ProFTPd server on Ubuntu getting access denied message when successfully authenticated? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Come Celebrate our 10 Year Anniversary!problem with passive FTP behind cisco asa firewallUnderstanding Permissions with ProFTPD (Especially Group Write)Allow anonymous upload for Vsftpd?PROFTPD - Why permissions denied?cPanel to LAMP FTP woes, how to configure/use ProFTPD like cPanel does?FTP not showing files or directoriesFile permissions on files and directories added via ftpServer Security: FTP and System UsersProFTPd and www-data groupConfiguring Lightsail bitnami vsftpd passive
2001: A Space Odyssey's use of the song "Daisy Bell" (Bicycle Built for Two); life imitates art or vice-versa?
Are two submodules (where one is contained in the other) isomorphic if their quotientmodules are isomorphic?
illegal generic type for instanceof when using local classes
51k Euros annually for a family of 4 in Berlin: Is it enough?
Should I use a zero-interest credit card for a large one-time purchase?
How to bypass password on Windows XP account?
Bete Noir -- no dairy
What is Arya's weapon design?
Why was the term "discrete" used in discrete logarithm?
Why is my conclusion inconsistent with the van't Hoff equation?
How can I make names more distinctive without making them longer?
How come Sam didn't become Lord of Horn Hill?
3 doors, three guards, one stone
What's inside the kernel part of virtual memory of 64 bit linux processes?
Why didn't this character "real die" when they blew their stack out in Altered Carbon?
What causes the vertical darker bands in my photo?
ListPlot join points by nearest neighbor rather than order
Single word antonym of "flightless"
Align equal signs while including text over equalities
List of Python versions
If a contract sometimes uses the wrong name, is it still valid?
Dating a Former Employee
How to find all the available tools in macOS terminal?
Fundamental Solution of the Pell Equation
ProFTPd server on Ubuntu getting access denied message when successfully authenticated?
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Come Celebrate our 10 Year Anniversary!problem with passive FTP behind cisco asa firewallUnderstanding Permissions with ProFTPD (Especially Group Write)Allow anonymous upload for Vsftpd?PROFTPD - Why permissions denied?cPanel to LAMP FTP woes, how to configure/use ProFTPD like cPanel does?FTP not showing files or directoriesFile permissions on files and directories added via ftpServer Security: FTP and System UsersProFTPd and www-data groupConfiguring Lightsail bitnami vsftpd passive
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
0
I have a Ubuntu box with a ProFTPD 1.3.4a Server, when I try to log in via my FTP Client I cannot do anything as it does not allow me to list directories; I have tried logging in as root and as a regular user and tried accessing different paths within the FTP Server.
The error I get in my FTP Client is:
Status: Retrieving directory listing...
Command: CDUP
Response: 250 CDUP command successful
Command: PWD
Response: 257 "/var" is the current directory
Command: PASV
Response: 227 Entering Passive Mode (172,16,4,22,237,205).
Command: MLSD
Response: 550 Access is denied.
Error: Failed to retrieve directory listing
Any idea? Here is the config of my proftpd:
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode.
#
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "Drupal Intranet"
ServerType standalone
ServerIdent on "FTP Server ready"
DeferWelcome on
# Set the user and group that the server runs as
User nobody
Group nogroup
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter *.*/
# Use this to jail all users in their homes
# DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off
# Port 21 is the standard FTP port.
Port 21
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4
# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off
# This is required to use both PAM-based authentication and local passwords
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
UseSendFile off
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
# Logging onto /var/log/lastlog is enabled but set to off by default
#UseLastlog on
# In order to keep log file dates consistent after chroot, use timezone info
# from /etc/localtime. If this is not set, and proftpd is configured to
# chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
# savings timezone regardless of whether DST is in effect.
#SetEnv TZ :/etc/localtime
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
# Delay engine reduces impact of the so-called Timing Attack described in
# http://www.securityfocus.com/bid/11430/discuss
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
#
# Useful to keep VirtualHost/VirtualRoot directives separated
#
#Include /etc/proftpd/virtuals.con
# A basic anonymous configuration, no upload directories.
# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>
# Include other custom configuration files
Include /etc/proftpd/conf.d/
UseReverseDNS off
<Global>
RootLogin on
UseFtpUsers on
ServerIdent on
DefaultChdir /var/www
DeleteAbortedStores on
LoginPasswordPrompt on
AccessGrantMsg "You have been authenticated successfully."
</Global>
Any idea what could be wrong?
linux ubuntu ftp proftpd
edited Feb 10 '16 at 8:13
Castaglia
2,60431236
asked Nov 24 '12 at 22:41
exxoidexxoid
161212
add a comment |
0
I have a Ubuntu box with a ProFTPD 1.3.4a Server, when I try to log in via my FTP Client I cannot do anything as it does not allow me to list directories; I have tried logging in as root and as a regular user and tried accessing different paths within the FTP Server.
The error I get in my FTP Client is:
Status: Retrieving directory listing...
Command: CDUP
Response: 250 CDUP command successful
Command: PWD
Response: 257 "/var" is the current directory
Command: PASV
Response: 227 Entering Passive Mode (172,16,4,22,237,205).
Command: MLSD
Response: 550 Access is denied.
Error: Failed to retrieve directory listing
Any idea? Here is the config of my proftpd:
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode.
#
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "Drupal Intranet"
ServerType standalone
ServerIdent on "FTP Server ready"
DeferWelcome on
# Set the user and group that the server runs as
User nobody
Group nogroup
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter *.*/
# Use this to jail all users in their homes
# DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off
# Port 21 is the standard FTP port.
Port 21
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4
# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off
# This is required to use both PAM-based authentication and local passwords
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
UseSendFile off
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
# Logging onto /var/log/lastlog is enabled but set to off by default
#UseLastlog on
# In order to keep log file dates consistent after chroot, use timezone info
# from /etc/localtime. If this is not set, and proftpd is configured to
# chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
# savings timezone regardless of whether DST is in effect.
#SetEnv TZ :/etc/localtime
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
# Delay engine reduces impact of the so-called Timing Attack described in
# http://www.securityfocus.com/bid/11430/discuss
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
#
# Useful to keep VirtualHost/VirtualRoot directives separated
#
#Include /etc/proftpd/virtuals.con
# A basic anonymous configuration, no upload directories.
# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>
# Include other custom configuration files
Include /etc/proftpd/conf.d/
UseReverseDNS off
<Global>
RootLogin on
UseFtpUsers on
ServerIdent on
DefaultChdir /var/www
DeleteAbortedStores on
LoginPasswordPrompt on
AccessGrantMsg "You have been authenticated successfully."
</Global>
Any idea what could be wrong?
linux ubuntu ftp proftpd
edited Feb 10 '16 at 8:13
Castaglia
2,60431236
asked Nov 24 '12 at 22:41
exxoidexxoid
161212
Just run proftpd in debug mode - 'proftpd -d 5 -n'
– ALex_hha
Mar 13 '16 at 22:46
add a comment |
0
0
0
I have a Ubuntu box with a ProFTPD 1.3.4a Server, when I try to log in via my FTP Client I cannot do anything as it does not allow me to list directories; I have tried logging in as root and as a regular user and tried accessing different paths within the FTP Server.
The error I get in my FTP Client is:
Status: Retrieving directory listing...
Command: CDUP
Response: 250 CDUP command successful
Command: PWD
Response: 257 "/var" is the current directory
Command: PASV
Response: 227 Entering Passive Mode (172,16,4,22,237,205).
Command: MLSD
Response: 550 Access is denied.
Error: Failed to retrieve directory listing
Any idea? Here is the config of my proftpd:
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode.
#
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "Drupal Intranet"
ServerType standalone
ServerIdent on "FTP Server ready"
DeferWelcome on
# Set the user and group that the server runs as
User nobody
Group nogroup
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter *.*/
# Use this to jail all users in their homes
# DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off
# Port 21 is the standard FTP port.
Port 21
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4
# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off
# This is required to use both PAM-based authentication and local passwords
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
UseSendFile off
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
# Logging onto /var/log/lastlog is enabled but set to off by default
#UseLastlog on
# In order to keep log file dates consistent after chroot, use timezone info
# from /etc/localtime. If this is not set, and proftpd is configured to
# chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
# savings timezone regardless of whether DST is in effect.
#SetEnv TZ :/etc/localtime
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
# Delay engine reduces impact of the so-called Timing Attack described in
# http://www.securityfocus.com/bid/11430/discuss
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
#
# Useful to keep VirtualHost/VirtualRoot directives separated
#
#Include /etc/proftpd/virtuals.con
# A basic anonymous configuration, no upload directories.
# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>
# Include other custom configuration files
Include /etc/proftpd/conf.d/
UseReverseDNS off
<Global>
RootLogin on
UseFtpUsers on
ServerIdent on
DefaultChdir /var/www
DeleteAbortedStores on
LoginPasswordPrompt on
AccessGrantMsg "You have been authenticated successfully."
</Global>
Any idea what could be wrong?
linux ubuntu ftp proftpd
edited Feb 10 '16 at 8:13
Castaglia
2,60431236
asked Nov 24 '12 at 22:41
exxoidexxoid
161212
I have a Ubuntu box with a ProFTPD 1.3.4a Server, when I try to log in via my FTP Client I cannot do anything as it does not allow me to list directories; I have tried logging in as root and as a regular user and tried accessing different paths within the FTP Server.
The error I get in my FTP Client is:
Status: Retrieving directory listing...
Command: CDUP
Response: 250 CDUP command successful
Command: PWD
Response: 257 "/var" is the current directory
Command: PASV
Response: 227 Entering Passive Mode (172,16,4,22,237,205).
Command: MLSD
Response: 550 Access is denied.
Error: Failed to retrieve directory listing
Any idea? Here is the config of my proftpd:
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode.
#
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "Drupal Intranet"
ServerType standalone
ServerIdent on "FTP Server ready"
DeferWelcome on
# Set the user and group that the server runs as
User nobody
Group nogroup
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter *.*/
# Use this to jail all users in their homes
# DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off
# Port 21 is the standard FTP port.
Port 21
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4
# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off
# This is required to use both PAM-based authentication and local passwords
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
UseSendFile off
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
# Logging onto /var/log/lastlog is enabled but set to off by default
#UseLastlog on
# In order to keep log file dates consistent after chroot, use timezone info
# from /etc/localtime. If this is not set, and proftpd is configured to
# chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
# savings timezone regardless of whether DST is in effect.
#SetEnv TZ :/etc/localtime
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
# Delay engine reduces impact of the so-called Timing Attack described in
# http://www.securityfocus.com/bid/11430/discuss
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
#
# Useful to keep VirtualHost/VirtualRoot directives separated
#
#Include /etc/proftpd/virtuals.con
# A basic anonymous configuration, no upload directories.
# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>
# Include other custom configuration files
Include /etc/proftpd/conf.d/
UseReverseDNS off
<Global>
RootLogin on
UseFtpUsers on
ServerIdent on
DefaultChdir /var/www
DeleteAbortedStores on
LoginPasswordPrompt on
AccessGrantMsg "You have been authenticated successfully."
</Global>
Any idea what could be wrong?
linux ubuntu ftp proftpd
linux ubuntu ftp proftpd
edited Feb 10 '16 at 8:13
Castaglia
2,60431236
asked Nov 24 '12 at 22:41
exxoidexxoid
161212
edited Feb 10 '16 at 8:13
Castaglia
2,60431236
asked Nov 24 '12 at 22:41
exxoidexxoid
161212
edited Feb 10 '16 at 8:13
Castaglia
2,60431236
edited Feb 10 '16 at 8:13
Castaglia
2,60431236
edited Feb 10 '16 at 8:13
Castaglia
2,60431236
2,60431236
asked Nov 24 '12 at 22:41
exxoidexxoid
161212
asked Nov 24 '12 at 22:41
exxoidexxoid
161212
asked Nov 24 '12 at 22:41
exxoidexxoid
161212
161212
Just run proftpd in debug mode - 'proftpd -d 5 -n'
– ALex_hha
Mar 13 '16 at 22:46
add a comment |
Just run proftpd in debug mode - 'proftpd -d 5 -n'
– ALex_hha
Mar 13 '16 at 22:46
Just run proftpd in debug mode - 'proftpd -d 5 -n'
– ALex_hha
Mar 13 '16 at 22:46
Just run proftpd in debug mode - 'proftpd -d 5 -n'
– ALex_hha
Mar 13 '16 at 22:46
add a comment |
3 Answers
3
active
oldest
votes
0
You are trying to communicate with the FTP server in passive mode while not allowing data ports correctly. Try adding a range of unprivileged ports like:
PassivePorts 49152 65535
to proftpd.conf and then open them up in your firewall like
iptables -A INPUT -m tcp -p tcp -d <server ip> --dport 49152:65535 -j ACCEPT
Also, while you're there, verify port 20 is open too!
iptables -A INPUT -m tcp -p tcp -d <server ip> --dport 20 -j ACCEPT
answered Nov 25 '12 at 2:52
Panagiotis PJ PapadomitsosPanagiotis PJ Papadomitsos
59226
I've tried as you described but still no luck, same error message.
– exxoid
Nov 25 '12 at 4:16
Have you tried active mode?
– Panagiotis PJ Papadomitsos
Nov 25 '12 at 11:56
add a comment |
0
i had the same issue, set the folder permissions to 0777 but what fixed it was to add the user login for the ftp user i was using to upload the drupal module to the www-data group.
or apache group if you use centos etc.
answered Nov 19 '13 at 0:45
ted reicheltted reichelt
1
add a comment |
0
You have no passive port range assigned in your configuration...you would therefore need to use active mode in your filezilla client ftp settings for this account.
Either configure port range and firewall too...or change to active mode on client.
answered Oct 10 '17 at 11:31
user34473user34473
111
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f451850%2fproftpd-server-on-ubuntu-getting-access-denied-message-when-successfully-authent%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
You are trying to communicate with the FTP server in passive mode while not allowing data ports correctly. Try adding a range of unprivileged ports like:
PassivePorts 49152 65535
to proftpd.conf and then open them up in your firewall like
iptables -A INPUT -m tcp -p tcp -d <server ip> --dport 49152:65535 -j ACCEPT
Also, while you're there, verify port 20 is open too!
iptables -A INPUT -m tcp -p tcp -d <server ip> --dport 20 -j ACCEPT
answered Nov 25 '12 at 2:52
Panagiotis PJ PapadomitsosPanagiotis PJ Papadomitsos
59226
I've tried as you described but still no luck, same error message.
– exxoid
Nov 25 '12 at 4:16
Have you tried active mode?
– Panagiotis PJ Papadomitsos
Nov 25 '12 at 11:56
add a comment |
0
You are trying to communicate with the FTP server in passive mode while not allowing data ports correctly. Try adding a range of unprivileged ports like:
PassivePorts 49152 65535
to proftpd.conf and then open them up in your firewall like
iptables -A INPUT -m tcp -p tcp -d <server ip> --dport 49152:65535 -j ACCEPT
Also, while you're there, verify port 20 is open too!
iptables -A INPUT -m tcp -p tcp -d <server ip> --dport 20 -j ACCEPT
answered Nov 25 '12 at 2:52
Panagiotis PJ PapadomitsosPanagiotis PJ Papadomitsos
59226
I've tried as you described but still no luck, same error message.
– exxoid
Nov 25 '12 at 4:16
Have you tried active mode?
– Panagiotis PJ Papadomitsos
Nov 25 '12 at 11:56
add a comment |
0
0
0
You are trying to communicate with the FTP server in passive mode while not allowing data ports correctly. Try adding a range of unprivileged ports like:
PassivePorts 49152 65535
to proftpd.conf and then open them up in your firewall like
iptables -A INPUT -m tcp -p tcp -d <server ip> --dport 49152:65535 -j ACCEPT
Also, while you're there, verify port 20 is open too!
iptables -A INPUT -m tcp -p tcp -d <server ip> --dport 20 -j ACCEPT
answered Nov 25 '12 at 2:52
Panagiotis PJ PapadomitsosPanagiotis PJ Papadomitsos
59226
You are trying to communicate with the FTP server in passive mode while not allowing data ports correctly. Try adding a range of unprivileged ports like:
PassivePorts 49152 65535
to proftpd.conf and then open them up in your firewall like
iptables -A INPUT -m tcp -p tcp -d <server ip> --dport 49152:65535 -j ACCEPT
Also, while you're there, verify port 20 is open too!
iptables -A INPUT -m tcp -p tcp -d <server ip> --dport 20 -j ACCEPT
answered Nov 25 '12 at 2:52
Panagiotis PJ PapadomitsosPanagiotis PJ Papadomitsos
59226
answered Nov 25 '12 at 2:52
Panagiotis PJ PapadomitsosPanagiotis PJ Papadomitsos
59226
answered Nov 25 '12 at 2:52
Panagiotis PJ PapadomitsosPanagiotis PJ Papadomitsos
59226
answered Nov 25 '12 at 2:52
Panagiotis PJ PapadomitsosPanagiotis PJ Papadomitsos
59226
59226
I've tried as you described but still no luck, same error message.
– exxoid
Nov 25 '12 at 4:16
Have you tried active mode?
– Panagiotis PJ Papadomitsos
Nov 25 '12 at 11:56
add a comment |
I've tried as you described but still no luck, same error message.
– exxoid
Nov 25 '12 at 4:16
Have you tried active mode?
– Panagiotis PJ Papadomitsos
Nov 25 '12 at 11:56
I've tried as you described but still no luck, same error message.
– exxoid
Nov 25 '12 at 4:16
I've tried as you described but still no luck, same error message.
– exxoid
Nov 25 '12 at 4:16
Have you tried active mode?
– Panagiotis PJ Papadomitsos
Nov 25 '12 at 11:56
Have you tried active mode?
– Panagiotis PJ Papadomitsos
Nov 25 '12 at 11:56
add a comment |
0
i had the same issue, set the folder permissions to 0777 but what fixed it was to add the user login for the ftp user i was using to upload the drupal module to the www-data group.
or apache group if you use centos etc.
answered Nov 19 '13 at 0:45
ted reicheltted reichelt
1
add a comment |
0
i had the same issue, set the folder permissions to 0777 but what fixed it was to add the user login for the ftp user i was using to upload the drupal module to the www-data group.
or apache group if you use centos etc.
answered Nov 19 '13 at 0:45
ted reicheltted reichelt
1
add a comment |
0
0
0
i had the same issue, set the folder permissions to 0777 but what fixed it was to add the user login for the ftp user i was using to upload the drupal module to the www-data group.
or apache group if you use centos etc.
answered Nov 19 '13 at 0:45
ted reicheltted reichelt
1
i had the same issue, set the folder permissions to 0777 but what fixed it was to add the user login for the ftp user i was using to upload the drupal module to the www-data group.
or apache group if you use centos etc.
answered Nov 19 '13 at 0:45
ted reicheltted reichelt
1
answered Nov 19 '13 at 0:45
ted reicheltted reichelt
1
answered Nov 19 '13 at 0:45
ted reicheltted reichelt
1
answered Nov 19 '13 at 0:45
ted reicheltted reichelt
1
1
add a comment |
add a comment |
0
You have no passive port range assigned in your configuration...you would therefore need to use active mode in your filezilla client ftp settings for this account.
Either configure port range and firewall too...or change to active mode on client.
answered Oct 10 '17 at 11:31
user34473user34473
111
add a comment |
0
You have no passive port range assigned in your configuration...you would therefore need to use active mode in your filezilla client ftp settings for this account.
Either configure port range and firewall too...or change to active mode on client.
answered Oct 10 '17 at 11:31
user34473user34473
111
add a comment |
0
0
0
You have no passive port range assigned in your configuration...you would therefore need to use active mode in your filezilla client ftp settings for this account.
Either configure port range and firewall too...or change to active mode on client.
answered Oct 10 '17 at 11:31
user34473user34473
111
You have no passive port range assigned in your configuration...you would therefore need to use active mode in your filezilla client ftp settings for this account.
Either configure port range and firewall too...or change to active mode on client.
answered Oct 10 '17 at 11:31
user34473user34473
111
answered Oct 10 '17 at 11:31
user34473user34473
111
answered Oct 10 '17 at 11:31
user34473user34473
111
answered Oct 10 '17 at 11:31
user34473user34473
111
111
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f451850%2fproftpd-server-on-ubuntu-getting-access-denied-message-when-successfully-authent%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Just run proftpd in debug mode - 'proftpd -d 5 -n'
– ALex_hha
Mar 13 '16 at 22:46