# [Solved] Proftpd cannot access directory

## Luc484

Hi! I just noticed my proftpd configuration stopped working. When I try to login I get "Unable to set anonymous privileges.". In /var/log/messages I see "directory ~/ftp is not accessible". I tried to change the user in proftpd.conf with the one I commonly use to login, but I get the same:

```
# This is a basic ProFTPD configuration file (rename it to 

# 'proftpd.conf' for actual use. It establishes a single server

# and a single anonymous login. It assumes that you have a user/group

# "nobody" and "ftp" for normal operation and anonymous access.

ServerName         "ProFTPD Default Installation"

ServerType         standalone

DefaultServer      on

RequireValidShell   off

AuthPAM            off

AuthPAMConfig      ftp

# Port 21 is the standard FTP port.

Port            21

# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask            022

# To prevent DoS attacks, set the maximum number of child processes

# to 30. If you need to allow more than 30 concurrent connections

# at once, simply increase this value. Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit the maximum number of processes per service

# (such as xinetd).

MaxInstances      30

# Set the user and group under which the server will run.

User            luca

Group            users

# Normally, we want files to be overwriteable.

<Directory />

   AllowOverwrite      on

</Directory>

# A basic anonymous configuration, with no upload directories.

<Anonymous ~ftp>

   User            ftp

   Group            ftp

   # We want clients to be able to login with "anonymous" as well as "ftp".

   UserAlias         anonymous ftp

   # Limit the maximum number of anonymous logins.

   MaxClients         10

   

   AnonRequirePassword off

   # We want 'welcome.msg' displayed at login, and '.message' displayed

   # in each newly chdired directory.

   DisplayLogin         welcome.msg

   DisplayChdir      .message

   # Limit WRITE everywhere in the anonymous chroot.

   <Limit WRITE>

      DenyAll

   </Limit>

</Anonymous>

```

Any idea why? What can I do to understand what's wrong?

Thank you.Last edited by Luc484 on Thu Jul 26, 2007 9:37 am; edited 1 time in total

----------

## mattsteven

Ciao- Some questions to ask yourself:

Have you looked at the permissions of /home/ftp?  Is it owned by "ftp"?  Do you have a "ftp" user in the system?

----------

## Luc484

 *mattsteven wrote:*   

> Ciao- Some questions to ask yourself:
> 
> Have you looked at the permissions of /home/ftp?  Is it owned by "ftp"?  Do you have a "ftp" user in the system?

 

Yes. Everything was ok. I tried to search with google and I found out that these could be possible problems. So I checked.

Now I'm trying to do everything again, following the gentoo proftpd guide. I removed the user ftp and I'm trying to create it again. I used the command:

```
useradd -d /home/ftp -s /bin/ftp -g ftp ftp
```

to add the new user. Now I can see it:

```
cluca home # grep ftp /etc/passwd

ftp_priv:x:1002:100::/usr/ftp_private:/bin/false

proftp:x:1003:100::/home/proftp:/bin/ftp

proftpd:x:1005:100::/home/proftpd:/bin/ftp

tesi:x:1006:1006::/home/tesi:/bin/ftp

ftp:x:1007:1011::/home/ftp:/bin/ftp
```

So the user exists, right?

And the directory seems to me to have the correct privileges:

```
cluca home # ls -l

total 12

drwxr-xr-x  2 ftp  ftp   4096 2007-07-25 09:54 ftp

drwxrwxrwx 92 luca users 8192 2007-07-24 19:25 luca
```

Do you see anything wrong?

Thanks for your help!

----------

## mattsteven

I would suggest you change the shell of user ftp to /bin/false.  You're unlikely to want the ftp user to log in just to use ftp again in a shell.  No shell at all would be better.

Also add 

```
RequireValidShell          off
```

 in your Anonymous block to permit logins from users that are not using something that is in /etc/shells.  /bin/ftp is probably not there.

I would also run the overall server as user 'nobody' as this is the usual practice.

```
# Set the user and group that the server normally runs at.

User                            nobody

Group                           nobody

```

This should make it work, but if it doesn't you should be reading the log file - probably /var/log/proftpd.log or similar, it will normally tell you exactly what is wrong.

----------

## Luc484

I tried to apply all the changes you suggested but nothing seemed to change. Always the same answer. I set the DebugLevel to 9 and I looked at the /var/log/messages. This is what I see:

```
Jul 25 23:14:17 cluca proftpd[26483]: cluca - ProFTPD 1.3.1rc2 (devel) (built Mon Jul 2 18:25:52 CEST 2007) standalone mode STARTUP

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - performing ident lookup

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ident lookup returned 'UNKNOWN'

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - connected - local  : 82.50.190.222:21

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - connected - remote : 192.168.0.9:49322

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - FTP session opened.

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_tls

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_core

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_core

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_delay

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_auth

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching CMD command 'USER anonymous' to mod_ratio

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching CMD command 'USER anonymous' to mod_auth

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching POST_CMD command 'USER anonymous' to mod_delay

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching LOG_CMD command 'USER anonymous' to mod_log

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_tls

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_wrap

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_delay

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching CMD command 'PASS (hidden)' to mod_auth

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ROOT PRIVS at mod_auth.c:478

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - RELINQUISH PRIVS at mod_auth.c:480

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ROOT PRIVS at mod_auth.c:965

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - SETUP PRIVS at mod_auth.c:980

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ROOT PRIVS at mod_auth.c:1000

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - SETUP PRIVS at mod_auth.c:1015

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ftp: Directory ~ftp/ is not accessible.

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log

Jul 25 23:14:39 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_tls

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_core

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_core

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_delay

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'USER anonymous' to mod_auth

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching CMD command 'USER anonymous' to mod_ratio

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching CMD command 'USER anonymous' to mod_auth

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching POST_CMD command 'USER anonymous' to mod_delay

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching LOG_CMD command 'USER anonymous' to mod_log

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_tls

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_wrap

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_delay

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching CMD command 'PASS (hidden)' to mod_auth

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ROOT PRIVS at mod_auth.c:478

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - RELINQUISH PRIVS at mod_auth.c:480

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ROOT PRIVS at mod_auth.c:965

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - SETUP PRIVS at mod_auth.c:980

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ROOT PRIVS at mod_auth.c:1000

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - SETUP PRIVS at mod_auth.c:1015

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - ftp: Directory ~ftp/ is not accessible.

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth

Jul 25 23:14:48 cluca proftpd[26601]: cluca (pluca[192.168.0.9]) - FTP session closed.
```

I see always the same error message about ~ftp. Any idea?

Thank you very much for your help!

EDIT: Ok, I found the solution. It was sufficient to add the USE -acl. I thought it was sufficient to not have it in make.conf.

Thanks to everyone.

----------

