vsftpd very very secure, so secure I can't even use it...

Hello--

I'm not sure if I'm posting this in the right place, please forgive if not...

I've been trying to set up vsftpd all day, and I'm calling out for help because the more i've done the worse it's been getting !

it started out fine, I tried to change the configuration so that I could chroot a user to a directory, and now vsftpd won't even run, I get "you must enable xinetd to use this service"

xinetd is running fine, and I believe all the rest of the configuration is as it should,
so i'm at my wit's end,

any help would be greatly appreciated

all best,

--sam

red hat 9

Thanks Manuel for moving this one.
baronsam - let's have a look at your conf. I'm not a vsftpd guy really, but we can prolly work it out if you have an /etc/vsftpd.conf or somesuch. A look at your xinetd.conf would be useful too.

Alternatively, why don't you just run standalone and don't bother with inetd


christo

sorry about posting in the wrong place and thanks for moving my post.

i really appreciate your answering my i'm very desperate (everything was almost working and now everything's gotten fouled up)

i'm using this, because my problems started with making changes and then i read all over the place that changes made a lot of trouble, so i dowloaded this (all i actually want is a plain one with comments, without anonymous access, and with chroot, but i don't know where to get it, and i figure that i'd already be ahead if i could get it working with this)

it's /etc/vsftpd/vsftpd.conf
not directly etc/vsftpd.conf
and i don't know how to change that

# Access rights
anonymous_enable=YES
local_enable=NO
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
# Security
anon_world_readable_only=YES
connect_from_port_20=YES
hide_ids=YES
pasv_min_port=50000
pasv_max_port=60000
# Features
xferlog_enable=YES
ls_recurse_enable=NO
ascii_download_enable=NO
async_abor_enable=YES
# Performance
one_process_model=YES
idle_session_timeout=120
data_connection_timeout=300
accept_timeout=60
connect_timeout=60
anon_max_rate=50000

i'm trying to run with xinetd because i read all over the place that that's the way to go (i'm new to linux).

how would i go about reconfiguring it as standalone ?

aren't there a lot of advantages to running it with xinetd ?

thanks,

--sam

read this article it tells you just about all you need to know. I'd also recommend that you get it working in standalone mode first - it eliminates the posibility of errors in your inetd config, so at least you know you have your ftp server running properly.. then you can switch to inetd if you want to later. some people see inetd as a more convenient way of managing demon processes. I don't care tbh, and usually run standalone. So long as you're careful with your configuration and the restrictions you put on the number of connections/users/transfers it shouldn't be an issue.

have you set up a group for your ftp users? have you set up their accounts? You'd be well advised to give them home dir /dev/null and SHELL=/bin/false

christo

ok, following your advice i'm trying to move back to standalone.

i read the article carefully

i'm still stuck with "you must enable xinetd to use this service" do you know how to fix that ?

thanks,

-sam

yes - you have to edit your xinetd.conf file, then kill -HUP the inetd server.. but read my earlier post first. You might as well run standalone if you're having inetd probs - I mean just to get the vsftpd running as you want it to.

christo

ok I got it to run standalone, but now it won't accept the password !

thanks,

--sam

you don't want to allow anonymous ftp, and yet your config file has anon_world_readable_only=YES

how does that make sense?

The password you're using - is it the unix user account password and did you set up the user with useradd/adduser and add them to an ftpusers group? Alternatively are you using PAM? I wouldn't bother with that either tbh - so long as you're using passwd and shadow, I don't see any need for PAM </bait>

christo

ok, I solved it, i was missing the pam line

thanks for your help !

--sam