proFTPd configuration

Discussion in 'Installation/Configuration' started by Nejko, Jan 19, 2006.

  1. Nejko

    Nejko New Member

    Hi!

    I was wondering if anyone could post here some info, how to configure proftpd. WebAdmin gave me that;

    Shell /bin/false for FTP users is not included in /etc/shells, which may prevent FTP access.

    What should i do? Thanx for all your answers!

    CU, Nejc
     
  2. falko

    falko Super Moderator Howtoforge Staff

    Put /bin/false into the file /etc/shells.
     
  3. Nejko

    Nejko New Member

    amm, stupid question, but which command should i use?
     
  4. falko

    falko Super Moderator Howtoforge Staff

  5. Nejko

    Nejko New Member

    hmm, i did:
    [root@localhost ~]# echo /bin/false >> /etc/shells
    [root@localhost ~]#

    , but in webmin still:

    Shell /bin/false for FTP users is not included in /etc/shells, which may prevent FTP access.

    :confused:
     
  6. falko

    falko Super Moderator Howtoforge Staff

    Please post your /etc/shells here.
     
  7. Nejko

    Nejko New Member

    ^?ELF^B^A^A^@^@^@^@^@^@^@^@^@^B^@>^@^A^@^@^@^@^O@^@^@^@^@^@@^@^@^@^@^@^@^@^ĂA^@^@^@^@$
    ^@^@^@^H^@^@^@^@^@^@^@^@^@^@^@^U^@^@^@^X^@^@^@^L^@^@^@^@^@^@^@^G^@^@^@^@^@^@^@^S^@^@^$
    ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^R^@^@^@^@^@^@^@^E^@^@^@^O^@^@^@^B^@^@^@^K^@^@^@^T^@^@^$
    ^@x^Q@^@^@^@^@^@´^@^@^@^@^@^@^@h^@^@^@^R^@^@^@^@^@^@^@^@^@^@^@Ă^A^@^@^@^@^@^@o^A^@^@^Âł^Ă;^@^@^@^A^@^@^@^@^@^@^@èÿÿÿÿÿÿÿ^Ă
    Âł^Ă;^@^@^@^A^@^@^@^@^@^@^@Ăÿÿÿÿÿÿÿ^P^NÂł^Ă;^@^@^@^A^@^@^@^@^@^@^@¸ÿÿÿÿÿĂ^@^@^D^@Âť^A^@^@^P^@^@^@t^Yi ^@^@^C^@Ă
    ^@^@^@^@^@^@^@^@^@^@^@(3P^@^@^@^@^@^G^@^@^@^K^@^@^@^@^@^@^@^@^@^@^@03P^@^@^@^@^@^G^@^$
    ^@^@^@^@^@^@^@^@^@^@^@83P^@^@^@^@^@^G^@^@^@^O^@^@^@^@^@^@^@^@^@^@^@@3P^@^@^@^@^@^G^@^$
    ^@^@^@Ê@ÿÿÿÿ%b%^P^@h^K^@^@^@Ê0ÿÿÿÿ%Z%^P^@h^L^@^@^@Ê ÿÿÿÿ%R%^P^@h
    ^@^@^@ĂŠ^Pÿÿÿÿ%J%^P^@h^N^@^@^@ĂŠ^@ÿÿÿÿ%B%^P^@h^O^@^@^@ÊðÞÿÿÿ%:%^U+^U^@^@Âż^A^@^@^@1ĂèBÞÿ$ÿÿÿ%^B%^P^@h^W^@^@^@ĂŠpĂžĂ5%^U^@^@1ÿèøýÿÿH^ĂĂH^ÿÿÿ%ò$^U^@^@1ÿè^VÞÿÿH^ĂĂ=Ă=Ă^T^@^@L^ĂĂH^ĂĂ^E°^T^@^@H^Ă
    ĂuĂĽL^ĂE^HÂ=Âş^T^@^@L^ĂĂ5Âź^T^@^@H^Ă^E^Ă!^P^@H^Ă81Ăè}^O^@^@ëż^A^@^@^@èhÞÿÿL^ĂE^Hfff^ĂëŁ^$H^Ă^UÂľ^T^@^@H^Ă
    Âś^T^@^@H^Ă
    H^ĂĂH^ĂĂ ^EW^U^@^@H^ODĂH^ĂĂH^ĂĂ Q^BH9T$Pv^RD^ĂĂ°Ăè^C$^G^D0H^Ă\$X^$Ăż^Ă^H[]ĂĂ˝^Q^AH9T$Pv^PD^ĂĂ°Ăè^F^D0H^Ă\$X^Ă^D^SI^ĂUSH^ĂĂŹ^Ă^@^@^@H^Ă|$XH^Ăt$PH^ĂTH^Ă\$XBĂ^D^K\I^èI^AĂH^Ă|$^Xè"A^BH9D$Pv
    H^ĂTA^AH9D$Pv H^ĂL$XĂ^D^A\I^Ă ^L8H^$
    ?I^Ă nÿÿÿI^ĂĂż^A^O^Ăš^C^@^@K^Ă H^Ă\$XĂ^D^C?I^ĂĂ^CI^Ăø^ĂD$|^Ă
    H^ĂL$XBĂ^D \I^ĂĂ^AI^ĂĂ^AĂŠA^BH9D$PvĂ
    H^ĂTA^AH9D$Pv H^ĂL$XĂ^D^A0I^ĂH^ĂL$@H^ĂT$HA^BH9D$Pv
    \I^Ă A^AH9D$Pv H^ĂT$XĂ^D^B\I^Ă H^Ă\$XĂ^D^C0I^ĂĂ^CAž0^@^@^@¸^A^@^@^@H^ĂD$XBĂ^D^H'I^Ă H^ĂL$XĂ^D^A'I^ĂĂ^CAž'Âż ^U^Ă
    ^@^@H^ĂL$hHĂD$p^A^@^@^@ĂD$|^A^@^@^@ĂŠĂøÿÿH^ĂD$XĂ^@'Aš^A^@^@^@H^Ă
    ^@^@H^ĂT$hHĂD$p^A^EX^X^P^@H9Ă^@^@^@ĂŠ^ĂøÿÿE1ĂL9L$Pv H^ĂL$XB^Ă^D I^ĂĂ^AB^OÂś^D^t^OH^ĂïèK^\^LL^Ăïè^Ă^E^@^@H^ĂĂ
    H^ĂC^HM$Ăø^E ^W^P^@H9Ăt=^ĂĂŽHĂĂŚ^DH^ĂĂèB^E^@^@H^Ă^Ev^W^P^@^Ă=l^W^P^@^ĂĂŞ)ĂşHĂâ^DHĂç^DH^Ă@H^Ă D$ĂHĂD$Ă^@^@^@^@HĂ@^H^@^@^@^@HĂ@^P^@^@^@^@HĂ@^$żĂżĂŠ^QÞÿÿH^ĂĂž1ÿÊãÿÿÿ^Ăt$ĂH^Ă
    ^@^@1ÿèèÎÿÿH^ĂĂŠH^Ăž^A^@^@^@H^ĂĂè^EÎÿÿH^ĂC(H;C0^O^Ă^\^A^@^@Ă^@
    H^ĂĂ^AH^ĂC(H^ĂĂH^Ă^E^B^S5-^@H^Ă8èjÎÿÿH^ĂC(H;C0^O^Ă^C^A^@^@Ă^@
    H^ĂĂ^AH^ĂC(Âş^E^@^@^@H^Ă
    ^@^@1ÿè~Ă5H ^@^@ĂŠ$^ĂĂè35EÿÿH^ĂĂ 5^Ă ^@^@ĂŠeÿÿÿº^@^@ÊÿÞÿÿº^E^@^@^@H^Ă5$ []A\ĂèüĂ*ÿÿº^E^@^@^@H^Ă
    ^@^@ÊÎÞÿÿº^E^@^@^@H^Ă
    ^@^@ĂŠĂ
    ^@^@ž^A^@^@^@H^ĂĂ1Ăè°ÏÿÿÊ^ĂÞÿÿž
    ^@^@^@H^ĂĂè^^ÎÿÿÊà ^Ă ^D^Ă ^U^B^E.^@^@^@I)ĂH^Ă@^$$^ĂĂè^LÎÿÿÊÜÞÿÿH^ĂĂŹĂ^@^@^@L^ĂD$@L^ĂL$HD^OÂśĂJ^Ă
    ^P^@H^Ă@L^Ă
    ^P^@H)ĂI^ĂĂ
    or: %s OPTIONCu^SH^Ă^\$H^Ăl$^HL^Ăd$^PH^ĂĂ
    Exit with a status code indicating failure. ^XĂ1Ă*H^ĂĂff^Ăff^ĂHĂżĂ
    Ăż^SH^ĂĂ^HL9ĂĽròH^Ă^\$H^$
    These option names may not be abbreviated.

    ^@^@^@ --help display this help and exit
    ^@^@^@^@ --version output version information and exit
    ^@
    Report bugs to <%s>.
    ^@[email protected]^@/usr/share/locale^@POSIXLY_CORRECT^@--help^@--version^@Jim Meyering^@5.2.1^@GNU coreutils^@false^@write error$
    and %s.
    ^@Written by %s, %s, %s,
    %s, and %s.
    ^@^@^@^@^@Written by %s, %s, %s,
    %s, %s, and %s.
    ^@Written by %s, %s, %s,
    %s, %s, %s, and %s.
    ^@^@^@^@^@Written by %s, %s, %s,
    %s, %s, %s, %s,
    and %s.
    ^@Written by %s, %s, %s,
    %s, %s, %s, %s,
    %s, and %s.
    ^@^@^@^@^@Written by %s, %s, %s,
    %s, %s, %s, %s,
    %s, %s, and others.
    ^@^@^@^@^@This is free software; see the source for copying conditions. There is NO
    warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    ^@%s (%s) %s
    ^@%s %s
    ^@Written by %s.
    ^@Written by %s and %s.
    ^@Written by %s, %s, and %s.
    ^@^@^@Þôÿÿ^ĂþÿÿzþÿÿiþÿÿXþÿÿGþÿÿ6þÿÿ%þÿÿ^Tþÿÿ^Cþÿÿmemory exhausted^@^@^@^@^A^[^C;(^A^@^@$^@^@^@^ĂäÿÿD^^@^@^@^@^@^@^@^@^@^@^@^T^@^@^@Ăź^A^@^@^Lïÿÿ^S^@^@^@^@^@^@^@^@^@^@^@^T^@^@^@^T^B^@^@^Gïÿÿ ^B^@^@^@^@^\$@^@^@^@^@^@^@^@^T^@^@^@,^B^@^@ÚÎÿÿX^@^@^@^@^@^@^@^@^@^@^@$^@^@^@D^B^@^@9ïÿÿf^@^@^@^@B^N^PB^N^XA^N D^N^Ă^A^Ă^D^Ă^C^Ă
    @^@^@^@^@^@
    ^@^@^@^@^@^@^@X$@^@^@^@^@^@^D^@^@^@^@^@^@^@@^B@^@^@^@^@^@^E^@^@^@^@^@^@^@^Ă5P^@^@^@^@^@^F^@^@^@^@^@^@^@x^C@^@^@^@^@^@
    ^@^@^@^@^@^@^@Ă
    @^@^@^@^@^@^G^@^@^@^@^@^@^@^Ă @^@^@^@^@^@^H^@^@^@^@^@^@^@Ă^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^X^@^@^@^@^@^@^@Þÿÿo^@^@^@^@P @^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@Ă^\^Ă^Ă;^@^@^@Ă°Ă^Ă;^@^@^@`Ě^Ă;^@^@$
    @^@^@^@^@^@P
    ^@^@^@^@^@^@¸^B^@^@^@^@^@^@^D^@^@^@^K^@^@^@^H^@^@^@^@^@^@^@^X^@^@^@^@^@^@^@g^@^@^@^A^@^@^@^F^@^@^@^@^@^@^@^H
    @^@^@^@^@^@^H
    ^@^@^@^@^@^@^X^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@b^@^@^@^A^@^@^@^F^@^@^@^@^@^@^@
    @^@^@^@^@^@
    ^@^@^@^@^@^@Ă ^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^D^@^@^@^@^@^@^@^P^@^@^@^@^@^@^@m^@^@^@^A^@^@^@^F^@^@^@^@^@^@^@^@^O@^@^@^@^@^@^@^O^@^@^@^@^@^@^@^@^@^@P
    ^@^@^@^@^@^@¸^B^@^@^@^@^@^@^D^@^@^@^L^@^@^@^H^@^@^@^@^@^@^@^X^@^@^@^@^@^@^@g^@^@^@^A^@^@^@^F^@^@^@^@^@^@^@^H
    @^@^@^@^@^@^H
    ^@^@^@^@^@^@^X^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@b^@^@^@^A^@^@^@^F^@^@^@^@^@^@^@
    @^@^@^@^@^@
    ^@^@^@^@^@^@Ă ^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^D^@^@^@^@^@^@^@^P^@^@^@^@^@^@^@m^@^@^@^A^@^@^@^F^@^@^@^@^@^@^@^@^O@^@^@^@^@^@^@^O^@^@^@^@^/bin/false


    something like that :D


    edit: after restart, that massage has gone away :) hope now ftp will work. :) if not, be sure that 'll post here :D

    edit #2: ftp not working. here's my conf:

    # This is the ProFTPD configuration file
    # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

    ServerName "ProFTPD server"
    ServerIdent on "FTP Server ready."
    ServerAdmin root@localhost
    ServerType standalone
    #ServerType inetd
    DefaultServer on
    AccessGrantMsg "User %u logged in."
    #DisplayConnect /etc/ftpissue
    #DisplayLogin /etc/ftpmotd
    #DisplayGoAway /etc/ftpgoaway
    DeferWelcome off

    # Use this to excude users from the chroot
    DefaultRoot ~ !adm

    # Use pam to authenticate (default) and be authoritative
    AuthPAMConfig proftpd
    AuthOrder mod_auth_pam.c* mod_auth_unix.c

    # Do not perform ident nor DNS lookups (hangs when the port is filtered)
    IdentLookups off
    UseReverseDNS off

    # Port 21 is the standard FTP port.
    Port 21

    # Umask 022 is a good standard umask to prevent new dirs and files
    # from being group and world writable.
    Umask 022

    # Default to show dot files in directory listings
    ListOptions "-a"

    # See Configuration.html for these (here are the default values)
    #MultilineRFC2228 off
    #RootLogin off
    #LoginPasswordPrompt on
    #MaxLoginAttempts 3
    #MaxClientsPerHost none
    #AllowForeignAddress off # For FXP

    # Allow to resume not only the downloads but the uploads too
    AllowRetrieveRestart on
    AllowStoreRestart on

    # To prevent DoS attacks, set the maximum number of child processes
    # to 30. If you need to allow more than 30 concurrent connections
    # at once, simply increase this value. Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances 20

    # Set the user and group that the server normally runs at.
    User nobody
    Group nobody

    # This is where we want to put the pid file
    ScoreboardFile /var/run/proftpd.score

    # Normally, we want users to do a few things.
    <Global>
    AllowOverwrite yes
    <Limit ALL SITE_CHMOD>
    AllowAll
    </Limit>
    </Global>

    # Define the log formats
    LogFormat default "%h %l %u %t \"%r\" %s %b"
    LogFormat auth "%v [%P] %h %t \"%r\" %s"

    # TLS
    # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
    #TLSEngine on
    #TLSRequired on
    #TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem
    #TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem
    #TLSCipherSuite ALL:!ADH:!DES
    #TLSOptions NoCertRequest
    #TLSVerifyClient off
    ##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
    #TLSLog /var/log/proftpd/tls.log

    # A basic anonymous configuration, with an upload directory.
    #<Anonymous ~ftp>
    # User ftp
    # Group ftp
    # AccessGrantMsg "Anonymous login ok, restrictions apply."
    #
    # # We want clients to be able to login with "anonymous" as well as "ftp"
    # UserAlias anonymous ftp
    #
    # # Limit the maximum number of anonymous logins
    # MaxClients 10 "Sorry, max %m users -- try again later"
    #
    # # Put the user into /pub right after login
    # #DefaultChdir /pub
    #
    # # We want 'welcome.msg' displayed at login, '.message' displayed in
    # # each newly chdired directory and tell users to read README* files.
    # DisplayLogin /welcome.msg
    # DisplayFirstChdir .message
    # DisplayReadme README*
    #
    # # Some more cosmetic and not vital stuff
    # DirFakeUser on ftp
    # DirFakeGroup on ftp
    #
    # # Limit WRITE everywhere in the anonymous chroot
    # <Limit WRITE SITE_CHMOD>
    # DenyAll
    # </Limit>
    #
    # # An upload directory that allows storing files but not retrieving
    # # or creating directories.
    # <Directory uploads/*>
    # AllowOverwrite no
    # <Limit READ>
    # DenyAll
    # </Limit>
    #
    # <Limit STOR>
    # AllowAll
    # </Limit>
    # </Directory>
    #
    # # Don't write anonymous accesses to the system wtmp file (good idea!)
    # WtmpLog off
    #
    # # Logging for the anonymous transfers
    # ExtendedLog /var/log/proftpd/access.log WRITE,READ default
    # ExtendedLog /var/log/proftpd/auth.log AUTH auth
    #
    #</Anonymous>
     
    Last edited: Jan 20, 2006
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats weird. /etc/shells is normally a text file and looks like this:

    Code:
    # /etc/shells: valid login shells
    /bin/ash
    /bin/bash
    /bin/csh
    /bin/sh
    /usr/bin/es
    /usr/bin/ksh
    /bin/ksh
    /usr/bin/rc
    /usr/bin/tcsh
    /bin/tcsh
    /usr/bin/zsh
    /bin/sash
    /bin/zsh
    /usr/bin/esh
    /bin/rbash
    /bin/dash
    You posted the content of a binary file. Are you sure you did not accidently replace /etc/shells with a binary?
     
  9. Nejko

    Nejko New Member

    hmm, no.. i used mv command and it asked something :D

    edit: ok, changed with yours. which info should i use for login?
     
    Last edited: Jan 20, 2006
  10. falko

    falko Super Moderator Howtoforge Staff

    You mean for the FTP login? A valid system username and the password.
     
  11. Nejko

    Nejko New Member

    so... what for root? couse it ain't working...
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    The root user is normally disabled for FTP logins. FTP is too insecure as it transfers passwords in clear text, if you dont enable TLS for example.
     
  13. Nejko

    Nejko New Member

    Ok, got everything working with crating unix users wia webadmin. Thanx once again for all your help!
     

Share This Page