PROFTPD Urgent question

Hi Everyone,

Question: When i logged into ftp, i can not upload any files, create directories, rename or delete files/directories

Steps i followed:

1. I added a new ftp user account into /etc/passwrd:
myftpuser:x:501:502:Example FTP User:/virtualhosts:/sbin/nologin

2. Created /virtualhosts directory with root.root ownership

3. Created /virtualhosts/exampledir/ directory with myftpuser.ftpusers directory

4. I logged into FTP server with myftpuser account and successfully chrooted to /virtualhosts directory. I can see "exampledir" directory, but can not do anything.

Here is my /etc/proftd.conf file:

# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName                      "Octeth Intranet Server"
ServerIdent                     on "FTP Server ready."
ServerAdmin                     postmaster@octeth.oct
ServerType                      standalone
#ServerType                     inetd
DefaultServer                   on
AccessGrantMsg                  "User %u logged in."
#DisplayConnect                 /etc/ftpissue
#DisplayLogin                   /etc/ftpmotd
#DisplayGoAway                  /etc/ftpgoaway
DeferWelcome                    off

#Time out parameters
TimeoutIdle                     600
TimeoutNoTransfer               600
TimeoutLogin                    300

# Use this to excude users from the chroot
# Below line restricts logged in user to his home directory excpet adm user group
# DefaultRoot                   ~ !adm
DefaultRoot                     /virtualhosts ftpusers,!root

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig                   proftpd
AuthOrder                       mod_auth_pam.c* mod_auth_unix.c

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups                    off
UseReverseDNS                   off

# Port 21 is the standard FTP port.
Port                            21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# Default to show dot files in directory listings
ListOptions                     "-a"

# Normally, we want files to be overwriteable.
<Directory ~/*>
  AllowOverwrite                on
  AllowAll
</Directory>

# See Configuration.html for these (here are the default values)
#MultilineRFC2228               off
#RootLogin                      off
#LoginPasswordPrompt            on
#MaxLoginAttempts               3
#MaxClientsPerHost              none
#AllowForeignAddress            off     # For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart            on
AllowStoreRestart               on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    20

# Set the user and group that the server normally runs at.
User                            root
Group                           root

# This is where we want to put the pid file
ScoreboardFile                  /var/run/proftpd.score

# Define the log formats
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine                      on
#TLSRequired                    on
#TLSRSACertificateFile          /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile       /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite                 ALL:!ADH:!DES
#TLSOptions                     NoCertRequest
#TLSVerifyClient                off
##TLSRenegotiate                ctrl 3600 data 512000 required off timeout 300
#TLSLog                         /var/log/proftpd/tls.log
blacklordAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ppfoongCommented:

Change these 2 lines:

# Set the user and group that the server normally runs at.
User                            root
Group                           root


into these:

# Set the user and group that the server normally runs at.
User                            myftpuser
Group                           ftpusers



0
blacklordAuthor Commented:
Hi,

Thanks for the answer but it does not worked. I changed those lines to;

User                            root
Group                           ftpusers

There are several FTP users i want to setup and each one of them will have right on their own directory under /virtualhosts.

I will can not do anything under virtualhosts directory.

For example, when i try to create a folder under "exampledir" directory (ownership: myftpuser.ftpusers), the following error is generated:

MKD testdir
550 1: Permission denied
Requested action not taken (e.g., file or directory not found, no access).


Do you have any other idea?
0
ppfoongCommented:

Try this:

DefaultRoot                     ~,!root

0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

blacklordAuthor Commented:
ppfoong,

I didn't understand the relation of DefaultRoot with file read/write permission. As i know, DefaultRoot defines the landing directory for users. In my setting it is set to:

DefaultRoot                     /virtualhosts ftpusers,!root

Which means, jail all ftpusers group members to /virtualhosts directory except root user.

Am i wrong?

My question is why i can not read/write any file or dir when i logged into FTP?
0
blacklordAuthor Commented:
ppfoong,

I tried your suggestion and it still does not work :(
0
ppfoongCommented:

Hmm... maybe your user is root and in your DefaultRoot, you have !root.

0
ppfoongCommented:

And make sure the /virtualhosts/exampledir/ directory at least has permission of drwxr-x---.

0
blacklordAuthor Commented:
In etc/passwd,

myftpuser:x:501:502:Example FTP User:/virtualhosts:/sbin/nologin

user ID is 501
Group ID is 502 which is "ftpusers"

"maybe your user is root", what do you mean with this? Which user you are talking about? User that is defined in proftpd.conf?
0
blacklordAuthor Commented:
Permissions are correct as you mentioned
0
ppfoongCommented:

Since you set the shell to /sbin/nologin, try this:


RequireValidShell               no

0
blacklordAuthor Commented:
nope, this does not work either. I still can not create a directory or file.
0
ppfoongCommented:

Sorry I gave up.

Your config is similar to mine, I dunno why you cannot.

0
blacklordAuthor Commented:
Thanks for your efforts.

Does anyone else know the reason?

Hint: If i change home directory of user to /home/myftpuser, then i can write/delete files and folders under /home/myftpuser/Desktop directory.

Please help!
0
ppfoongCommented:

Does your /virtualhosts directory has permission drwxr-xr-x ?

0
blacklordAuthor Commented:
yes it has
0
xDamoxCommented:
Hi,

Blacklord I just want to ask a fewquestions first:

1) what distro are you using?
2) Do you have SELinux enable e.g. check by issuing the following: sestatus as root.
0
blacklordAuthor Commented:
Hi,

I am using Fedora Core 4

when i typed sestatus as root, the following is displayed:

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 19
Policy from config file:        targeted

Policy booleans:
NetworkManager_disable_trans    inactive
allow_execmem                   active
allow_execmod                   active
allow_execstack                 active
allow_kerberos                  active
allow_write_xshm                inactive
allow_ypbind                    inactive
apmd_disable_trans              inactive
arpwatch_disable_trans          inactive
auditd_disable_trans            inactive
bluetooth_disable_trans         inactive
canna_disable_trans             inactive
cardmgr_disable_trans           inactive
comsat_disable_trans            inactive
cupsd_config_disable_trans      inactive
cupsd_disable_trans             inactive
cvs_disable_trans               inactive
cyrus_disable_trans             inactive
dbskkd_disable_trans            inactive
dhcpc_disable_trans             inactive
dhcpd_disable_trans             inactive
dovecot_disable_trans           inactive
fingerd_disable_trans           inactive
ftp_home_dir                    active
ftpd_disable_trans              inactive
ftpd_is_daemon                  active
hald_disable_trans              inactive
hotplug_disable_trans           inactive
howl_disable_trans              inactive
httpd_builtin_scripting         active
httpd_can_network_connect       inactive
httpd_disable_trans             inactive
httpd_enable_cgi                active
httpd_enable_homedirs           active
httpd_ssi_exec                  active
httpd_suexec_disable_trans      inactive
httpd_tty_comm                  inactive
httpd_unified                   active
i18n_input_disable_trans        inactive
inetd_child_disable_trans       inactive
inetd_disable_trans             inactive
innd_disable_trans              inactive
kadmind_disable_trans           inactive
klogd_disable_trans             inactive
krb5kdc_disable_trans           inactive
ktalkd_disable_trans            inactive
lpd_disable_trans               inactive
mysqld_disable_trans            inactive
named_disable_trans             inactive
named_write_master_zones        inactive
nfs_export_all_ro               active
nfs_export_all_rw               active
nmbd_disable_trans              inactive
nscd_disable_trans              inactive
ntpd_disable_trans              inactive
portmap_disable_trans           inactive
postgresql_disable_trans        inactive
pppd_disable_trans              inactive
pppd_for_user                   inactive
privoxy_disable_trans           inactive
ptal_disable_trans              inactive
radiusd_disable_trans           inactive
radvd_disable_trans             inactive
read_default_t                  active
rlogind_disable_trans           inactive
rsync_disable_trans             inactive
samba_enable_home_dirs          inactive
saslauthd_disable_trans         inactive
slapd_disable_trans             inactive
smbd_disable_trans              inactive
snmpd_disable_trans             inactive
squid_connect_any               inactive
squid_disable_trans             inactive
stunnel_disable_trans           inactive
stunnel_is_daemon               inactive
syslogd_disable_trans           inactive
system_dbusd_disable_trans      inactive
telnetd_disable_trans           inactive
tftpd_disable_trans             inactive
udev_disable_trans              inactive
use_nfs_home_dirs               inactive
use_samba_home_dirs             inactive
uucpd_disable_trans             inactive
winbind_disable_trans           inactive
ypbind_disable_trans            inactive
ypserv_disable_trans            inactive
zebra_disable_trans             inactive
0
xDamoxCommented:
Hi,

Problem solved, you have SELinux protecting your machine:

ftp_home_dir                    active
ftpd_disable_trans              inactive
ftpd_is_daemon                  active

run the following command as root:

system-config-securitylevel

Go into the SELinux tab and click Modify SELinux policy select the FTP policy then
click disable, and FTP will work :)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
blacklordAuthor Commented:
Thanks! It works!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.