My vsftpd server won't let users with accounts connect. This used to work, and the only thing I can think of after checking the docs is that pam got upgraded. Here is my info:
baby pam.d # emerge --info Portage 2.1.3.16 (hardened/x86/2.6, gcc-4.1.1, glibc-2.6.1-r0, 2.6.19-hardened-r6 i686) ================================================================= System uname: 2.6.19-hardened-r6 i686 AMD Duron(tm) Processor Timestamp of tree: Sun, 04 Nov 2007 12:00:01 +0000 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] app-shells/bash: 3.2_p17 dev-java/java-config: 1.3.7, 2.1.2-r1 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.22-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -march=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"; LINGUAS="en fr es" MAKEOPTS="-j9" PKGDIR="/usr/portage-packages/baby" PORTAGE_RSYNC_EXTRA_OPTS="--human-readable" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage /usr/local/portage/bscharpf" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="apache2 apm bash-completion berkdb bind-mysql cli cracklib crypt cups dhcp doc encode examples exim foomaticdb fortran gdbm geoip gif gpm gstreamer hal hardened imap imlib innodb ithreads java jpeg kerberos libclamav libg++ libwww midi mikmod mmx mode-owner mpm-leader mysql ncurses nls nptl nptlonly oav offensive pam pcre perl perlsuid pic png ppds python readline ruby samba search session slp spell ssl syslog tcpd tetex threads truetype unicode urandom usb virus-scan x86 xml xorg zaptel zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en fr es" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS baby pam.d # emerge -pv vsftpd These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] net-ftp/vsftpd-2.0.5-r3 USE="pam ssl tcpd -caps -logrotate (-selinux) -xinetd" 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB baby pam.d # cat /etc/vsftpd/vsftpd.conf # # Example vsftpd config file # # See man 5 vsftpd.conf for more information. # # $Header: /var/cvsroot/gentoo-x86/net-ftp/vsftpd/files/vsftpd.conf,v 1.3 2004/07/18 03:56:09 dragonheart Exp $ # Allow anonymous FTP? anonymous_enable=YES # Uncomment this to allow local users to log in. local_enable=YES # Uncomment this to enable any form of FTP write command. write_enable=YES # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. #anon_upload_enable=YES # Uncomment this if you want the anonymous FTP user to be able to create # new directories. #anon_mkdir_write_enable=YES # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # Activate logging of uploads/downloads. xferlog_enable=YES # If you want, you can have your log file in standard ftpd xferlog format #xferlog_std_format=YES # You may override where the log file goes if you like. The default is shown # below. xferlog_file=/var/log/vsftpd/vsftpd.log # You may change the default value for timing out an idle session. idle_session_timeout=12000 # You may change the default value for timing out a data connection. data_connection_timeout=24000 # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. nopriv_user=nobody # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that turning on ascii_download_enable enables malicious remote parties # to consume your I/O resources, by issuing the command "SIZE /big/file" in # ASCII mode. # These ASCII options are split into upload and download because you may wish # to enable ASCII uploads (to prevent uploaded scripts etc. from breaking), # without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be # on the client anyway.. #ascii_upload_enable=YES #ascii_download_enable=YES # You may fully customise the login banner string: ftpd_banner=Welcome to baby.espersunited.com FTP service. # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/vsftpd.banned_emails # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/vsftpd.chroot_list # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES pasv_promiscuous=YES listen=YES baby pam.d # cat ftp # Provided by ftpbase (dont remove this line!) # Standard pam.d file for ftp service packages. # $Header: /var/cvsroot/gentoo-x86/net-ftp/ftpbase/files/ftp-pamd-include,v 1.1 2005/06/28 14:52:26 uberlord Exp $ auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth include system-auth # If this is enabled, anonymous logins will fail because the 'ftp' user does # not have a "valid" shell, as listed in /etc/shells. # # If you enable this, it is recommended that you do *not* give the 'ftp' # user a real shell. Instead, give the 'ftp' user /bin/false for a shell and # add /bin/false to /etc/shells. # auth required pam_shells.so account include system-auth session include system-auth Is all this correct? Is there something I'm missing? Please help! -- [EMAIL PROTECTED] mailing list
