FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 08-13-2011, 05:10 PM
Tim Dunphy
 
Default can't list directories in ftp

Hey list,

Sorry for all the questions today. But I am trying to wrap up this ftp business and still having some issues. I appreciate your input.

SELinux is temporarily disabled (until I can work this all out) and I am now able to log into the FTP server.


[root@LCENT05:~] #/usr/bin/ftp localhost
Connected to localhost (127.0.0.1).
220 FTP Server ready.
Name (localhost:root): bluethundr
331 Password required for bluethundr
Password:
230 User bluethundr logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (xx,xx,xx,xxx,255,44).
ftp: connect: Invalid argument
ftp>


I still have DebugLevel set to 10 in the config and this is what I see in the proftpd logs:


Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): USER bluethundr: Login successful.
Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'SYST' to mod_tls
Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'SYST' to mod_core
Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'SYST' to mod_core
Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching CMD command 'SYST' to mod_core
Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching LOG_CMD command 'SYST' to mod_log
Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'PASV' to mod_tls
Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'PASV' to mod_core
Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'PASV' to mod_core
Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching CMD command 'PASV' to mod_core
Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): in dir_check_full(): path = '/', fullpath = '/'.
Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): Entering Passive Mode (71,187,203,194,255,44).
Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching LOG_CMD command 'PASV' to mod_log
Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): Client session idle timeout, disconnected
Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): ROOT PRIVS at mod_auth_pam.c:173
Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): ROOT PRIVS: ID switching disabled
Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): RELINQUISH PRIVS at mod_auth_pam.c:207
Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): RELINQUISH PRIVS: ID switching disabled
Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): FTP session closed.




This is what my proftpd config is looking like at the moment.

I have the default root set to this directory:

DefaultRoot /var/www/html/jokefire.com

And I give access to this directory with this directive:

<Directory /var/www/html/jokefire.com>
<Limit ALL>
AllowAll
</Limit>
</Directory>


I plan to tighten up the security a little bit as I make some more progress. But my immediate goal is just to get this to work.


Here is the entire config.. just in case it might help!

Thanks once again!

Tim

# This is the ProFTPD configuration file
#
# See: http://www.proftpd.org/docs/directives/linked/by-name.html

# Server Config - config used for anything outside a <VirtualHost> or <Global> context
# See: http://www.proftpd.org/docs/howto/Vhost.html

ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
DefaultServer on

# Cause every FTP user except adm to be chrooted into their home directory
# Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to
# work at session-end time (http://bugzilla.redhat.com/477120)
VRootEngine on
DefaultRoot /var/www/html/jokefire.com
#DefaultRoot ~ !adm
VRootAlias etc/security/pam_env.conf /etc/security/pam_env.conf

# Masqurade Address
MasqueradeAddress xx.xxx.xxx.xxx

# Passive Ports
PassivePorts 60000 65535

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# If you use NIS/YP/LDAP you may need to disable PersistentPasswd
#PersistentPasswd off

# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS off

# Set the user and group that the server runs as
User nobody
Group nobody

# To prevent DoS attacks, set the maximum number of child processes
# to 20. If you need to allow more than 20 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode; in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20

# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile off

# Defines debug level
DebugLevel 10

# Define the log formats
LogFormat default "%h %l %u %t "%r" %s %b"
LogFormat auth "%v [%P] %h %t "%r" %s"

# Define a system log
SystemLog /var/log/proftpd/proftpd.log

# Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details
#
# General database support (http://www.proftpd.org/docs/contrib/mod_sql.html)
# LoadModule mod_sql.c
#
# Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables
# (contrib/mod_sql_passwd.html)
# LoadModule mod_sql_passwd.c
#
# Mysql support (requires proftpd-mysql package)
# (http://www.proftpd.org/docs/contrib/mod_sql.html)
# LoadModule mod_sql_mysql.c
#
# Postgresql support (requires proftpd-postgresql package)
# (http://www.proftpd.org/docs/contrib/mod_sql.html)
# LoadModule mod_sql_postgres.c
#
# Quota support (http://www.proftpd.org/docs/contrib/mod_quotatab.html)
# LoadModule mod_quotatab.c
#
# File-specific "driver" for storing quota table information in files
# (http://www.proftpd.org/docs/contrib/mod_quotatab_file.html)
# LoadModule mod_quotatab_file.c
#
# SQL database "driver" for storing quota table information in SQL tables
# (http://www.proftpd.org/docs/contrib/mod_quotatab_sql.html)
# LoadModule mod_quotatab_sql.c
#
# LDAP support (requires proftpd-ldap package)
# (http://www.proftpd.org/docs/directives/linked/config_ref_mod_ldap.html)
# LoadModule mod_ldap.c
#
# LDAP quota support (requires proftpd-ldap package)
# (http://www.proftpd.org/docs/contrib/mod_quotatab_ldap.html)
# LoadModule mod_quotatab_ldap.c
#
# Support for authenticating users using the RADIUS protocol
# (http://www.proftpd.org/docs/contrib/mod_radius.html)
# LoadModule mod_radius.c
#
# Retrieve quota limit table information from a RADIUS server
# (http://www.proftpd.org/docs/contrib/mod_quotatab_radius.html)
# LoadModule mod_quotatab_radius.c
#
# Administrative control actions for the ftpdctl program
# (http://www.proftpd.org/docs/contrib/mod_ctrls_admin.html)
# LoadModule mod_ctrls_admin.c
#
# Execute external programs or scripts at various points in the process
# of handling FTP commands
# (http://www.castaglia.org/proftpd/modules/mod_exec.html)
# LoadModule mod_exec.c
#
# Support for POSIX ACLs
# (http://www.proftpd.org/docs/modules/mod_facl.html)
# LoadModule mod_facl.c
#
# Support for using the GeoIP library to look up geographical information on
# the connecting client and using that to set access controls for the server
# (http://www.castaglia.org/proftpd/modules/mod_geoip.html)
# LoadModule mod_geoip.c
#
# Configure server availability based on system load
# (http://www.proftpd.org/docs/contrib/mod_load.html)
# LoadModule mod_load.c
#
# Limit downloads to a multiple of upload volume (see README.ratio)
# LoadModule mod_ratio.c
#
# Rewrite FTP commands sent by clients on-the-fly,
# using regular expression matching and substitution
# (http://www.proftpd.org/docs/contrib/mod_rewrite.html)
# LoadModule mod_rewrite.c
#
# Support for the SSH2, SFTP, and SCP protocols, for secure file transfer over
# an SSH2 connection (http://www.castaglia.org/proftpd/modules/mod_sftp.html)
# LoadModule mod_sftp.c
#
# Use PAM to provide a 'keyboard-interactive' SSH2 authentication method for
# mod_sftp (http://www.castaglia.org/proftpd/modules/mod_sftp_pam.html)
# LoadModule mod_sftp_pam.c
#
# Use SQL (via mod_sql) for looking up authorized SSH2 public keys for user
# and host based authentication
# (http://www.castaglia.org/proftpd/modules/mod_sftp_sql.html)
# LoadModule mod_sftp_sql.c
#
# Provide data transfer rate "shaping" across the entire server
# (http://www.castaglia.org/proftpd/modules/mod_shaper.html)
# LoadModule mod_shaper.c
#
# Support for miscellaneous SITE commands such as SITE MKDIR, SITE SYMLINK,
# and SITE UTIME (http://www.proftpd.org/docs/contrib/mod_site_misc.html)
# LoadModule mod_site_misc.c
#
# Provide an external SSL session cache using shared memory
# (contrib/mod_tls_shmcache.html)
# LoadModule mod_tls_shmcache.c
#
# Use the /etc/hosts.allow and /etc/hosts.deny files, or other allow/deny
# files, for IP-based access control
# (http://www.proftpd.org/docs/contrib/mod_wrap.html)
# LoadModule mod_wrap.c
#
# Use the /etc/hosts.allow and /etc/hosts.deny files, or other allow/deny
# files, as well as SQL-based access rules, for IP-based access control
# (http://www.proftpd.org/docs/contrib/mod_wrap2.html)
# LoadModule mod_wrap2.c
#
# Support module for mod_wrap2 that handles access rules stored in specially
# formatted files on disk
# (http://www.proftpd.org/docs/contrib/mod_wrap2_file.html)
# LoadModule mod_wrap2_file.c
#
# Support module for mod_wrap2 that handles access rules stored in SQL
# database tables (http://www.proftpd.org/docs/contrib/mod_wrap2_sql.html)
# LoadModule mod_wrap2_sql.c
#
# Provide a flexible way of specifying that certain configuration directives
# only apply to certain sessions, based on credentials such as connection
# class, user, or group membership
# (http://www.proftpd.org/docs/contrib/mod_ifsession.html)
# LoadModule mod_ifsession.c

# TLS (http://www.castaglia.org/proftpd/modules/mod_tls.html)
<IfDefine TLS>
TLSEngine on
TLSRequired on
TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertRequest
TLSVerifyClient off
#TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
TLSLog /var/log/proftpd/tls.log
<IfModule mod_tls_shmcache.c>
TLSSessionCache shm:/file=/var/run/proftpd/sesscache
</IfModule>
</IfDefine>

# Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html)
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
<IfDefine DYNAMIC_BAN_LISTS>
LoadModule mod_ban.c
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab

# If the same client reaches the MaxLoginAttempts limit 2 times
# within 10 minutes, automatically add a ban for that client that
# will expire after one hour.
BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00

# Allow the FTP admin to manually add/remove bans
BanControlsACLs all allow user ftpadm
</IfDefine>

# Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
<Global>

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable
Umask 022

# Allow users to overwrite files and change permissions
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>

</Global>

# A basic anonymous configuration, with an upload directory
# Enable this with PROFTPD_OPTIONS=-DANONYMOUS_FTP in /etc/sysconfig/proftpd
<IfDefine ANONYMOUS_FTP>
<Anonymous ~ftp>
User ftp
Group ftp
AccessGrantMsg "Anonymous login ok, restrictions apply."

# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Limit the maximum number of anonymous logins
MaxClients 10 "Sorry, max %m users -- try again later"

# Put the user into /pub right after login
#DefaultChdir /pub

# We want 'welcome.msg' displayed at login, '.message' displayed in
# each newly chdired directory and tell users to read README* files.
DisplayLogin /welcome.msg
DisplayChdir .message
DisplayReadme README*

# Cosmetic option to make all files appear to be owned by user "ftp"
DirFakeUser on ftp
DirFakeGroup on ftp

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE SITE_CHMOD>
DenyAll
</Limit>

# An upload directory that allows storing files but not retrieving
# or creating directories.
<Directory uploads/*>
AllowOverwrite no
<Limit READ>
DenyAll
</Limit>

<Limit STOR>
AllowAll
</Limit>
</Directory>

# Don't write anonymous accesses to the system wtmp file (good idea!)
WtmpLog off

# Logging for the anonymous transfers
ExtendedLog /var/log/proftpd/access.log WRITE,READ default
ExtendedLog /var/log/proftpd/auth.log AUTH auth

</Anonymous>
</IfDefine>

<Directory /var/www/html/jokefire.com>
<Limit ALL>
AllowAll
</Limit>
</Directory>

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-13-2011, 05:32 PM
Barry Brimer
 
Default can't list directories in ftp

> Sorry for all the questions today. But I am trying to wrap up this ftp business and still having some issues. I appreciate your input.
>
> SELinux is temporarily disabled (until I can work this all out) and I am now able to log into the FTP server.

<snip>

> This is what my proftpd config is looking like at the moment.

<snip>

> # Masqurade Address
> MasqueradeAddress xx.xxx.xxx.xxx

<snip>

I'm betting that your MasqueradeAddress is the issue. This is great when
you are behind a NATing firewall, but for localhost testing, it could be
your issue.

Try commenting out your MasqueradeAddress line and it should create the
connection back through the IP address you connected from instead of
forcing the one in your MasqueradeAddress. When you want to test the real
setup, put it back in.

Barry
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:29 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org