vsftpd interview questions
Top vsftpd frequently asked interview questions
As it says in title, when I try to sync remote dir using PhpStorm ftp hangs.
Everything works. All the other dirs work just fine. I tried using other clients, tried active/passive mode, ASCII/bin, all the options in remote server configuration, googleing... Can't even find anyone with similar problem.
So to sum it up. Everything works. Tried PhpStorms ftp, total commander, chrome. I can access server, list files/dirs, upload/download. But when I access
"Laravel dir"/vendor/fzaninotto/faker/src/Faker/Provider/
it just hangs and looses connection to server. Server still works and I can reconnect, just can't access that specific folder.
It's clean Laravel installation. There is no files with non-standard characters in file names / too long filenames. Permissions are same as the other dirs. There is reasonable amount of files in the directory. Files are not too large. Server is vsFtpd.
Does anyone have an idea how to solve this?
SOLUTION: I still don't have an idea what was the problem. I'm guessing something in server configuration. But I tried every possible combination of options that I could think of. In the end solved it by removing vsftpd and installing bftpd.
Source: (StackOverflow)
I have installed VSFTP and configured it by adding the following lines...
pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=<ELASTIC_IP>
Then I added the port ranges 1024 - 1048
and 20 - 21
. I then restarted VSFTPD and I can reach it locally from the EC2 instance. However, when I try to access it via my local computer (I am logging in anon for now) it asks me for username and password. I enter ftp
and a@b.com
but it just hangs after this is entered.
Am I missing something? Do I need to configure iptables? I tried...
-A INPUT -m tcp -p tcp --dport 20:21 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 1024:1048 -j ACCEPT
But I get
iptables: Applying firewall rules: iptables-restore: line 1 failed
[FAILED]
What am I missing?
Source: (StackOverflow)
I have a vsftpd server configured with the following options :
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
nopriv_user=vsftpd
virtual_use_local_privs=YES
guest_enable=YES
user_sub_token=$USER
local_root=/var/www/$USER
chroot_local_user=YES
hide_ids=YES
guest_username=vsftpd
use_localtime=YES
chroot_list_enable=YES
cmds_allowed=ABOR,CWD,DELE,LIST,MDTM,MKD,NLST,PASS,PASV,PWD,QUIT,RETR,RMD,RNFR,RNTO,SIZE,STOR,TYPE,USER,ACCT,APPE,CDUP,HELP,MODE,NOOP,REIN,STAT,STOU,STRU,SYST
# Turn on SSL
ssl_enable=YES
# Allow anonymous users to use secured SSL connections
allow_anon_ssl=YES
# All non-anonymous logins are forced to use a secure SSL connection in order to
# send and receive data on data connections.
force_local_data_ssl=NO
# All non-anonymous logins are forced to use a secure SSL connection in order to send the password.
force_local_logins_ssl=NO
# Permit TLS v1 protocol connections. TLS v1 connections are preferred
ssl_tlsv1=YES
# Permit SSL v2 protocol connections. TLS v1 connections are preferred
ssl_sslv2=YES
# permit SSL v3 protocol connections. TLS v1 connections are preferred
ssl_sslv3=YES
# Disable SSL session reuse (required by WinSCP)
require_ssl_reuse=NO
# Select which SSL ciphers vsftpd will allow for encrypted SSL connections (required by FileZilla)
ssl_ciphers=HIGH
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/private/vsftpd.pem
I'm using R and the library curl (not Rcurl) to connect to this ftp and retreive the list of the files. I used this script to connect to other ftp servers in the past without any bug. However on this case the vsftpd server seems to generate an error when receiving the MDTM command :
* Trying 37.59.XXX.XXX...
* Connected to 37.59.XXX.XXX (37.59.XXX.XXX) port 21 (#0)
< 220 (vsFTPd 3.0.2)
> USER someone
< 331 Please specify the password.
> PASS somepassword
< 230 Login successful.
> PWD
< 257 "/"
* Entry path is '/'
> MDTM www
* ftp_perform ends with SECONDARY: 0
< 550 Could not get file modification time.
When I try to connect to the ftp using winscp I got no error (in passive mode), however when I try to use the command line and send the MDTM command I also receive an error.
The R code I use is :
h <- new_handle()
handle_setopt(h, verbose = TRUE)
handle_setopt(h, ssl_verifypeer = FALSE)
handle_setopt(h, username = username)
handle_setopt(h, password = password)
ftpcon <- curl(url, handle = h)
files <- readLines(ftpcon)
Thanks for your help.
Source: (StackOverflow)
I got an exception When using org.springframework.integration.ftp.session.DefaultFtpsSessionFactory to connect FTP Server(vsftpd on ubuntu). The issue can be fixed after configured "require_ssl_reuse=NO".
My question is: how to use DefaultFtpsSessionFactory work with vsftpd without set "require_ssl_reuse=NO"?
Exception without set "require_ssl_reuse=NO":
Caused by: org.springframework.messaging.MessagingException: Failed to write to '/ftp/upload/test.txt.writing' while uploading the file; nested exception is java.io.IOException: Failed to write to '/ftp/upload/test.txt.writing'. Server replied with: 522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page
Here is my configuration for DefaultFtpsSessionFactory:
<beans:bean id="ftpSessionFactory" class="org.springframework.integration.ftp.session.DefaultFtpsSessionFactory">
<beans:property name="host" value="202.101.1.106"/>
<beans:property name="port" value="21"/>
<beans:property name="username" value="tom"/>
<beans:property name="password" value="tom"/>
<beans:property name='clientMode' value='2'/>
<beans:property name='protocols' value='TLSv1, SSLv3'/>
</beans:bean>
Source: (StackOverflow)
I have been searching the internet for an answer to my question "Can PHP control a FTP server like Vsftpd", however could not find anything.
What I looking for is a way for PHP to control what users can connect to my FTP server.
What I also want to do is limit the space users can use on my server. So once a user uploads something, a check is done to make sure the space the user has left can store the file that is being uploaded. If the file is too large, kill the upload.
I've looked at the vsftpd.log, however it only seems to log transactions whenever the request is finished, and not when initiated.
Is what I want possible? If so, how?
Kind regards,
Jesse
Source: (StackOverflow)
I'm trying to write event based ftp server that notifies me when some user uploads any file(users will never do any delete or other stuff, they just upload). Apache ftpServer with ftplets is what I need but it is java based and does not satisfy my environment. So what I'm planning to do is to run vsftpd
and another process besides it which listens to IN_CLOSE_WRITE
event. When vsftpd
close the file descriptor after finishing file upload, my process will be notified and I will do some appropriate action. My questions are:
- Is it possible that I miss any file upload?
- Is it possible that
IN_CLOSE_WRITE
fired in other situations that I get inconsistent files instead of ready to use files?
Source: (StackOverflow)
I am trying to ptrace a vsftpd server process on linux to be able to get control whenever vsftpd process makes a system call. I start the vsftpd process and pass this process id as command line to the following program which traces vsftpd.
however, when I run the following program it just hangs and does not print anything.Can anyone point out what could be wrong? Thanks a lot for your help!!
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <linux/user.h>
#include <sys/syscall.h> /* For SYS_write etc */
#include<sys/reg.h>
int main(int argc,char* argv[])
{ pid_t child;
long orig_eax, eax;
long params[3];
int status;
int insyscall = 0;
child = atoi(argv[1]);
ptrace(PTRACE_ATTACH,child,NULL,NULL);
while(1) {
wait(&status);
if(WIFEXITED(status))
break;
orig_eax = ptrace(PTRACE_PEEKUSER,
child, 4 * ORIG_EAX, NULL);
if(orig_eax == __NR_clone || orig_eax == __NR_open || orig_eax == __NR_write)
{
if(insyscall == 0) {
/* Syscall entry */
insyscall = 1;
params[0] = ptrace(PTRACE_PEEKUSER,
child, 4 * EBX,
NULL);
params[1] = ptrace(PTRACE_PEEKUSER,
child, 4 * ECX,
NULL);
params[2] = ptrace(PTRACE_PEEKUSER,
child, 4 * EDX,
NULL);
if(orig_eax == __NR_clone)
{
printf("\nClone");
}
else if(orig_eax == __NR_open)
printf("\nOpen");
else if(orig_eax == __NR_write)
printf("\nWrite");
printf(" called with "
"%ld, %ld, %ld\n",
params[0], params[1],
params[2]);
}
else { /* Syscall exit */
eax = ptrace(PTRACE_PEEKUSER,
child, 4 * EAX, NULL);
printf("Returned "
"with %ld\n", eax);
insyscall = 0;
}
}
ptrace(PTRACE_SYSCALL,
child, NULL, NULL);
}
return 0;
}
Source: (StackOverflow)
I've had difficulty setting up vsftpd on my apache2 server. I was getting this error:
GnuTLS error -15: An unexpected TLS packet was received.
Tried a number of things including updating gnutsl, permissions, different ftp clients, etc.
I eventually got it working by adding this to vsftpd.conf
:
allow_writeable_chroot=YES
Not really sure what the implications of that. So my question is this: does that open any security issues I should worry about?
Thanks.
Source: (StackOverflow)
I have the following issue... i need to connect to sftp(vsftpd) through python script, upload a file and download it. So far i have created ftp server with vsftpd but i cannot connect. If i use the terminal(ftp localhost) i can log in without any problems. Please advise how i should proceed.
Here is my python script:
http://codepaste.net/omysxu
and here is the config file of vsftpd:
http://codepaste.net/1qrrdf
The thing that i am trying to do is.. set up a ftp server, then i should have 2 scripts(or 1) which will have to upload file via ssh then download it in another dir.
Source: (StackOverflow)
I installed vsftpd on my Amazon ec2-linux AMI using sudo yum install vsftpd
. However, it installs version 2.2.2.
How do I install version 3.0.2? I downloaded the tar file from https://security.appspot.com/vsftpd.html, extracted it, and followed the instruction from the INSTALL file. However, when I try to run the "make" command, it fails saying:
/usr/bin/ld: cannot find -lcap
collect2: error: ld returned 1 exit status
make: *** [vsftpd] Error 1
What is the problem? Is there any other way to get the latest version?
Source: (StackOverflow)
I'm using both Redhat and CentOS. I previously wanted to jail a "Specific User" to its home. Then i got it by following this answer.
When the user (lets say, using FileZilla) use:
.. it is fine!
But again there, when the user connects with:
- Protocol:
SFTP
(in the FileZilla setting)
.. the Jailing for that Specific User is NOT working anymore. Can still browse through.
How can i make it to have:
- In
vsFTPd
, jail a Specific User to its home when using Protocol: SFTP
.
Thank you!
Source: (StackOverflow)
I have a cloud hosting linux solution. I had vsftpd working on it, but after having issues and tinkering with a lot of settings, I now have an issue where users can login using FTP and connect to the correct home directory, navigate within it, download files but they cannot upload files to the server. They get a time out error, which appears to be a permissions error, but I can't narrow it down any more than that. /var/logs/syslog gives nothing away.
The folders belong to the users. The parent www folder is set to 555. Can anyone help with this issue at all?
Cheers,
T
Source: (StackOverflow)
I can't seem to find the right answer for this anywhere. I have built many servers and haven't come across this issue before. I recently built a CentOS 6.5 server with a specific ftp account. For some reason, non-root users cannot overwrite files that already exist. I get a 550 cannot create file error. If the file doesn't exist it uploads just fine. Ownership and permissions seem to be in place. I am using vsftpd. I set up an identical user on another centOS 6 system and it works just fine. I don't know what I did to cause this problem. Any help would be great.
Source: (StackOverflow)
I am use Ubuntu Linux, and when I run command netstat -lt
, then show:
tcp 0 0 *:ftp *:* LISTEN
then I run command sudo service vsftpd stop
, and run command netstat -lt
again, the terminal will not show ftp server, but after a while, I am run command netstat -lt
again, the terminal will show ftp server again:
tcp 0 0 *:ftp *:* LISTEN
How strange it is!
How can I stop ftp server?
Source: (StackOverflow)
I want to install vsftpd on ubuntu 14.04 server and access the files through an apache httpd.
Following this guide thats my vsftpd.conf:
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default)
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in your local time zone. The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# This option specifies the location of the RSA key to use for SSL
# encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
userlist_deny=NO
userlist_enable=YES
userlist_file=/etc/vsftpd.user_list
vsftpd.user_list contains the newly created user ftpuser.
Anonymous login works if I comment the three userlist configs on the bottom of the config (because no anonymous user in vsftpd.user_list) but logging in as ftpuser doesn't work: FTP Error 530 invalid login
I cant find any issue and found exactly this config 100 times on the internet, every working well.
I also tried to reinstall vsftpd + apache from scratch, did not help.
Added vsftpd logfile:
Thu Aug 27 17:56:27 2015 [pid 15875] CONNECT: Client "95.223.27.113"
Thu Aug 27 17:56:27 2015 [pid 15875] FTP response: Client "95.223.27.113", "220 (vsFTPd 3.0.2)"
Thu Aug 27 17:56:27 2015 [pid 15875] FTP command: Client "95.223.27.113", "AUTH TLS"
Thu Aug 27 17:56:27 2015 [pid 15875] FTP response: Client "95.223.27.113", "530 Please login with USER and PASS."
Thu Aug 27 17:56:27 2015 [pid 15875] FTP command: Client "95.223.27.113", "AUTH SSL"
Thu Aug 27 17:56:27 2015 [pid 15875] FTP response: Client "95.223.27.113", "530 Please login with USER and PASS."
Thu Aug 27 17:56:28 2015 [pid 15875] FTP command: Client "95.223.27.113", "USER ftpuser"
Thu Aug 27 17:56:28 2015 [pid 15875] [ftpuser] FTP response: Client "95.223.27.113", "331 Please specify the password."
Thu Aug 27 17:56:28 2015 [pid 15875] [ftpuser] FTP command: Client "95.223.27.113", "PASS <password>"
Thu Aug 27 17:56:30 2015 [pid 15874] [ftpuser] FAIL LOGIN: Client "95.223.27.113"
Thu Aug 27 17:56:31 2015 [pid 15875] [ftpuser] FTP response: Client "95.223.27.113", "530 Login incorrect."
Source: (StackOverflow)