I have been attempting to install Proftpd on linux(cent os 5 32 bit). The issue is i have to use proftpd i can't use vsftp or pure ftp I have downloaded the RPM. I downloaded this one to the server [url]. and i ran the command rpm -ivh proftpd* and it did its thing for a second and told me it was done. But when i run the command /etc/init.d/proftpd start or restart it doesn't wanna start. It just tells me failed. Can anyone help me with this? I'm not sure what else i can do.
Is there any sense to upgrade to cent os 5?I mean,is there any critical benefit which will increase server performance if i do that.I noticed i can upgrade over ssh but since that will generate downtime i wonder is there a sense to do that.
I have a server in our office which is used as a share drive. Puts all accounting docs on it ect. After 6 or so, it will loss all conectivity completely. Yet the server still stays on. We installed everything in all packages on the server including it graphical interface. We havent mucked with any of the powersavings so what could it be. Also there is nothing plugged into it eg screen,keyboard and mouse. All that is connected is the power cable and the ethernet cable. That is it.
It is directly connected to a belkin wireless router
I noticed with every new cent os server there are different mirrors for cent os repos.Since on each cent os repo file is same,how does it pick which mirror it pick?I ask beacuse latest server has picked one extremly slow edu mirror which is not just slow,it also timeout,and it may extend update to 2 hours instead 5 minutes which usually will take.So how do i change base mirror on base cent os repo?
my friend ordered an vps with a host, he ordered 5.3 - 32bit but some how I feel he has been provided with 5.0 version by the host, I didn't know how to confirm it, when I checked his hypervm, this was the cent os details provided:
there is rebuild option in the hypervm and in tht when I look out,here it shows the following: [url]
what my friend exactly needs is a cent os 5.3 - 32bit system, so if he selects cent os 5.3-ix386 (full) will it install with cent os 5.3 ?? he doesn't want kloxo to b in there auto, he/I can install tht,
This isn't a major problem but I was just wondering something regarding how ProFTPd functions. I have received a complaint about a user uploading a script, the script creating files and directories, and the user not being able to CHMOD, delete, rename, or do anything to these files.
When files are created through scripts on my server, they are given a default owner permission with "www-data" for the user and group.
Since ProFTPd is set up to only modify files on certain owner permissions according to the user's FTP access, ProFTPd will not allow any other owner permission and if any other owner permissions exist, ProFTPd will not allow those files to be modified or changed in anyway.
Is there a way to fix this? I've been trying to figure it out but I can't.
Just for note, I am using proftpd-mysql and so every user is linked through a MySQL database.
When connecting via an ftp client I want the directory listed to be /var/www/html but currently it's /home/username. I've tried changing the initial login directory with webmin to /var/www/html but to no avail. How would this be done?
After installation, im worried about the default security config.
Also, i can log as anonym wich is ok, however i can't log using my unix user what i have to do?
Here's my config sample;
# This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon.
# Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask022
# To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances30
# Set the user and group under which the server will run. Usernobody Groupnobody
# To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. DefaultRoot ~
# Normally, we want files to be overwriteable. <Directory /> AllowOverwriteon </Directory>
# A basic anonymous configuration, no upload directories. If you do not # want anonymous users, simply delete this entire <Anonymous> section. <Anonymous ~ftp> Userftp Groupftp
# We want clients to be able to login with "anonymous" as well as "ftp" UserAliasanonymous ftp
# Limit the maximum number of anonymous logins MaxClients10
# We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLoginwelcome.msg DisplayFirstChdir.message
# Limit WRITE everywhere in the anonymous chroot <Limit WRITE> DenyAll </Limit> </Anonymous>
I would like to setup proftpd with mod_sql to access a mysql database for ftp accounts instead of using pam. The server has pleask 8.1 installed with psa-proftpd-xinetd-1.3.0 installed. How do I recompile the psa-proftpd with --with-modules=mod_sql option? Here is the current proftpd configure command:
Trying to install ProFTPD with mysql, the problem is after installing it and adding the lines in the config file to use MySQL the service fails to start. The error Im getting is:
"unknown configuration directive 'SQLAuthTypes'"
So it seems like it doesnt recongize the function needed to use mysql with proftpd, which is in mysql_mod.c. I did proftpd -l and the mysql_mod.c was not listed, I did a search on the whole box and couldnt find mysql_mod anywhere. Im on Fedora Core 6 and tried to install proftpd with yum:
yum install proftpd proftpd-mysql
Do I have to compile from source to get this to work? Or did I miss installing something else that would have mysql_mod.c present? I currently have mysql installed and running, tested the login info I had in the config file and everything works on the mysql side.Silly
The problem is, how do I get the group to be set as apache on a file/dir upload? I really do not like having other permissions set, as it can be a security risk, allowing others to access someone else's files.
Another issue is, I can't remove privileges, but I can add them.
copy of proftpd.conf:
Code: ServerName "FTP" ServerType standalone
Port 21 PassivePorts 35000 35999 UseReverseDNS off TimesGMT off TimeoutLogin 120 TimeoutIdle 600 TimeoutNoTransfer 900 TimeoutStalled 3600
#MaxCients 20 "Sorry, the maximum number of allowed users are already connected (%m)" #MaxClientsPerHost 2 #MaxClientsPerUser 2 MaxConnectionsPerHost 6 "Sorry, you may not have more then 6 connections open at a time" MaxHostsPerUser 6 "Sorry, you may not connect more than 6 times"
We've got a Linux box running ProFTPd reaches a Windows box over SAMBA. This works very well but when the client has a great number of files, the FTP Windows-based FTP clients they use don't always give accurate directory listings (if any at all). I know there's some bug in the way SAMBA works with Windows File Sharing but I don't know what the magic file number is that, when reached, prevents a proper directory listing. Does anyone know what this magic number is or if there's an available, tested fix for this?
Code: cd /usr/local/directadmin/customapache/ wget ftp://ftp.proftpd.org/distrib/source....3.1rc2.tar.gz tar xzf proftpd-1.3.1rc2.tar.gz rm -rf proftpd-1.3.1rc2.tar.gz cd proftpd-1.3.1rc2 ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run --with-modules=mod_ratio:mod_readme:mod_tls make make install perl -pi -e "s/^AuthPAM on/#AuthPAM on/g" /etc/proftpd.conf /etc/rc.d/init.d/proftpd restart I changed the proftpd-1.3.1rc2 version to the newest version of proftpd.org
When I run /etc/init.d/proftpd start, I get the following:
Code: Starting proftpd: - mod_tls/2.1.2: compiled using OpenSSL version 'OpenSSL 0.9.7k 05 Sep 2006' headers, but linked to OpenSSL version 'OpenSSL 0.9.7a Feb 19 2003' library - Fatal: unable to load module 'mod_tls.c': Operation not permitted [FAILED]
Starting proftpd: - mod_tls/2.2.1: compiled using OpenSSL version 'OpenSSL 0.9.8i 15 Sep 2008' headers, but linked to OpenSSL version 'OpenSSL 0.9.8g 19 Oct 2007' library
proftpd has its own set of issues obviously built with i headers and linked to g headers. Any ideas wtf I did? I recomplined and restarted everything. I removed the g and i libraries completely. OpenSSH seems happy and nothing is actually "wrong", the server is working fine but I'm really anal retentive this way...it's kinda how I feel "safer" at the OS level.
My Plesk version is 8.2 and i use debian 3.1, I check the instructions on
this faq, it seems added in both inetd configuration file and xinetd.d configuration file in my configuration, also xinetd is working through system but ftp cannot be connectable. It gives "Unable to login server" from remote client and i also check with command line ftp client and service says that "421 Service not available, remote server has closed connection"
I also check this
faq and port is open:
Starting nmap 3.81 [url] at 2007-08-02 16:59 CEST Interesting ports on xx-server.xxxxxx.net (xxx.xxx.xxx.xxx): PORT STATE SERVICE 21/tcp open ftp
Nmap finished: 1 IP address (1 host up) scanned in 0.013 seconds
Is there anyone knows how could I solve this situation?
I try to upload a big file between 300 and 500 MB by FTP to my dedicated server but connection is broken and when I try to do the resume it's not allowed how can I enable upload big files and resume files in ProFTPD 1.3.0a or am I missing something inthe conf file ?.
# The installation path of APF; this can be changed but it has not # been tested what would happen. INSTALL_PATH="/etc/apf"
# Untrusted Network interface(s); all traffic on defined interface will be # subject to all firewall rules. This should be your internet exposed # interfaces. Only one interface is accepted for each value. # NOTE: The interfacing structure is being worked towards support of MASQ/NAT IFACE_IN="eth0" IFACE_OUT="eth0"
# Trusted Network interface(s); all traffic on defined interface(s) will by-pass # ALL firewall rules, format is white space or comma seperated list. IFACE_TRUSTED=""
# Enable virtual network subsystem; creats independent policy ruleset for each # ip on a system (pulls data from 'ip addr list') to /etc/apf/vnet/ip.rules # Template is located in the vnet/ folder for rule files. This feature can # reduce apf start/stop performance and is not recommend for systems with more # than 255 (/24) ip's. [0 = Disabled / 1 = Enabled] SET_VNET="0"
# Support Monolithic kernel builds [no LKM's]. This mode of operation is # not really supported and you use at your own risk. SET_MONOKERN="0"
# Verifies that all inbound traffic is sourced from a defined local gateway MAC # address. All other traffic that does not match this source MAC address will be # rejected as untrusted traffic. It is quite trivial to forge a MAC address and as # such this feature executes NO default accept policy against this MAC address. VF_LGATE=""
# Verifies that the IF and IFACE_TRUSTED interfaces are actually routed (/sbin/route) # to something. If not then chances are APF will not start properly if at all. VF_ROUTE="1"
# Verifies that crond service is running when DEVEL_MODE=1; if not then APF will not # try to load as if lock-up occures no cron service to flush firewall VF_CROND="1"
# Verifies that the current system uptime is greater than this value before APF # can activate. This is to prevent on-boot lockup issues or delays due to excessive # amount of firewall rules. Value is in seconds; should you wish to disable this # feature, simply set VF_UTIME to 0 value. !! NOTE: APF WILL NOT START ON IT's OWN; # IT WILL EXIT WITH FATAL ERROR BELOW SET UPTIME !! VF_UTIME="0"
## # [Packet Filtering/Handling] ##
# How to handle TCP packet filtering? # # RESET (sends a tcp-reset; TCP/IP default) # DROP (drop the packet; stealth ?) # REJECT (reject the packet) TCP_STOP="DROP"
# How to handle UDP packet filtering? # # RESET (sends a icmp-port-unreachable; TCP/IP default) # DROP (drop the packet; stealth ?) # REJECT (reject the packet) # PROHIBIT (send an icmp-host-prohibited) UDP_STOP="DROP"
# How to handle all other packet filtering? (icmp,arp,igmp) # # DROP (drop the packet) # REJECT (reject the packet) DSTOP="DROP"
# The sanity options control the way packets are scrutinized as # they flow through the firewall. The main PKT_SANITY option is a # top level toggle for all SANITY options and provides general # packet flag sanity as a pre-scrub for the other sanity options PKT_SANITY="1"
# Block any packets that do not conform as VALID; this feature # is safe for most but some may experience protocol issues with # broken remote clients PKT_SANITY_INV="0"