Page 7 of 14 FirstFirst ... 56789 ... LastLast
Results 61 to 70 of 134

Thread: Howto: Easy FTP with vsftpd

  1. #61
    Join Date
    Jun 2010
    Beans
    1

    Re: Howto: Easy FTP with vsftpd

    Hello and thanks for tutorial.

    I've installed and configured vsftpd. It works in localhost, but when I try connect from another server, it just says "connection time out" I belive that my iptables are configured right, but if not, please tell what I have done wrong.

    I would like to have also one user, that have access to all others dirs. And other just have their dirs. And dirs should be on RAID (md0)

    VSFTPD config
    Code:
    # Example config file /etc/vsftpd.conf
    #
    # The default compiled in settings are fairly paranoid. This sample file
    # loosens things up a bit, to make the ftp daemon more usable.
    # Please see vsftpd.conf.5 for all compiled in defaults.
    #
    # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
    # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
    # capabilities.
    #
    #
    # Run standalone?  vsftpd can run either from an inetd or as a standalone
    # daemon started from an initscript.
    listen=YES
    #
    # Run standalone with IPv6?
    # Like the listen parameter, except vsftpd will listen on an IPv6 socket
    # instead of an IPv4 one. This parameter and the listen parameter are mutually
    # exclusive.
    #listen_ipv6=YES
    #
    # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
    anonymous_enable=NO
    #
    # Uncomment this to allow local users to log in.
    local_enable=YES
    #
    # Uncomment this to enable any form of FTP write command.
    write_enable=YES
    #
    # Default umask for local users is 077. You may wish to change this to 022,
    # if your users expect that (022 is used by most other ftpd's)
    #local_umask=022
    #
    # Uncomment this to allow the anonymous FTP user to upload files. This only
    # has an effect if the above global write enable is activated. Also, you will
    # obviously need to create a directory writable by the FTP user.
    #anon_upload_enable=YES
    #
    # Uncomment this if you want the anonymous FTP user to be able to create
    # new directories.
    #anon_mkdir_write_enable=YES
    #
    # Activate directory messages - messages given to remote users when they
    # go into a certain directory.
    dirmessage_enable=YES
    #
    # Activate logging of uploads/downloads.
    xferlog_enable=YES
    #
    # Make sure PORT transfer connections originate from port 20 (ftp-data).
    connect_from_port_20=YES
    #
    # If you want, you can arrange for uploaded anonymous files to be owned by
    # a different user. Note! Using "root" for uploaded files is not
    # recommended!
    #chown_uploads=YES
    #chown_username=whoever
    #
    # You may override where the log file goes if you like. The default is shown
    # below.
    #xferlog_file=/var/log/vsftpd.log
    #
    # If you want, you can have your log file in standard ftpd xferlog format
    #xferlog_std_format=YES
    #
    # You may change the default value for timing out an idle session.
    #idle_session_timeout=600
    #
    # You may change the default value for timing out a data connection.
    #data_connection_timeout=120
    #
    # It is recommended that you define on your system a unique user which the
    # ftp server can use as a totally isolated and unprivileged user.
    #nopriv_user=ftpsecure
    #
    # Enable this and the server will recognise asynchronous ABOR requests. Not
    # recommended for security (the code is non-trivial). Not enabling it,
    # however, may confuse older FTP clients.
    #async_abor_enable=YES
    #
    # By default the server will pretend to allow ASCII mode but in fact ignore
    # the request. Turn on the below options to have the server actually do ASCII
    # mangling on files when in ASCII mode.
    # Beware that on some FTP servers, ASCII support allows a denial of service
    # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
    # predicted this attack and has always been safe, reporting the size of the
    # raw file.
    # ASCII mangling is a horrible feature of the protocol.
    #ascii_upload_enable=YES
    #ascii_download_enable=YES
    #
    # You may fully customise the login banner string:
    #ftpd_banner=Welcome to blah FTP service.
    #
    # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    # useful for combatting certain DoS attacks.
    #deny_email_enable=YES
    # (default follows)
    #banned_email_file=/etc/vsftpd.banned_emails
    #
    # You may restrict local users to their home directories.  See the FAQ for
    # the possible risks in this before using chroot_local_user or
    # chroot_list_enable below.
    chroot_local_user=YES
    #
    # You may specify an explicit list of local users to chroot() to their home
    # directory. If chroot_local_user is YES, then this list becomes a list of
    # users to NOT chroot().
    chroot_list_enable=YES
    # (default follows)
    #chroot_list_file=/etc/vsftpd.chroot_list
    #
    # You may activate the "-R" option to the builtin ls. This is disabled by
    # default to avoid remote users being able to cause excessive I/O on large
    # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    # the presence of the "-R" option, so there is a strong case for enabling it.
    #ls_recurse_enable=YES
    #
    #
    # Debian customization
    #
    # Some of vsftpd's settings don't fit the Debian filesystem layout by
    # default.  These settings are more Debian-friendly.
    #
    # This option should be the name of a directory which is empty.  Also, the
    # directory should not be writable by the ftp user. This directory is used
    # as a secure chroot() jail at times vsftpd does not require filesystem
    # access.
    secure_chroot_dir=/var/run/vsftpd
    #
    # This string is the name of the PAM service vsftpd will use.
    pam_service_name=vsftpd
    #
    # This option specifies the location of the RSA certificate to use for SSL
    # encrypted connections.
    rsa_cert_file=/etc/ssl/certs/vsftpd.pem
    
    
    # Added, not in default config:
    
    # To get stuff on RAID
    user_sub_token=$USER
    local_root=/I/don't/yet/know/where/I/should/mount/my/raid/$USER
    IPTABLES
    Code:
    # Generated by iptables-save v1.4.2 on Mon Jun 28 11:17:02 2010
    *mangle
    :PREROUTING ACCEPT [316760:129808118]
    :INPUT ACCEPT [265205:125666820]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [129794:34322757]
    :POSTROUTING ACCEPT [135197:34641445]
    COMMIT
    # Completed on Mon Jun 28 11:17:02 2010
    # Generated by iptables-save v1.4.2 on Mon Jun 28 11:17:02 2010
    *filter
    :INPUT ACCEPT [10837:8458197]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [143979:35689269]
    :fail2ban-courierauth - [0:0]
    :fail2ban-couriersmtp - [0:0]
    :fail2ban-postfix - [0:0]
    :fail2ban-proftpd - [0:0]
    :fail2ban-sasl - [0:0]
    :fail2ban-ssh - [0:0]
    :fail2ban-ssh-ddos - [0:0]
    -A INPUT -p tcp -m multiport --dports 21,20,990,989 -j fail2ban-proftpd 
    -A INPUT -p tcp -m multiport --dports 25,465,143,220,993,110,995 -j fail2ban-courierauth 
    -A INPUT -p tcp -m multiport --dports 25,465,143,220,993,110,995 -j fail2ban-sasl 
    -A INPUT -p tcp -m multiport --dports 25,465 -j fail2ban-postfix 
    -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh 
    -A INPUT -p tcp -m multiport --dports 25,465 -j fail2ban-couriersmtp 
    -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh-ddos 
    -A INPUT -s 192.168.101.0/24 -j ACCEPT 
    -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
    -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT 
    -A INPUT -i eth0 -j ACCEPT 
    -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
    -A INPUT -p 21 -m conntrack --ctstate NEW -j ACCEPT 
    -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 21 -j ACCEPT 
    -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 22 -j ACCEPT 
    -A fail2ban-courierauth -j RETURN 
    -A fail2ban-couriersmtp -j RETURN 
    -A fail2ban-postfix -j RETURN 
    -A fail2ban-proftpd -j RETURN 
    -A fail2ban-sasl -j RETURN 
    -A fail2ban-ssh -j RETURN 
    -A fail2ban-ssh-ddos -j RETURN 
    COMMIT
    # Completed on Mon Jun 28 11:17:02 2010
    Amn... It seems like fail2ban have left some rules from proftpd testing. Should clean them up. :P

  2. #62
    Join Date
    Feb 2009
    Location
    Singapore
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Howto: Easy FTP with vsftpd

    thks. very nice guide.

  3. #63
    Join Date
    Apr 2009
    Location
    Saitama, Japan
    Beans
    132
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Howto: Easy FTP with vsftpd

    Upon installing vsftpd, I got a unknown instance error when I try to restart the program. I haven't even edit the vsftpd.conf yet.

    Where can I check the log for this error? I've looked in the /var/log/vsftpd.log but I don't see any errors.

    edited:
    I rebooted the server and checked my boot.log. This is the error for vsftpd.
    Code:
    init: vsftpd main process (716) terminated with status 1
    
    init: vsftpd main process ended, respawning
    
    init: vsftpd main process (763) terminated with status 1
    
    init: vsftpd main process ended, respawning
    
    init: vsftpd main process (766) terminated with status 1
    
    init: vsftpd main process ended, respawning
    
    init: vsftpd main process (769) terminated with status 1
    
    init: vsftpd main process ended, respawning
    
    init: vsftpd main process (772) terminated with status 1
    
    init: vsftpd main process ended, respawning
    
    init: vsftpd main process (776) terminated with status 1
    
    init: vsftpd main process ended, respawning
    
    init: vsftpd main process (779) terminated with status 1
    
    init: vsftpd main process ended, respawning
    
    init: vsftpd main process (782) terminated with status 1
    
    init: vsftpd main process ended, respawning
    
    init: vsftpd main process (785) terminated with status 1
    
    init: vsftpd main process ended, respawning
    
    init: vsftpd main process (788) terminated with status 1
    
    init: vsftpd main process ended, respawning
    
    init: vsftpd main process (791) terminated with status 1
    
    init: vsftpd respawning too fast, stopped
    When I try to start vsftpd with this cmd.
    Code:
    sudo service vsftpd start
    I get this error.
    Code:
    start: unknown instance
    If I try with this cmd.
    Code:
    start vsftpd
    I get this error.
    Code:
    start: Unable to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory.
    I have been troubleshooting this for a couple of days now; I still can't figure out why the dbus error. I need to get this working as I have several websites I wished to make changes to when I am out of my network. Help please.
    Last edited by duceduc; August 6th, 2010 at 09:25 AM.

  4. #64
    Join Date
    Apr 2009
    Location
    Saitama, Japan
    Beans
    132
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Howto: Easy FTP with vsftpd

    I finally got the vsftpd connected. I am able to connect, log in, browse the folders. I followed the howto using the exact permission for the users as shown in the fist post.
    Code:
    write_enable=YES
    anon_mkdir_write_enable=YES
    anon_other_write_enable=YES
    anon_upload_enable=YES
    local_root=/home/work
    chroot_local_user=YES
    dirlist_enable=YES
    download_enable=YES
    guest_username=workers
    Here is what I can do:
    rename files
    upload files
    upload empty folders
    delete files

    Here is what I cannot do:
    delete folders
    upload folders with files inside.

    How can I grant these permissions? The code above seems to be correct but I can't do what I want it to do.

    Thanks for your help.

  5. #65
    Join Date
    Apr 2009
    Location
    Saitama, Japan
    Beans
    132
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Howto: Easy FTP with vsftpd

    Anyone reading this can help with my problem above this post? I don't know what else to look for for my permission deny error.
    Here is my vsftpd.conf
    Code:
    # Example config file /etc/vsftpd.conf
    #
    # The default compiled in settings are fairly paranoid. This sample file
    # loosens things up a bit, to make the ftp daemon more usable.
    # Please see vsftpd.conf.5 for all compiled in defaults.
    #
    # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
    # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
    # capabilities.
    #
    #
    # Run standalone?  vsftpd can run either from an inetd or as a standalone
    # daemon started from an initscript.
    listen=YES
    #
    # Run standalone with IPv6?
    # Like the listen parameter, except vsftpd will listen on an IPv6 socket
    # instead of an IPv4 one. This parameter and the listen parameter are mutually
    # exclusive.
    #listen_ipv6=YES
    #
    # Allow anonymous FTP? (Disabled by default)
    anonymous_enable=NO
    #
    # Uncomment this to allow local users to log in.
    local_enable=YES
    #
    # Uncomment this to enable any form of FTP write command.
    write_enable=YES
    #
    # Default umask for local users is 077. You may wish to change this to 022,
    # if your users expect that (022 is used by most other ftpd's)
    #local_umask=022
    #
    # Uncomment this to allow the anonymous FTP user to upload files. This only
    # has an effect if the above global write enable is activated. Also, you will
    # obviously need to create a directory writable by the FTP user.
    #anon_upload_enable=YES
    #
    # Uncomment this if you want the anonymous FTP user to be able to create
    # new directories.
    #anon_mkdir_write_enable=YES
    #
    # Activate directory messages - messages given to remote users when they
    # go into a certain directory.
    dirmessage_enable=YES
    #
    # If enabled, vsftpd will display directory listings with the time
    # in  your  local  time  zone.  The default is to display GMT. The
    # times returned by the MDTM FTP command are also affected by this
    # option.
    use_localtime=YES
    #
    # Activate logging of uploads/downloads.
    xferlog_enable=YES
    #
    # Make sure PORT transfer connections originate from port 20 (ftp-data).
    connect_from_port_20=YES
    #
    # If you want, you can arrange for uploaded anonymous files to be owned by
    # a different user. Note! Using "root" for uploaded files is not
    # recommended!
    #chown_uploads=YES
    #chown_username=whoever
    #
    # You may override where the log file goes if you like. The default is shown
    # below.
    #xferlog_file=/var/log/vsftpd.log
    #
    # If you want, you can have your log file in standard ftpd xferlog format.
    # Note that the default log file location is /var/log/xferlog in this case.
    #xferlog_std_format=YES
    #
    # You may change the default value for timing out an idle session.
    #idle_session_timeout=600
    #
    # You may change the default value for timing out a data connection.
    #data_connection_timeout=120
    #
    # It is recommended that you define on your system a unique user which the
    # ftp server can use as a totally isolated and unprivileged user.
    #nopriv_user=ftpsecure
    #
    # Enable this and the server will recognise asynchronous ABOR requests. Not
    # recommended for security (the code is non-trivial). Not enabling it,
    # however, may confuse older FTP clients.
    #async_abor_enable=YES
    #
    # By default the server will pretend to allow ASCII mode but in fact ignore
    # the request. Turn on the below options to have the server actually do ASCII
    # mangling on files when in ASCII mode.
    # Beware that on some FTP servers, ASCII support allows a denial of service
    # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
    # predicted this attack and has always been safe, reporting the size of the
    # raw file.
    # ASCII mangling is a horrible feature of the protocol.
    #ascii_upload_enable=YES
    #ascii_download_enable=YES
    #
    # You may fully customise the login banner string:
    ftpd_banner=Welcome FTP service.
    #
    # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    # useful for combatting certain DoS attacks.
    #deny_email_enable=YES
    # (default follows)
    #banned_email_file=/etc/vsftpd.banned_emails
    #
    # You may restrict local users to their home directories.  See the FAQ for
    # the possible risks in this before using chroot_local_user or
    # chroot_list_enable below.
    chroot_local_user=YES
    #
    # You may specify an explicit list of local users to chroot() to their home
    # directory. If chroot_local_user is YES, then this list becomes a list of
    # users to NOT chroot().
    #chroot_local_user=YES
    #chroot_list_enable=YES
    # (default follows)
    #chroot_list_file=/etc/vsftpd.chroot_list
    #
    # You may activate the "-R" option to the builtin ls. This is disabled by
    # default to avoid remote users being able to cause excessive I/O on large
    # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    # the presence of the "-R" option, so there is a strong case for enabling it.
    #ls_recurse_enable=YES
    #
    # Debian customization
    #
    # Some of vsftpd's settings don't fit the Debian filesystem layout by
    # default.  These settings are more Debian-friendly.
    #
    # This option should be the name of a directory which is empty.  Also, the
    # directory should not be writable by the ftp user. This directory is used
    # as a secure chroot() jail at times vsftpd does not require filesystem
    # access.
    secure_chroot_dir=/var/run/vsftpd/empty
    #
    # This string is the name of the PAM service vsftpd will use.
    pam_service_name=ftp
    #
    # This option specifies the location of the RSA certificate to use for SSL
    # encrypted connections.
    rsa_cert_file=/etc/ssl/private/vsftpd.pem
    #
    #
    ssl_enable=NO
    allow_anon_ssl=NO
    force_local_data_ssl=YES
    force_local_logins_ssl=YES
    ssl_tlsv1=YES
    ssl_sslv2=YES
    ssl_sslv3=YES
    #
    # Enable (only) guests.
    guest_enable=YES
    # This is not needed, it's the default.
    guest_username=ftp
    # Where the guests (virtual) username are set.
    user_config_dir=/etc/vsftpd/vusers
    Last edited by duceduc; August 23rd, 2010 at 02:44 PM.

  6. #66
    Join Date
    Apr 2009
    Location
    Saitama, Japan
    Beans
    132
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Howto: Easy FTP with vsftpd

    I finally got vsftpd to work. I am able to log in and edit files. My issue was that I needed to add this line to vsftpd.conf
    virtual_use_local_privs=YES
    I have another question. I use Filezilla client to transfer files. I also have several subdomains I host on this server. Right now, I can use any one of my domains to connect to vsftp by fixing ftpes://. How can I just have one ftp address setup to login to the vsftp server?

  7. #67
    Join Date
    Sep 2010
    Beans
    2

    Angry Re: Howto: Easy FTP with vsftpd

    Hi,
    I am trying to build here a media server.
    Ubuntu 10.4
    installed vsftpd as explained. I was using dual boot, but removed completely windows, so I have installed Storage Device manager to map the ntfs data I had already, where vsftpd has one link to the folder in use.
    I installed also nfs-server.

    Now, Id like to move this desktop to a non monitor/keyb configuration, so I was trying the RealVNC, but I need to be logged on to be able to run this.

    So the other way was, ok so I will have the machine with auto-login.. but for some reason the default user is not possible to do this... so I created another user.. it logs in auto, but now my ftp service seems not to be running... so I tried to login to ftp server while in the login screen and I found out that I can not log in to ftp. So I really need to login with a special user (admin) to be able to run ftp etc..?

    The message I get when login (and ubuntu in login screen) ftp connects asks password.. I provide password and it freezes...

    Ideas? I am rookie with Linux but for years I am trying to give it a try... several attempts done but I always run through minor problems that I can not overcome....

    Help needed please....

    What I need is: have this machine working no monitor/keyb.. be able to loging remotely for maintenance etc... and have ftp server and nfs server running... IS THIS POSSIBLE???

    Thx

  8. #68
    Join Date
    Sep 2010
    Beans
    5

    Re: Howto: Easy FTP with vsftpd

    hi,
    i set up vsftpd on an ubuntu 10.04 server. i have edited the config file to allow anonymous users. they should be able to transfer files and create directories.
    i have tried connecting to the server with multiple ftp clients. it takes using active mode, and then it connects. but once connecting there are errors when i try to send files.

    can anyone help?

  9. #69
    Join Date
    Apr 2006
    Beans
    23

    Re: Howto: Easy FTP with vsftpd

    Hey,

    I'm having 2 problems here:
    1 - When I enable ssl I can't login to the server (I'm using fireftp to connect, a firefox add on and I choose an encryption connection). Does anyone know why this happens?

    2 - When I create a folder or files with a virtual user that is not also a system user I can't see it's contents although I can upload stuff in it. (This is a permissions problem, how do I make it right?)

    I've also created this topic but have had no luck so far.

    thz in advance


  10. #70
    Join Date
    Oct 2010
    Beans
    11

    Re: Howto: Easy FTP with vsftpd

    Quote Originally Posted by duceduc View Post
    Upon installing vsftpd, I got a unknown instance error when I try to restart the program. I haven't even edit the vsftpd.conf yet.

    Where can I check the log for this error? I've looked in the /var/log/vsftpd.log but I don't see any errors.

    edited:
    I rebooted the server and checked my boot.log. This is the error for vsftpd.
    Code:
    init: vsftpd main process (716) terminated with status 1
     
    init: vsftpd main process ended, respawning
     
    init: vsftpd main process (763) terminated with status 1
     
    init: vsftpd main process ended, respawning
     
    init: vsftpd main process (766) terminated with status 1
     
    init: vsftpd main process ended, respawning
     
    init: vsftpd main process (769) terminated with status 1
     
    init: vsftpd main process ended, respawning
     
    init: vsftpd main process (772) terminated with status 1
     
    init: vsftpd main process ended, respawning
     
    init: vsftpd main process (776) terminated with status 1
     
    init: vsftpd main process ended, respawning
     
    init: vsftpd main process (779) terminated with status 1
     
    init: vsftpd main process ended, respawning
     
    init: vsftpd main process (782) terminated with status 1
     
    init: vsftpd main process ended, respawning
     
    init: vsftpd main process (785) terminated with status 1
     
    init: vsftpd main process ended, respawning
     
    init: vsftpd main process (788) terminated with status 1
     
    init: vsftpd main process ended, respawning
     
    init: vsftpd main process (791) terminated with status 1
     
    init: vsftpd respawning too fast, stopped
    When I try to start vsftpd with this cmd.
    Code:
    sudo service vsftpd start
    I get this error.
    Code:
    start: unknown instance
    If I try with this cmd.
    Code:
    start vsftpd
    I get this error.
    Code:
    start: Unable to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory.
    I have been troubleshooting this for a couple of days now; I still can't figure out why the dbus error. I need to get this working as I have several websites I wished to make changes to when I am out of my network. Help please.
    What did you do to fix this error?? I have the same error and i can't find a solution...
    thanks,

Page 7 of 14 FirstFirst ... 56789 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •