[K12OSN] Help, please: can't get VSFTP to work

john lists.john at gmail.com
Tue Mar 21 21:50:47 UTC 2006 

Hi Petre,

I agree with you on all counts. Sadly, this box has to allow a teacher
access via ftp because the teacher wants to manage his website via an
OS9.x ver. of Pagemill which doesn't support sftp.

John

On 3/21/06, Petre Scheie <petre at maltzen.net> wrote:
> Not to change the subject, but rather than fooling around with an FTP daemon, use ssh
> instead.  It included the sftp daemon, and if you can ssh into the box, sftp should work
> with no further configuration.  On the client side, assuming people are coming from
> Windows, have them use WinSCP or FileZilla (although FileZilla has a bug that prevents
> the DOS-to-Unix conversion of ASCII mode from working).  Plain FTP passes IDs and PWs in
> clear text which is frowned upon for security reasons.
>
> Petre
>
> john wrote:
> > Hi all,
> >
> > I haven't been able to get vsftp to run under FC4 and I was wondering
> > if anyone had any clues for me or had had similar issues.
> >
> > I am trying to get it to run under xinet.d so that I can use
> > tcpwrappers in order that VSFTP honor my hosts.allow hosts.deny files.
> > The default rpm package for FC4 uses pam for authentication and I
> > haven't made any alterations to /etc/pam/vsftpd.
> >
> > I assume that support for tcp_wrappers was built into the rpm package
> > but I don't know how to check this, the binary has been stripped of
> > comments.
> >
> > I don't have any way to start and stop xinetd as a service since its
> > not linked from /etc/init.d/  can anyone set me straight here?
> >
> > When I do /etc/init.d/vsftpd start i get a message saying ok
> > then when I do /etc/init.d/vsftpd status I get:
> >
> > /etc/init.d/vsftpd status
> > vsftpd dead but subsys locked
> >
> > Your help is greatly appreciated.
> >
> >
> >
> >
> >
> > --------
> >
> >
> > Here's my /etc/xinetd.d/vsftpd file
> >
> > default: on
> > # description: The vsftpd FTP server serves FTP connections. It uses \
> > # normal, unencrypted usernames and passwords for authentication.
> > service ftp
> > {
> > disable = no
> > socket_type = stream
> > wait = no
> > user = root
> > server = /usr/sbin/vsftpd
> > nice = 10
> > }
> >
> > and here's my vsftpd.conf file
> >
> >
> > # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
> > anonymous_enable=NO
> > #
> > # Uncomment this to allow local users to log in.
> > local_enable=YES
> > #
> > # Uncomment this to enable any form of FTP write command.
> > write_enable=YES
> > #
> > # Default umask for local users is 077. You may wish to change this to 022,
> > # if your users expect that (022 is used by most other ftpd's)
> > local_umask=022
> > #
> > # Uncomment this to allow the anonymous FTP user to upload files. This only
> > # has an effect if the above global write enable is activated. Also, you will
> > # obviously need to create a directory writable by the FTP user.
> > #anon_upload_enable=YES
> > #
> > # Uncomment this if you want the anonymous FTP user to be able to create
> > # new directories.
> > #anon_mkdir_write_enable=YES
> > #
> > # Activate directory messages - messages given to remote users when they
> > # go into a certain directory.
> > dirmessage_enable=YES
> > #
> > # Activate logging of uploads/downloads.
> > xferlog_enable=YES
> > #
> > # Make sure PORT transfer connections originate from port 20 (ftp-data).
> > connect_from_port_20=YES
> > #
> > # If you want, you can arrange for uploaded anonymous files to be owned by
> > # a different user. Note! Using "root" for uploaded files is not
> > # recommended!
> > #chown_uploads=YES
> > #chown_username=whoever
> > #
> > # You may override where the log file goes if you like. The default is shown
> > # below.
> > #xferlog_file=/var/log/vsftpd.log
> > #
> > # If you want, you can have your log file in standard ftpd xferlog format
> > xferlog_std_format=YES
> > #
> > # You may change the default value for timing out an idle session.
> > #idle_session_timeout=600
> > #
> > # You may change the default value for timing out a data connection.
> > #data_connection_timeout=120
> > #
> > # It is recommended that you define on your system a unique user which the
> > # ftp server can use as a totally isolated and unprivileged user.
> > #nopriv_user=ftpsecure
> > #
> > # Enable this and the server will recognise asynchronous ABOR requests. Not
> > # recommended for security (the code is non-trivial). Not enabling it,
> > # however, may confuse older FTP clients.
> > #async_abor_enable=YES
> > #
> > # By default the server will pretend to allow ASCII mode but in fact ignore
> > # the request. Turn on the below options to have the server actually do ASCII
> > # mangling on files when in ASCII mode.
> > # Beware that turning on ascii_download_enable enables malicious remote parties
> > # to consume your I/O resources, by issuing the command "SIZE /big/file" in
> > # ASCII mode.
> > # These ASCII options are split into upload and download because you may wish
> > # to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
> > # without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
> > # on the client anyway..
> > #ascii_upload_enable=YES
> > #ascii_download_enable=YES
> > #
> > # You may fully customise the login banner string:
> > ftpd_banner=Welcome to VISD FTP service.
> > #
> > # You may specify a file of disallowed anonymous e-mail addresses. Apparently
> > # useful for combatting certain DoS attacks.
> > #deny_email_enable=YES
> > # (default follows)
> > #banned_email_file=/etc/vsftpd/banned_emails
> > #
> > # You may specify an explicit list of local users to chroot() to their home
> > # directory. If chroot_local_user is YES, then this list becomes a list of
> > # users to NOT chroot().
> > #chroot_list_enable=YES
> > # (default follows)
> > #chroot_list_file=/etc/vsftpd/chroot_list
> > #
> > # You may activate the "-R" option to the builtin ls. This is disabled by
> > # default to avoid remote users being able to cause excessive I/O on large
> > # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
> > # the presence of the "-R" option, so there is a strong case for enabling it.
> > #ls_recurse_enable=YES
> >
> > pam_service_name=vsftpd
> > userlist_enable=YES
> > #enable for standalone mode
> > #listen=YES
> > tcp_wrappers=YES
> >
> >
> > Here's my /etc/pam.d/vsftpd file
> >
> > [root at localhost ~]# cat /etc/pam.d/vsftpd
> > #%PAM-1.0
> > auth       required     pam_listfile.so item=user sense=deny
> > file=/etc/vsftpd/ftpusers onerr=succeed
> > auth       required     pam_stack.so service=system-auth
> > auth       required     pam_shells.so
> > account    required     pam_stack.so service=system-auth
> > session    required     pam_stack.so service=system-auth
> >
> > _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
> >
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>

More information about the K12OSN mailing list