# vsftpd 500 OOPS: capset error

## jmarcus

I read this post but didn't get anywhere. I'm new to hardened Gentoo and the NSA kernel.

 *Griffon26 wrote:*   

> Take a look at this and let me know if it helps:
> 
> www.linuxchix.org/pipermail/techtalk/2003-January/014312.html

 

I emerged vsftpd and get this error:

 *Quote:*   

> C:\Documents and Settings\jmarcus>ftp 10.1.5.12
> 
> Connected to 10.1.5.12.
> 
> 220 (vsFTPd 1.2.2)
> ...

 

Any thoughts or recommended reading?

thanks,

James

----------

## krunk

I'm having the exact same problem as the above poster and can find no good information on the problem.

----------

## basik

I also get the '500 OOPS: capset' when I try to login on my vsftpd server.

A few days ago, I didn't get that message and everything worked just fine. I didn't change my vsftpd config file the past days, but i did sync and also changed a few things in the kernelconfig. Via google I only found the same problem and no solution, but it might have something to do with the kernelconfig. Although I can't think of anything I changed that could have caused the problem.

----------

## basik

So, it wasn't my kernelconfig that caused the problem. If it can help somebody this is the config that DOES NOT WORK for me (the one that causes vsftpd to show '500 OOPS: capset - error'):

```

# config for standalone - anonymous ftp server

# Standalone mode

listen=YES

background=YES

pasv_enable=YES

listen_port=21

max_clients=3

max_per_ip=3

# Access rights

anonymous_enable=YES

local_enable=NO

write_enable=NO

anon_upload_enable=NO

anon_mkdir_write_enable=NO

anon_other_write_enable=NO

# Security

anon_world_readable_only=YES

anon_root=/ftp

connect_from_port_20=YES

hide_ids=YES

pasv_min_port=50000

pasv_max_port=60000

# Features

xferlog_enable=YES

ls_recurse_enable=NO

ascii_download_enable=NO

async_abor_enable=YES

# Performance

one_process_model=YES

idle_session_timeout=120

data_connection_timeout=300

accept_timeout=60

connect_timeout=60

# 50000 is ongeveer 50KB

anon_max_rate=500000000

banner_file=banner.txt

```

and this configfile DOES WORK for me:

```

#local_enable=YES

anon_world_readable_only=YES

anon_root=/ftp

write_enable=NO

anonymous_enable=YES

anon_upload_enable=NO

anon_mkdir_write_enable=NO

anon_other_write_enable=NO

guest_enable=NO

listen=YES

listen_port=21

#pasv_min_port=30000

#pasv_max_port=30999

banner_file=/banner.txt

ls_recurse_enable=NO

ascii_download_enable=NO

async_abor_enable=YES

```

and maybe someone can find what's the problem that causes the '500 OOPS: capset'

----------

## doggizback

so i know this is like, 2 years old...but...

i ran into this same thing, and it drove me absolutely nuts. 

merging libcap didn't help

couldn't find anything on the forums that seemed to do the trick

googled around for ages (this has been going on for about 3 weeks)

method 1 - modprobe capability

not applicable to me, because well...i hadn't built that module. dont know if it works or not, but was mentioned. 

method 2 - kernel rebuild

over the past coupla weeks, trying to get alsa to work (separate issue - works now!), ive gotten reasonably comfortable with this. under menuconfig, go to

Security Options ~> well..hell, i checked off everything for safety's sake, but I reckon all I needed to check off is Enable different security models, default linux capabilities, and BSD Secure levels. Supposedly bsd secure levels is all i needed, but eh...im always paranoid building these things. saved the config, rebuilt the kernel, booted 'er on up.... no more obnoxious "OOPS - Capset" error <3

sorry if this is old-hat, but i got it working on mine in this manner...figured maybe just maybe someone else would stumble onto this and find it useful!, cause i racked my brain on it. found nothing on these forums, hardly anything on google, eventually saw something unrelated that prompted me to check my kernelconfig, and sure enough. worked a treat.

----------

## AA

Same issue. (Yet to try the above fix)

```
# ftp localhost

Connected to localhost (127.0.0.1).

220 hostname FTP

Name (localhost:aa): upload

530 Please login with USER and PASS.

SSL not available

331 Please specify the password.

Password:

230 Login successful.

ftp> ls

215 UNIX Type: L8

500 OOPS: vsf_sysutil_recv_peek
```

After doing some searching I found that by loading the capability module this issue should be solved.

1st problem. I am using a hardened kernel and perhaps this has something to do with the capability module, but I can't find it. 

Am I being a n00b?

```
elvira ~ # modprobe -l | grep capability

elvira ~ #
```

----------

## AA

I was being a n00b!

In short, for those of you running hardened kernels, enable (as modules, building it into the kernel caused my system to not boot) under security:

 *Quote:*   

> <M>   Default Linux Capabilities
> 
> <M>   Root Plug Support
> 
> <M>   BSD Secure Levels

 

```
elvira ~ # ftp localhost

Connected to localhost (127.0.0.1).

220 server FTP

Name (localhost:aa): upload

530 Please login with USER and PASS.

SSL not available

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> ls -l

200 PORT command successful. Consider using PASV.

150 Here comes the directory listing.

226 Directory send OK.

ftp> exit

221 Goodbye.
```

----------

## iaindb

don't forget to compile vsftpd with the caps USE flag!

----------

## chiefbag

 *Quote:*   

> method 1 - modprobe capability

 

That seems to have done the trick, had trouble after an EC2 reboot but I don't recall loading that module in the first place? must have though.

----------

