You are not logged in.

#1 2012-01-07 13:10:19

Nixxx
Member
From: Poland
Registered: 2009-08-01
Posts: 85

VSFTPD recent changes

Hi, I've been using vsftpd for years on Arch. I've done the fresh install of Arch and I'm unable to connect. I looked up at the Wiki and also it has changed. So what do I have to set up after a fresh install to let my FTP for a connection as usual? I'm running vsftpd in standalone mode. I remember that I had to set /etc/hosts.allow / deny now It hes gone.

Ok I've enabled

chown_uploads=YES
chown_username=myusername

and I have:

500 OOPS: vsftpd: refusing to run with writable root inside chroot() Try the same username/password or type it again

OK: solved smile

chroot_local_user=NO

but this is strange becasue It always worked when I jailed local user...

Last edited by Nixxx (2012-01-07 13:57:32)

Offline

#2 2012-01-10 11:22:38

sergej
Trusted User (TU)
From: Russia, Voronezh
Registered: 2006-03-21
Posts: 68

Re: VSFTPD recent changes

replacing vsftpd with vsftpd-ext and adding
allow_writable_root=YES
should help

https://aur.archlinux.org/packages.php?ID=9887

Also you can do
chmod a-w /home/ftpuser
and create subdirs with write access

vsftpd-2.3.5 disallow login with writable root directory because of possible glibc vulnerabilities

Last edited by sergej (2012-01-10 11:22:58)

Offline

#3 2012-01-14 16:02:46

Nixxx
Member
From: Poland
Registered: 2009-08-01
Posts: 85

Re: VSFTPD recent changes

Thanks man now I get it. I have solved the problem by allowing anonymous login and setting password by:

secure_email_list_enable=YES

Anon user is jailed by default and that's what i really needed. Do you think it's the equivalent of jaliled local user when it's about security issues?

Offline

#4 2012-02-22 21:06:50

michalkx
Member
Registered: 2008-02-04
Posts: 5

Re: VSFTPD recent changes

Hi there,
After switching to vsftpd-ext I experienced this error:

421 Service not available, remote server has closed connection

It's kinda weird because it used to work fine before. xinetd -d shows this:

Service configuration: ftp
        id = ftp
        flags = IPv4
        socket_type = stream
        Protocol (name,number) = (tcp,6)
        port = 21
        wait = no
        user = 0
        Groups = no
        PER_SOURCE = -1
        Bind = All addresses.
        Server = /usr/sbin/vsftpd
        Server argv = vsftpd
        Only from: All sites
        No access: No blocked sites
        Logging to syslog. Facility = authpriv, level = info
        Log_on_success flags = HOST DURATION PID
        Log_on_failure flags = HOST

12/2/23@16:08:36: DEBUG: 19261 {cnf_start_services} Started service: ftp
12/2/23@16:08:36: DEBUG: 19261 {cnf_start_services} mask_max = 6, services_started = 1
12/2/23@16:08:36: NOTICE: 19261 {main} xinetd Version 2.3.14 started with no options compiled in.
12/2/23@16:08:36: NOTICE: 19261 {main} Started working: 1 available service
12/2/23@16:08:36: DEBUG: 19261 {main_loop} active_services = 1

I am using ftps (with ssl)
Looking for your help wink


EDIT:

The problem was that vsftpd-ext expects vsftpd.conf to be in /etc/vsftpd/ directory not in /etc/ like normal vsftpd version do. Copying the file fixed everything

Last edited by michalkx (2012-02-23 15:46:11)

Offline

Board footer

Powered by FluxBB