Solved

FTP problem in 7.3 ? WU-FTP 2.6

Posted on 2002-07-01
17
335 Views
Last Modified: 2013-12-15
I have setup 7.3 linuxbox with customer installation. During the installation, I disable the firewall session and add WU-FTP service.

Problem is:

I have unable to point my user to predefined directory and always mention access restrictions apply.

e.g. BIND user with bind group

530 Please login with USER and PASS.
ftp> user bind
331 Password required for bind.
Password:
230 User bind logged in.  Access restrictions apply.
ftp> pwd
257 "/" is current directory.
ftp> ls


1) no firewall setup is applied
2) remove etc/security
3) remove etc/ftpuser (root)

It seems that there is no problem in 7.1/7.2 but it does not do the same thing in 7.3

it may be the problem from ftpd config, but i do not have any idea in order to make this work

220 localhost.localdomain FTP server (Version wu-2.6.2-5) ready.

Please advise

Edmund
0
Comment
Question by:edmundli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
17 Comments
 
LVL 4

Expert Comment

by:MFCRich
ID: 7124454
Does the user 'bind' have a home directory listed in '/etc/passwd'? Are you sure you want him to?
0
 

Author Comment

by:edmundli
ID: 7124602
yes, bind is just an example.

does it relate to chroot etc ...
0
 
LVL 20

Expert Comment

by:Gns
ID: 7129767
Yes, there seem to have been a shift so that in RH7.3, all users get locked into their home directory with chroot by default.

Unfortunately, I don't have RH7.3 installed on any machine nearby, so I can't check exactly what to change where.

Probably something in /etc/ftp* though:-)

-- Glenn

0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:edmundli
ID: 7129989
It may happen in 7.2 as well.

I had checked ftpaccess .. but not sure what part have to be changed.
0
 
LVL 20

Expert Comment

by:Gns
ID: 7129998
Could you show us the content of /etc/ftpaccess? Something might "jump out" to fresh eyes(;).

-- Glenn
0
 

Author Comment

by:edmundli
ID: 7133105
# This file controls the behavior of the wu-ftpd
# ftp server.
#
# If you're looking for a graphical frontend to
# editing it, try kwuftpd from the kdeadmin
# package.

# Don't allow system accounts to log in over ftp
deny-uid %-99 %65534-
deny-gid %-99 %65534-
allow-uid ftp
allow-gid ftp

# Chroot all users to their home directory by default
# (comment this out if you don't want to chroot most of your users)
guestuser *
# If you wish to allow user1 and user2 to access other
# directories, use the line below:
# realuser user1,user2


# The ftpchroot group doesn't exist by default, this
# entry is just supplied as an example.
# To chroot a user, modify the line below or create
"ftpaccess" 72L, 1906C                                        7,0-1         Top





































# Don't allow system accounts to log in over ftp
deny-uid %-99 %65534-
deny-gid %-99 %65534-
allow-uid ftp
allow-gid ftp

# Chroot all users to their home directory by default
# (comment this out if you don't want to chroot most of your users)
guestuser *
# If you wish to allow user1 and user2 to access other
# directories, use the line below:
# realuser user1,user2


# The ftpchroot group doesn't exist by default, this
# entry is just supplied as an example.
# To chroot a user, modify the line below or create
"ftpaccess" 72L, 1906C                                        7,0-1         Top




# Don't allow system accounts to log in over ftp
deny-uid %-99 %65534-
deny-gid %-99 %65534-
allow-uid ftp
allow-gid ftp

# Chroot all users to their home directory by default
# (comment this out if you don't want to chroot most of your users)
guestuser root *
# If you wish to allow user1 and user2 to access other
# directories, use the line below:
# realuser user1,user2


# The ftpchroot group doesn't exist by default, this
# entry is just supplied as an example.
# To chroot a user, modify the line below or create
"ftpaccess" 72L, 1906C                                        7,0-1         Top













0
 
LVL 20

Expert Comment

by:Gns
ID: 7138938
OK edmundli, this one's real simple, as it turns out.

You can do one othe following two things:

in /etc/ftpaccess EITHER
comment out the line(s) with "guestuser <whatever> *" (or simply remove the wildcard character "*" from the line(s). Your cut'n'paste looks a little ...strange... Hence the reference to "line(s)" :),

OR

Uncomment or otherwise add a "realuser <username to have 'real user access'>" line.

If you go with the first suggestion, you'll allow all users to access all files (well, normal permissions apply), and if you go with the second, only the select few you explicitly allow will be able to access "the entire system".

I'd go with the second.

-- Glenn
0
 

Author Comment

by:edmundli
ID: 7139472
I had added the realuser line, restart the server, but it is the same


# This file controls the behavior of the wu-ftpd
# ftp server.
#
# If you're looking for a graphical frontend to
# editing it, try kwuftpd from the kdeadmin
# package.

# Don't allow system accounts to log in over ftp
deny-uid %-99 %65534-
deny-gid %-99 %65534-
allow-uid ftp
allow-gid ftp

# The ftpchroot group doesn't exist by default, this
# entry is just supplied as an example.
# To chroot a user, modify the line below or create
# the ftpchroot group and add the user to it.
#
# You will need to setup the required applications
# and libraries in the root directory (set using
# guest-root).
#
# Look at the anonftp package for the files you'll need.
guestgroup ftpchroot

realuser        root
# User classes...
class   all  root,real,guest,anonymous  *

# Set this to your email address
email root@localhost

# Allow 5 mistyped passwords
loginfails 5

# Notify the users of README files at login and when
# changing to a different directory
readme  README*    login
readme  README*    cwd=*

# Messages displayed to the user
message /welcome.msg            login
message .message                cwd=*

# Allow on-the-fly compression and tarring
compress        yes             all
tar             yes             all

# Prevent anonymous users (and partially guest users)
# from executing dangerous commands
chmod           no              guest,anonymous
delete          no              anonymous
overwrite       no              anonymous
rename          no              anonymous

# Turn on logging to /var/log/xferlog
log transfers anonymous,guest,real inbound,outbound

# If /etc/shutmsg exists, don't allow logins
# see ftpshut man page
shutdown /etc/shutmsg

# Ask users to use their email address as anonymous
# password
passwd-check rfc822 warn
0
 
LVL 20

Expert Comment

by:Gns
ID: 7153702
Hmmmm, try it with a regular user, not root.

Also, there are several directives that pertain to root... I'll have to think on what the ramifications would be.

-- Glenn
0
 

Author Comment

by:edmundli
ID: 7282033
any update by using root to establich ftp session ?
0
 
LVL 20

Expert Comment

by:Gns
ID: 7282279
The problem seems to be that you have a
deny-uid %-99 %65534-
deny-gid %-99 %65534-

which will deny user (and group) root (user id==0, group id ==0).
You could probably (I'm writing this at home, and my home LAN isn't working ATM... a NIC has ... toasted. I'll check tomorrow @work. Do remind me: I'm very busy (with Real Work) ATM, and could easily forget) just add similar "allow" lines as for ftp:
allow-uid root
allow-gid root

or just tag them on.

I'll try and remeber to come back with a more definitive answer tomorrow.

Did it work for a regular user?

-- Glenn
0
 
LVL 20

Accepted Solution

by:
Gns earned 100 total points
ID: 7283487
OK, now I've checked. in ftpaccess:
allow-uid root ftp
allow-gid root ftp

Depending on PAM (check the "auth" etries (lines) in /etc/pam.d/ftp) you might also have to comment out root in /etc/ftpusers (or similar)... Reviewed question, I see you already covered that.

Sermon warning! Proceed at your own risk: It's generally not a good idea to let "system accounts", and particularily root accounts, be unrestricted in regards to ftp. If you truly have to have root-enabled ftp, look into turning it into SSH instead. sftp is a very nice (secure) alternative.
But of course, if you have this system on a nonpublic, secured network, there shouldn't be a problem with insecure usages of ftp.

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
ID: 8613297
Um, you still out there edmundli?

-- Glenn
0
 

Expert Comment

by:CleanupPing
ID: 9086604
edmundli:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 20

Expert Comment

by:Gns
ID: 9087874
Here I'd say I'm both tenacious(sp?) and correct.

-- Glenn
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 9906239

No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Accept GNS's answer

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

pjedmond
EE Cleanup Volunteer
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WordPress: Debugging from my Windows 10 Desktop 6 99
Linux kernel panic ext3-fs error 14 77
cmake and message 1 26
Bitcoin mining - Is it possible? 6 104
Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question