Proftpd help

Discuss Applications
worker201
guru
guru
Posts: 668
Joined: Sun Jun 13, 2004 6:38 pm
Location: Hawaii

Proftpd help

Post by worker201 »

I'm trying to set up an ftp server on my Slackware 10 box in the office. I am having a pretty tough time figuring setup out. The documentation is pretty awful for ftp/server newbs like me - I've never setup a server in my life.

All I really want to do is connect to the machine and upload/download files. The machine I am using as a tester is right next to it, physically, running FC2. Same domain, same DNS, same gateway. Is it even possible to connect these two machines?

Can you maybe post an old proftpd.conf? Or maybe list some links where I can get "holdmyhandwalkthrough" help?

Also, how do you stop proftpd once it is running (besides turning the computer off)?

Thanks in advance

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Not to discourage what you are trying to do but if you just want to transfer files between two machines you have control over why not use ssh (scp, sftp, or WinSCP if you have Windows clients). You could also use NFS (if it's Linux->Linux) or Samba (if it's Linux->Windows) if you want permanently connected shares.

If you must use ProFTPD then there is great documentation and examples on the ProFTPD site:

http://www.proftpd.org/

ProFTPD is probably one of the most flexible ftp servers around. As far as starting and stopping it on Slackware let me search my memory banks as it's been a very long time (probably 10 years). Seems like I recall the network daemons all being started at boot from a script called something like /etc/rc.inet2. You probably already know this. If you want to make a configuratio change to the daemon all you should have to do to have proftpd reload the new config would be to do a "kill -1 PID" where PID is the process ID of the daemon. Of course you don't have to run it as a daemon, you can also run it from inetd in which case it only runs when a user makes a connection to the ftp port on your server. It's a ProFTPD configuration option.

I know there are a few Slackers that browse around here that surely could answer this better than I. On the SysV type systems (Fedora, etc) you would just "/etc/init.d/proftpd stop" to stop it. In Slackware I think you actually have to "kill" it if you want to stop it. Now that I think about it, there may have been a script included with ProFTPD to start and stop the daemon but I am not sure (I always used the /etc/init.d/proftpd script).

worker201
guru
guru
Posts: 668
Joined: Sun Jun 13, 2004 6:38 pm
Location: Hawaii

Post by worker201 »

Well, I want other machines in my building to have the ability to upload and download, so ftp serving is going to be the way to go. Accessing the machine from home will be convenient too.

I read pretty much everything there was to say on the proftpd website, and tried out a bunch of different configs, but I still couldn't get it to work. Much of the documentation created more questions than answers.

Does there need to be a user created with (limited) system access? What goes into hosts.deny and hosts.allow? How can I limit users to a single area (/ftp, for example)? All I want is to let a few people have anonymous access to a restricted subtree where they can upload and download files.

I have a feeling I'm missing something gravely important here, like I need to make a directory or turn on a port or something stupid like that. :oops:

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Did you install the Slackware package that comes with Slack 10? If so, this is what the default config should look like:

ftp://ftp.slackware.com/pub/slackware/s ... oftpd.conf

It would also indicate that it is configured to run from inetd rather than run as a standalone server. What this means is that you have to have inetd running and configured to listen on port 21 (there should be an entry for it in /etc/inetd.conf and it should be uncommented).

As I said, I don't have Slackware installed anywhere so I can't give you *exact* instructions like someone who does have it installed. If you have your heart set on doing this on Slack then I'll fire up VMware and install Slack on it and give you step by step instructions. I could have you up and running with either ProFTPD or vsftpd on Red Hat or Fedora in minutes.

I'll start working on seeing if I can get my old VMware software (3.x) running on the 2.6.6 kernel and get Slack installed.

EDIT: Got tired of fighting with VMware 3.x so I broke down and spent the 100 bucks to upgrade it to the latest. I'm in the process of downloading the Slack and SUSE ISOs so I can get on the same page as you and AB.

worker201
guru
guru
Posts: 668
Joined: Sun Jun 13, 2004 6:38 pm
Location: Hawaii

Post by worker201 »

I changed the appropriate lines in inetd.conf, and when I tried to run proftpd, it complained that if you run from the command line, you have to use standalone. So I switched proftpd to standalone.

How do I find out if port 21 is even open?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Port 21 will become open when you start the FTP daemon. :) Some daemon has to be listening on the port for it to be open. In this case it will be either the ftp server running in daemon mode or inetd that is listening on port 21. What you have to make sure of is that if you are running the FTP daemon in standalone mode that you have it turned off in the inetd.conf, otherwise you'll have a conflict. Also, you'll want to make sure you don't have iptables configured to block the FTP ports. I think I am still about an hour away from installing Slack (still downloading the ISOs). You can use "nmap" to scan for ports that have something listening on them, or you can just run an FTP client and try to connect, or better yet:

$ netstat -a | grep ftp

worker201
guru
guru
Posts: 668
Joined: Sun Jun 13, 2004 6:38 pm
Location: Hawaii

Post by worker201 »

Killer, I commented the ftp lines in inetd.conf, hopefully that will make things cool. The only way I know to restart inetd is to restart the computer, since I have it set to run inetd at startup. I heard of something on the web called HPUP or something like that, but I'm not sure how to use that.

Edit:
Okay, I was able to connect. Unfortunately, I wasn't able to do anything. I guess I haven't set upload privileges, so I can't upload anything. And I don't know what directory I am connected to, so I can't bait a download test. But I felt that special Linux rush when I connected!

I was unable to get iptables to do anything. How do you find out if port 21 is open or closed?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

I menioned how to see if port 21 was open or closed in my last post. It must be open or you wouldn't be able to connect to it. To have inetd reload it's config you just have to give it the HUP signal. First find it's process ID:

# ps aux | grep inet
# kill -1 PID

Replace "PID" above with whatever the process number is from the "ps aux | grep inet" command. You can also use "kill -SIGHUP PID" but "kill -1 PID" does exactly the same thing and is less typing.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Ok, I got Slack 10 installed in a VMware session along with SuSE 9.1 all running at the same time on my Fedora Core 2 box. The default Slack ProFTPD was extremely easy to get working for me. ProFTPD was installed by default when I installed Slack. I uncommented the ftp line in /etc/inetd.conf and kill -1'd the inetd process and bingo, normal FTP access worked without a problem:

Code: Select all

root@slacker:/etc# vi /etc/inetd.conf
reading /etc/inetd.conf

root@slacker:/etc# ps auxwww | grep inetd
root       442  0.0  0.4  1380  528 ?        Ss   22:56   0:00 /usr/sbin/inetd
root@slacker:/etc# kill -1 442
root@slacker:/etc# ftp localhost
Connected to localhost.
220 ProFTPD 1.2.9 Server (ProFTPD Default Installation) [slacker.voidmain.home]
Name (localhost:root): voidmain
331 Password required for voidmain.
Password:
230 User voidmain logged in.
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
226 Transfer complete.
ftp> ls /
200 PORT command successful
150 Opening ASCII mode data connection for file list
drwxr-xr-x   2 root     bin          4096 Aug  1 21:59 bin
drwxr-xr-x   2 root     root         4096 Aug  2 03:54 boot
drwxr-xr-x  15 root     root        40960 Aug  2 03:56 dev
drwxr-xr-x  38 root     root         4096 Aug  2 03:56 etc
drwxr-xr-x   4 root     root         4096 Aug  2 03:45 home
drwxr-xr-x   4 root     root         4096 Aug  1 21:55 lib
drwx------   2 root     root        16384 Aug  1 21:34 lost+found
drwxr-xr-x   5 root     root         4096 Mar 16  2002 mnt
drwxr-xr-x   3 root     root         4096 Jun 10 06:03 opt
dr-xr-xr-x  48 root     root            0 Aug  1 22:56 proc
drwx--x---   7 root     root         4096 Aug  1 22:38 root
drwxr-xr-x   2 root     bin          4096 Jun  7 03:48 sbin
drwxr-xr-x   2 root     root         4096 May 12 04:03 sys
drwxrwxrwt   4 root     root         4096 Aug  1 22:38 tmp
drwxr-xr-x  17 root     root         4096 Jun 10 04:36 usr
drwxr-xr-x  15 root     root         4096 Jun  7 22:45 var
226 Transfer complete.
ftp> 
And if you want to also run anonymous FTP just comment out the "ftp" user in /etc/ftpusers and kill -1 the inetd process:

Code: Select all

root@slacker:~# vi /etc/ftpusers
reading /etc/ftpusers

root@slacker:~# kill -1 442
root@slacker:~# ftp localhost
Connected to localhost.
220 ProFTPD 1.2.9 Server (ProFTPD Default Installation) [slacker.voidmain.home]
Name (localhost:root): anonymous
331 Anonymous login ok, send your complete email address as your password.
Password:
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
ftp> ls -alp
200 PORT command successful
150 Opening ASCII mode data connection for file list
drwxr-xr-x   2 root     root         4096 Jun  7 20:32 .
drwxr-xr-x   2 root     root         4096 Jun  7 20:32 ..
226 Transfer complete.
ftp>
So basically, it works just fine being run from inetd. Let me know if you still can't get it.

worker201
guru
guru
Posts: 668
Joined: Sun Jun 13, 2004 6:38 pm
Location: Hawaii

Post by worker201 »

It is not working correctly.

When I restart inetd, should proftpd show up in the process list? It does not.

Here are the relevant lines from inetd.conf

Code: Select all

# File Transfer Protocol (FTP) Server:
ftp      stream      tcp     nowait     root     /usr/sbin/tcpd     proftpd
I would think that the tcpd would show up in the process list too. Sadly, it does not either.

Finally, I got a proftpd.conf that I like, and should work, based on what I learned from the tarball samples. Now I just need to get it to work, and test it out.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

No, when you run it from inetd it will not show up in the process list until you actually connect to it with an ftp client. inetd listens on the ftp port and when someone makes a connection that is when it hands it off to proftpd. Actually, it spawns tcpd (TCP wrappers) which in turn spawns proftpd after checking whether the client is allowed. The TCP wrappers config files are /etc/hosts.allow and /etc/hosts.deny. I'm not sure why you are having trouble with the included proftpd, it works perfectly for me. I personally think you have a different issue. Can you ping the server? Can you telnet to port 21?

$ ping yourserver
$ telnet yourserver 21

Did you make sure inetd is running and listenting on port 21. If you look at my screen captures you will see how I checked for that:

$ ps auxww | grep inetd
$ netstat -a | grep ftp

worker201
guru
guru
Posts: 668
Joined: Sun Jun 13, 2004 6:38 pm
Location: Hawaii

Post by worker201 »

Should I have anything in my hosts.deny and hosts.allow?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

If they both exist but have no entries then there is no restrictions. I didn't touch mine after install. Is your inetd process running? Can you ping your server? Can you telnet to port 21? What is the output of "netstat -a | grep ftp"? Are there any related error messages in your /var/log/messages?

worker201
guru
guru
Posts: 668
Joined: Sun Jun 13, 2004 6:38 pm
Location: Hawaii

Post by worker201 »

I am able to ping and telnet the server without problem. I have a new problem now: I want total anonymous access - no password required. I thought I had taken care of this when I added the following line to proftpd.conf:

AnonRequirePassword off

So, it is asking for a password, wanting an email address. It doesn't seem to like my email addresses, though. Should I make up a fake one based on my username and host? I can't log in to my own ftp server! :evil:

Other than that, everything seems to be working fine.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

There is no such feature on the server side to automatically log in. That would be a client side thing. An anonymous server means you log in with an anonymous ID (usually "anonymous" or "ftp"). Usually an email address is required. If it's not logging you in then you have something misconfigured. If you were using the default configuration that comes with Slack all you would have had to do is to comment out the "ftp" line in the /etc/ftpusers file as I mentioned in my previous message, and signal inetd to reload.

I really spent a lot of time laying out the step by step on that for you:

http://voidmain.is-a-geek.net/forums/vi ... =7528#7528

Post Reply