# ProFTPd suddenly stopped working

## Dragonlord

I don't know exactly since which update this problem happened as I got told by a user just recently. The FTP server here uses an LDAP backend and has registered users with access to their files. This works as it should. Furthermore there is an anonymous user around which the users can place files into a given area to make downloadable by anyone. For some reason this is now totally broken. If I try to log in as anonymous I get the following in heady log mode:

```
( lots of unimportant stuff )

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: generated filter **** from template **** and value ftp

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: connected to localhost:389

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: set protocol version to 3

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: successfully bound as **** with password ****

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: set search size limit to 2

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: set dereferencing to 0

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: set query timeout to 0s

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: generated filter (&(uid=ftp)(objectClass=inetorgperson)) from template (&(uid=%v)(objectClass=inetorgperson)) and value ftp

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: searched using filter (&(uid=ftp)(objectClass=inetorgperson))

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: fetching value(s) for attr uid

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: fetching value(s) for attr uidNumber

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: fetching value(s) for attr gidNumber

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: fetching value(s) for attr homeDirectory

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: fetching value(s) for attr loginShell

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: user ftp, uid 21, gid 21, homedir /var/www/ftp/, shell /bin/false

server.rptd.ch (****) - retrieved UID 21 for user 'ftp'

server.rptd.ch (****) - retrieved group ID: 21

server.rptd.ch (****) - retrieved group name: ftp

server.rptd.ch (****) - ROOT PRIVS at mod_auth.c:478

server.rptd.ch (****) - RELINQUISH PRIVS at mod_auth.c:480

server.rptd.ch (****) - ROOT PRIVS at mod_auth.c:965

server.rptd.ch (****) - setting group ID: 21

server.rptd.ch (****) - SETUP PRIVS at mod_auth.c:980

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: getpwnam: returning cached data for ftp

server.rptd.ch (****) - retrieved UID 21 for user 'ftp'

server.rptd.ch (****) - ROOT PRIVS at mod_auth.c:1000

server.rptd.ch (****) - setting group ID: 440

server.rptd.ch (****) - SETUP PRIVS at mod_auth.c:1015

server.rptd.ch (****) - ftp: Directory /var/www/ftp is not accessible.

server.rptd.ch (****) - dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_sql

server.rptd.ch (****) - dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay

server.rptd.ch (****) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_sql

server.rptd.ch (****) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log

server.rptd.ch (****) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth

server.rptd.ch (****) - dispatching PRE_CMD command 'SYST' to mod_tls

server.rptd.ch (****) - dispatching PRE_CMD command 'SYST' to mod_core

server.rptd.ch (****) - dispatching PRE_CMD command 'SYST' to mod_core

server.rptd.ch (****) - dispatching CMD command 'SYST' to mod_core

server.rptd.ch (****) - dispatching POST_CMD command 'SYST' to mod_sql

server.rptd.ch (****) - dispatching LOG_CMD command 'SYST' to mod_sql

server.rptd.ch (****) - dispatching LOG_CMD command 'SYST' to mod_log

server.rptd.ch (****) - dispatching PRE_CMD command 'QUIT' to mod_tls

server.rptd.ch (****) - dispatching PRE_CMD command 'QUIT' to mod_core

server.rptd.ch (****) - dispatching PRE_CMD command 'QUIT' to mod_core

server.rptd.ch (****) - dispatching CMD command 'QUIT' to mod_core

server.rptd.ch (****) - dispatching POST_CMD command 'QUIT' to mod_sql

server.rptd.ch (****) - dispatching LOG_CMD command 'QUIT' to mod_sql

server.rptd.ch (****) - dispatching LOG_CMD command 'QUIT' to mod_log

server.rptd.ch (****) - dispatching LOG_CMD command 'QUIT' to mod_core

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: successfully unbound

server.rptd.ch (****) - mod_ldap/2.8.17-20051202: not unbinding to an already unbound connection.

server.rptd.ch (****) - FTP session closed.

```

The directory is chmod 755 so accessible to ftp:ftp . I tried different values for the directory to see if a spurious chroot is in place but nothing helped. It works with users but not anonymous for some reason. The part of the proftpd.conf file about the anonymous user.

```
# anonymous account configuration

<Anonymous /var/www/ftp>

        # general configs

        User                    ftp

        Group                   ftp

        UserAlias               anonymous ftp

        RequireValidShell       no

        MaxClients              4 "Sorry, max %m users -- try again later"

        MaxClientsPerHost       2 "Sorry, the maximum number clients (%m) from your host are already connected."

        # directory configs

        <Directory *>

                <Limit WRITE>

                        DenyAll

                </Limit>

        </Directory>

        <Directory /var/www/ftp/incoming>

                <Limit ALL>

                        DenyAll

                </Limit>

        </Directory>

        <Directory /var/www/ftp/users>

                <Limit ALL>

                        DenyAll

                </Limit>

        </Directory>

        <Directory /var/www/ftp/pub>

                TransferRate            RETR    2.0:0

        </Directory>

</Anonymous>
```

This configuration worked before and suddenly stopped working. I'm somehow out of ideas.

----------

## Janne Pikkarainen

First things first: Is the path to /var/www/ftp/ all the way 755? If for example /var/www is not accessible by ftp user, then /var/www/ftp/ will be unreachable, too...

----------

## Dragonlord

The entire path up is accessible to ftp ( 755 ). Like mentioned it works for registered users so the file permissions can not be the problem in my opinion.

----------

## Janne Pikkarainen

Hmm. Yet still your debug log contains these lines:

```
server.rptd.ch (****) - mod_ldap/2.8.17-20051202: user ftp, uid 21, gid 21, homedir /var/www/ftp/, shell /bin/false 

server.rptd.ch (****) - ftp: Directory /var/www/ftp is not accessible.
```

----------

## Dragonlord

That's correct and this is what I do not get. File permissions are all ok. I can set a valid login shell for the ftp, log in to it and checking out that directory... it works. I have no clue why this error is happening. It has to be a bug in ProFTPd.

----------

## JoKo

There was a bug of ProFTPD when someone had compiled it with the pam USE flag, but this bug seems to be fixed in the latest ebuild.

Did the trouble start after you had upgraded ProFTPD?

----------

## Dragonlord

I can not tell exactly after which update the bug happened. This is since the anonymous account is only used for casual downloads and I just received recently the note that something is not working as it should. I assume the latest update caused it but I am not sure. I just know that I can't get it working anymore with the current version.

```
[ebuild   R   ] net-ftp/proftpd-1.3.1_rc2-r3  USE="acl ipv6 ldap ncurses nls pam postgres ssl tcpd -authfile -clamav -hardened -ifsession -mysql -noauthunix -opensslcrypt -radius -rewrite (-selinux) -shaper -sitemisc -softquota -vroot -xinetd" 0 kB 
```

----------

## JoKo

 *Dragonlord wrote:*   

> I can not tell exactly after which update the bug happened. This is since the anonymous account is only used for casual downloads and I just received recently the note that something is not working as it should. I assume the latest update caused it but I am not sure. I just know that I can't get it working anymore with the current version.
> 
> ```
> [ebuild   R   ] net-ftp/proftpd-1.3.1_rc2-r3  USE="acl ipv6 ldap ncurses nls pam postgres ssl tcpd -authfile -clamav -hardened -ifsession -mysql -noauthunix -opensslcrypt -radius -rewrite (-selinux) -shaper -sitemisc -softquota -vroot -xinetd" 0 kB 
> ```
> ...

 

I see. The version you are currently using seems to solve the bug I've mentioned earlier.

Anyway, are you using AuthOrder in your config? Maybe something like that is blocking anonymous access.

Also, from an example configuration for anonymous users (located here) I can see this code: 

```
  # Allow logins if they are disabled above.

  <Limit LOGIN>

    AllowAll

  </Limit>
```

You could try it...

----------

## Dragonlord

No, I don't use AuthOrder. And I also added the line you mentioned but still anonymous can not login.

----------

## obrut<-

i also have this proftpd problem. i use it once in 2 or 3 months to transfer data from one pc to another and suddenly it does not work anymore.   :Evil or Very Mad: 

anonymous login is impossible. i set AuthPAM to on, set ftp's shell to /bin/false and added it to /etc/shells but nothing changed. i tried to reemerge proftpd with -pam, i tried different kinds of specifying the ftp-directory (~ftp, /home/ftp) but i had not absolutely no luck. 

```
Jul 11 01:42:30 desktop proftpd[24959]: desktop.WORKGROUP - ProFTPD 1.3.1rc2 (devel) (built Mi 11. Jul 01:41:05 CEST 2007) standalone mode STARTUP

Jul 11 01:42:46 desktop proftpd[24975]: desktop.WORKGROUP (cruncher[::ffff:192.168.0.3]) - error setting IPV6_V6ONLY: Das Protokoll ist nicht verfügbar

Jul 11 01:42:46 desktop proftpd[24975]: desktop.WORKGROUP (cruncher[::ffff:192.168.0.3]) - FTP session opened.

Jul 11 01:42:56 desktop proftpd[24975]: desktop.WORKGROUP (cruncher[::ffff:192.168.0.3]) - ftp: Directory /home/ftp/ is not accessible.

Jul 11 01:43:48 desktop proftpd[24975]: desktop.WORKGROUP (cruncher[::ffff:192.168.0.3]) - FTP session closed.
```

the client always gets a "530 Please login with USER and PASS". always!  :Evil or Very Mad: 

so any suggestions?  :Question: 

btw: how can i prevent proftpd from demanding the mail address as password? i don't need it, i don't want it. it's annoying.

----------

