:martincollis
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
Hmm, the only FTPPro I've ever head of is the windows client. As for ftp servers for virtual domains, my favorite is ncftpd (http://www.ncftp.com/ncftpd/). While it's not free, it isn't very expensive and it is very efficient, secure, and robust.
0
 
LVL 3

Expert Comment

by:freesource
Comment Utility
Two things here.  First, if shadow passords aren't working here is a possbile reason right from the documentation:

You aren't starting proftpd as root, or you have inetd configured to run proftpd as a user other than root. The proftpd daemon must be started as root in order to bind to tcp ports lower than 1024, or to open your shadow password file when authenticating users. The daemon switches uid/gids to the user and group specified by the User/Group directives during normal operation, so a `ps' will show it running as the user you specified.

Now in order to use this programs own password file there are two configuration directives.

(from the documentation)

The UserPassword directive creates a password for a particular user which overrides the user's normal
password in /etc/passwd (or /etc/shadow). The override is only effective inside the context to which
UserPassword is applied. The hashed-password argument is a cleartext string which has been passed
through the standard unix crypt() function. Do NOT use a cleartext password. This can be useful when
combined with UserAlias to provide multiple logins to an Anonymous FTP site.

The GroupPassword directive creates a special "group" password which allows all users in the specified
group to authenticate using a single password. The group/password supplied is only effective inside the
context to which GroupPassword is applied. The hashed-password argument is a standard cleartext
password which has been passed through the standard unix crypt() library function. Extreme care
should be taken when using GroupPassword, as serious security problems may arise if group
membership is not carefully controlled.
       
You can use these directives with or without virtual servers just by adding the directives in the appropriate places.

This is an excellent ftpd, it's free, and totally awesome!
0
 
LVL 3

Expert Comment

by:freesource
Comment Utility
Here I am just reposting the two directives and including the syntax, too.

Syntax: UserPassword userid hashed-password
Default: None
Context: server config,<VirtualHost>, <Anonymous>
Compatibility: 0.99.0pl5 and later

The UserPassword directive creates a password for a particular user which
overrides the user's normal password in /etc/passwd (or /etc/shadow). The
override is only effective inside the context to which UserPassword is  
applied. The hashed-password argument is a cleartext string which has been
passed through the standard unix crypt() function. Do NOT use a cleartext
password. This can be useful when combined with UserAlias to provide
multiple logins to an Anonymous FTP site.

GroupPassword

Syntax: GroupPassword groupid hashed-password
Default: None
Context: server config,<VirtualHost>, <Anonymous>
Compatibility: 0.99.0pl5 and later

The GroupPassword directive creates a special "group" password which
allows all users in the specified group to authenticate using a single
password. The group/password supplied is only effective inside the context
to which GroupPassword is applied. The hashed-password argument is a
standard cleartext password which has been passed through the standard
unix crypt() library function. Extreme care should be taken when using
GroupPassword, as serious security problems may arise if group membership
is not carefully controlled.

0
 

Author Comment

by:martincollis
Comment Utility
This is the kind of stuff Im after.

I understand what you mean, but could you give me a little hand holding:

i.e. an example proftpd.conf
0
 
LVL 3

Expert Comment

by:freesource
Comment Utility
# This should be pretty self-explanatory, but if there is
# any part you don't understand, just ask me.
# This sample configuration file illustrates creating two
# virtual servers, and associated anonymous logins.

ServerName                  "ProFTPD"
ServerType                  inetd
DeferWelcome                  off

# Port 21 is the standard FTP port.
Port                        21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                        022

# Set the user and group that the server normally runs at.
User                        nobody
Group                        nobody

# First virtual server
<VirtualHost ftp.virtual.com>

  ServerName                  "Virtual.com's FTP Server"

  MaxClients                  10
  MaxLoginAttempts            1

  # DeferWelcome prevents proftpd from displaying the servername
  # until a client has authenticated.
  DeferWelcome                  on

  # Limit normal user logins, because we only want to allow
  # guest logins.
  <Limit LOGIN>
    DenyAll
  </Limit>

  # Next, create a "guest" account (which could be used
  # by a customer to allow private access to their web site, etc)
  <Anonymous ~cust1>
    User                  cust1
    Group                  cust1
    AnonRequirePassword            on

    <Limit LOGIN>
      AllowAll
    </Limit>

    HideUser                  root
    HideGroup                  root

    # A private directory that we don't want the user getting in to.
    <Directory logs>
      <Limit READ WRITE DIRS>
        DenyAll
      </Limit>
    </Directory>

  </Anonymous>

</VirtualHost>

# Another virtual server, this one running on our primary address,
# but on port 4000.  The only access is to a single anonymous login.
<VirtualHost our.ip.address>

  ServerName                  "Our private FTP server"
  Port                        4000
  Umask                        027

  <Limit LOGIN>
    DenyAll
  </Limit>

  <Anonymous /usr/local/ftp/virtual/a_customer>

    User                  ftp
    Group                  ftp
    UserAlias                  anonymous ftp

    <Limit LOGIN>
      AllowAll
    </Limit>

    <Directory *>
      <Limit WRITE>
        DenyAll
      </Limit>
    </Directory>

    <Directory incoming>
      <Limit WRITE>
        AllowAll
      </Limit>
    </Directory>

  </Anonymous>

</VirtualHost>
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 3

Expert Comment

by:freesource
Comment Utility
I should point out one thing about the above example, according to the documentation:

Port

Syntax: Port port-number
Default: Port 21
Context: server config, <VirtualHost>
Compatibility: 0.99.0 and later

The Port directive configures the tcp port which proftpd will listen on while running in standalone mode. It has no effect when used upon a server running in inetd mode (see ServerType). The directive can be used in conjuction with <VirtualHost> in order to run a virtual server on the same IP address as the master server, but listening on a different port.

What this means is that Port 4000 won't have any effect, but this was just an example.
0
 

Author Comment

by:martincollis
Comment Utility
Mar  7 16:27:19 ns1 proftpd[19813]: cannot bind 194.164.93.194:21 to server 'Virtual.com's FTP Server', already bound to 'ProFTPD'.
Mar  7 16:27:23 ns1 proftpd[19813]: PAM(martinc): Authentication failure



I think these are two errors.
in system messages.
0
 
LVL 3

Expert Comment

by:freesource
Comment Utility
This would indicate that proftpd is already setup to run from port 21, meaning there is probably an entry in /etc/inetd.conf, if this is the case comment out any lines you find referring to proftpd and any other ftpd which may want to use port 21. Then run proftpd as "ServerType standalone"  This happened when you tried to run proftpd from the command line, right?

The PAM error would indicate a problem authenticating a certain user(s)/group(s), do the users and groups found in proftpd.conf actually exist?  I hope you aren't using this configuration file example verbatim :) .. set it up for your system.
0
 
LVL 2

Expert Comment

by:mapc
Comment Utility
Check that you're compiling it with shadow and not PAM, or, instead, check ftp in pam.d directory.
0
 

Author Comment

by:martincollis
Comment Utility
How do I change the way it compiles?


What should ftp in pam.d look like?
0
 
LVL 2

Accepted Solution

by:
mapc earned 550 total points
Comment Utility
/configure --help should give some hints.
read INSTALL file as well.
I *think* it should be like this:
auth       required     /lib/security/pam_pwdb.so shadow
account    required     /lib/security/pam_pwdb.so
Or maybe not.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

If you use Adobe Reader X it is possible you can't open OLE PDF documents in the standard. The reason is the 'save box mode' in adobe reader X. Many people think the protected Mode of adobe reader x is only to stop the write access. But this fe…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now