Dinesh K. SANAS | 10 Jan 12:35 2006

[Proftpd-user] help



Mr. Dinesh SANAS
System Administrator/SMC

MAGNA STEYR India Pvt. Ltd.
Plot No. 23, Aamchi Colony,
NDA-Pashan Road,
Pune: - 411 023,
INDIA

Email: - dinesh.sanas <at> magnasteyr.com

Tel: - +91 20 2295 2053
Fax: - +91 20 2295 1937

Website: - http://www.magnasteyr.com

------------------------------------------------------------------------------------------------------------------------------------

This message is not legally binding upon MAGNA STEYR India Pvt Ltd. This email and any
files transmitted with it are confidential and intended solely for the use of the individual or
entity to whom they are addressed. If you have received this email in error please notify the
system administrator.
------------------------------------------------------------------------------------------------------------------------------------


Anton Krall | 13 Jan 01:28 2006
Picon

[Proftpd-user] signal 11 while logging in

Guys. Im using proftpd 1.2.10 rpm on Fedora Core 3 and Im getting weird
signal 11 problems while trying to log into the server.

I have 2 users defined:

polycom:xx:1:1::/home
akrall:xx:2:2::/

User akrall can log in without problems, but user polycom cant login, after
issuing the password and then a dir, I get a disconnected and ftp logs show
this:

voip.intruder.com.mx (akrall[10.0.0.2]) - FTP session requested from unknown
class
voip.intruder.com.mx (akrall[10.0.0.2]) - connected - local  : 10.0.0.10:21
voip.intruder.com.mx (akrall[10.0.0.2]) - connected - remote : 10.0.0.2:3441
voip.intruder.com.mx (akrall[10.0.0.2]) - FTP session opened.
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching PRE_CMD command 'USER
polycom' to mod_tls
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching PRE_CMD command 'USER
polycom' to mod_core
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching PRE_CMD command 'USER
polycom' to mod_core
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching PRE_CMD command 'USER
polycom' to mod_auth
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching CMD command 'USER
polycom' to mod_auth
voip.intruder.com.mx (akrall[10.0.0.2]) - no supplemental groups found for
user 'polycom'
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching LOG_CMD command 'USER
polycom' to mod_log
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching PRE_CMD command 'PASS
(hidden)' to mod_tls
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching PRE_CMD command 'PASS
(hidden)' to mod_core
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching PRE_CMD command 'PASS
(hidden)' to mod_core
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching PRE_CMD command 'PASS
(hidden)' to mod_auth
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching CMD command 'PASS
(hidden)' to mod_auth
voip.intruder.com.mx (akrall[10.0.0.2]) - no supplemental groups found for
user 'polycom'
voip.intruder.com.mx (akrall[10.0.0.2]) - USER polycom: Login successful.
voip.intruder.com.mx (akrall[10.0.0.2]) - Preparing to chroot() the
environment, path = '/home'
voip.intruder.com.mx (akrall[10.0.0.2]) - Environment successfully
chroot()ed.
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching POST_CMD command 'PASS
(hidden)' to mod_cap
voip.intruder.com.mx (akrall[10.0.0.2]) - mod_cap/1.0: capabilities '=
cap_net_bind_service+ep'
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching POST_CMD command 'PASS
(hidden)' to mod_tls
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching POST_CMD command 'PASS
(hidden)' to mod_readme
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching POST_CMD command 'PASS
(hidden)' to mod_log
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching POST_CMD command 'PASS
(hidden)' to mod_ls
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching POST_CMD command 'PASS
(hidden)' to mod_auth
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching LOG_CMD command 'PASS
(hidden)' to mod_log
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching PRE_CMD command 'PORT
10,0,0,2,13,115' to mod_tls
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching PRE_CMD command 'PORT
10,0,0,2,13,115' to mod_core
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching PRE_CMD command 'PORT
10,0,0,2,13,115' to mod_core
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching CMD command 'PORT
10,0,0,2,13,115' to mod_core
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching LOG_CMD command 'PORT
10,0,0,2,13,115' to mod_log
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching PRE_CMD command 'LIST'
to mod_tls
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching PRE_CMD command 'LIST'
to mod_core
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching PRE_CMD command 'LIST'
to mod_core
voip.intruder.com.mx (akrall[10.0.0.2]) - dispatching CMD command 'LIST' to
mod_ls
voip.intruder.com.mx (akrall[10.0.0.2]) - ProFTPD terminating (signal 11)
voip.intruder.com.mx (akrall[10.0.0.2]) - FTP session closed.

Im not using mysql or anything else, just plain old rpm distro.

Any fixes for this? Is it a fedora core 3 issue?

Thx for any help Guys

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

TJ Saunders | 13 Jan 12:41 2006

Re: [Proftpd-user] signal 11 while logging in


> Guys. Im using proftpd 1.2.10 rpm on Fedora Core 3 and Im getting weird
> signal 11 problems while trying to log into the server.

If you disable your DefaultRoot, does the signal 11 still happen?  If not,
then I suspect the version of glibc that ships with FC3: it does not
handle use of the DNS resolver library from within a chroot.

Hope this helps,
TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   Afford yourself some gratitude.

     -Sara Clardy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Lawrence Horvath | 13 Jan 13:22 2006
Picon

[Proftpd-user] BSD error

I am currently using FreeBSD 6.0 with proftpd Version 1.3.0rc2 it
gives me this error when i try to start it up\

root <at> server.sporkton.com /#proftpd
  - getaddrinfo 'sporkton.com' error: hostname nor servname provided,
or not known

im not sure why, as far as i know proftpd just grabs the ip of the
computer somehow, i was thinking maybe i have to bind it to an ip
somehow, couldnt figure that one out though, any help is appreciated
--
-Lawrence

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Anton Krall | 13 Jan 20:47 2006
Picon

RE: [Proftpd-user] signal 11 while logging in

TJ, that fixed it, disabling DefaultRoot fixes the problem, my question ow
is, what repercusions will that do to the users? Will this enable them to do
anything they are not supposed to?

|-----Original Message-----
|From: proftp-user-admin <at> lists.sourceforge.net 
|[mailto:proftp-user-admin <at> lists.sourceforge.net] On Behalf Of 
|TJ Saunders
|Sent: Friday, January 13, 2006 5:41 AM
|To: proftp-user <at> lists.sourceforge.net
|Subject: Re: [Proftpd-user] signal 11 while logging in
|
|
|> Guys. Im using proftpd 1.2.10 rpm on Fedora Core 3 and Im getting 
|> weird signal 11 problems while trying to log into the server.
|
|If you disable your DefaultRoot, does the signal 11 still 
|happen?  If not, then I suspect the version of glibc that 
|ships with FC3: it does not handle use of the DNS resolver 
|library from within a chroot.
|
|Hope this helps,
|TJ
|
|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~~~~~~~~~~~~~~~~
|
|   Afford yourself some gratitude.
|
|     -Sara Clardy
|
|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~~~~~~~~~~~~~~~~
|
|
|-------------------------------------------------------
|This SF.net email is sponsored by: Splunk Inc. Do you grep 
|through log files for problems?  Stop!  Download the new AJAX 
|search engine that makes searching your log files as easy as 
|surfing the  web.  DOWNLOAD SPLUNK!
|http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
|_______________________________________________
|ProFTPD Users List   <proftpd-users <at> proftpd.org>
|Unsubscribe problems?
|http://www.proftpd.org/list-unsub.html
|

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Ed Wilts | 13 Jan 22:44 2006

Re: [Proftpd-user] signal 11 while logging in

On Fri, Jan 13, 2006 at 01:47:50PM -0600, Anton Krall wrote:
> TJ, that fixed it, disabling DefaultRoot fixes the problem, my question ow
> is, what repercusions will that do to the users? Will this enable them to do
> anything they are not supposed to?

Yes.  This means that without further restrictions, they'll be able to
write anywhere the file system will let them.  This means that they
could launch a denial of service attack by filling /tmp and/or /var/tmp.

        .../Ed

 
> |-----Original Message-----
> |From: proftp-user-admin <at> lists.sourceforge.net 
> |[mailto:proftp-user-admin <at> lists.sourceforge.net] On Behalf Of 
> |TJ Saunders
> |Sent: Friday, January 13, 2006 5:41 AM
> |To: proftp-user <at> lists.sourceforge.net
> |Subject: Re: [Proftpd-user] signal 11 while logging in
> |
> |
> |> Guys. Im using proftpd 1.2.10 rpm on Fedora Core 3 and Im getting 
> |> weird signal 11 problems while trying to log into the server.
> |
> |If you disable your DefaultRoot, does the signal 11 still 
> |happen?  If not, then I suspect the version of glibc that 
> |ships with FC3: it does not handle use of the DNS resolver 
> |library from within a chroot.
> |
> |Hope this helps,
> |TJ
> |

--

-- 
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts <at> ewilts.org
Member #1, Red Hat Community Ambassador Program

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Anton Krall | 14 Jan 05:04 2006
Picon

RE: [Proftpd-user] signal 11 while logging in

Eventhough their "home" defined in proftp.users is set to something else?

To answer my own question, yes... I saw that the home restriction is now
off..

So my next question would be, how to fix this issue so that I can restore
DefaultRoot? 

|-----Original Message-----
|From: proftp-user-admin <at> lists.sourceforge.net 
|[mailto:proftp-user-admin <at> lists.sourceforge.net] On Behalf Of Ed Wilts
|Sent: Friday, January 13, 2006 3:44 PM
|To: proftp-user <at> lists.sourceforge.net
|Subject: Re: [Proftpd-user] signal 11 while logging in
|
|On Fri, Jan 13, 2006 at 01:47:50PM -0600, Anton Krall wrote:
|> TJ, that fixed it, disabling DefaultRoot fixes the problem, my 
|> question ow is, what repercusions will that do to the users? 
|Will this 
|> enable them to do anything they are not supposed to?
|
|Yes.  This means that without further restrictions, they'll be 
|able to write anywhere the file system will let them.  This 
|means that they could launch a denial of service attack by 
|filling /tmp and/or /var/tmp.
|
|        .../Ed
|
| 
|> |-----Original Message-----
|> |From: proftp-user-admin <at> lists.sourceforge.net
|> |[mailto:proftp-user-admin <at> lists.sourceforge.net] On Behalf Of TJ 
|> |Saunders
|> |Sent: Friday, January 13, 2006 5:41 AM
|> |To: proftp-user <at> lists.sourceforge.net
|> |Subject: Re: [Proftpd-user] signal 11 while logging in
|> |
|> |
|> |> Guys. Im using proftpd 1.2.10 rpm on Fedora Core 3 and Im getting 
|> |> weird signal 11 problems while trying to log into the server.
|> |
|> |If you disable your DefaultRoot, does the signal 11 still 
|happen?  If 
|> |not, then I suspect the version of glibc that ships with 
|FC3: it does 
|> |not handle use of the DNS resolver library from within a chroot.
|> |
|> |Hope this helps,
|> |TJ
|> |
|
|--
|Ed Wilts, RHCE
|Mounds View, MN, USA
|mailto:ewilts <at> ewilts.org
|Member #1, Red Hat Community Ambassador Program
|
|
|-------------------------------------------------------
|This SF.net email is sponsored by: Splunk Inc. Do you grep 
|through log files
|for problems?  Stop!  Download the new AJAX search engine that makes
|searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
|http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
|_______________________________________________
|ProFTPD Users List   <proftpd-users <at> proftpd.org>
|Unsubscribe problems?
|http://www.proftpd.org/list-unsub.html
|
|

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Ed Wilts | 14 Jan 05:37 2006

Re: [Proftpd-user] signal 11 while logging in

On Fri, Jan 13, 2006 at 10:04:35PM -0600, Anton Krall wrote:
> Eventhough their "home" defined in proftp.users is set to something else?
> 
> To answer my own question, yes... I saw that the home restriction is now
> off..

So you need to get it back on...

> So my next question would be, how to fix this issue so that I can restore
> DefaultRoot? 

TJ said that it appears to be a glibc bug in Fedora Core 3.  Can you
upgrade to FC 4?  Personally, I've only run ProFTPd on the Red Hat
Enterprise releases and have never seen the bug.  Is there an update to
glic specifically designed for FC 3?

        .../Ed

> |-----Original Message-----
> |From: proftp-user-admin <at> lists.sourceforge.net 
> |[mailto:proftp-user-admin <at> lists.sourceforge.net] On Behalf Of Ed Wilts
> |Sent: Friday, January 13, 2006 3:44 PM
> |To: proftp-user <at> lists.sourceforge.net
> |Subject: Re: [Proftpd-user] signal 11 while logging in
> |
> |On Fri, Jan 13, 2006 at 01:47:50PM -0600, Anton Krall wrote:
> |> TJ, that fixed it, disabling DefaultRoot fixes the problem, my 
> |> question ow is, what repercusions will that do to the users? 
> |Will this 
> |> enable them to do anything they are not supposed to?
> |
> |Yes.  This means that without further restrictions, they'll be 
> |able to write anywhere the file system will let them.  This 
> |means that they could launch a denial of service attack by 
> |filling /tmp and/or /var/tmp.
> |
> |        .../Ed
> |
> | 
> |> |-----Original Message-----
> |> |From: proftp-user-admin <at> lists.sourceforge.net
> |> |[mailto:proftp-user-admin <at> lists.sourceforge.net] On Behalf Of TJ 
> |> |Saunders
> |> |Sent: Friday, January 13, 2006 5:41 AM
> |> |To: proftp-user <at> lists.sourceforge.net
> |> |Subject: Re: [Proftpd-user] signal 11 while logging in
> |> |
> |> |
> |> |> Guys. Im using proftpd 1.2.10 rpm on Fedora Core 3 and Im getting 
> |> |> weird signal 11 problems while trying to log into the server.
> |> |
> |> |If you disable your DefaultRoot, does the signal 11 still 
> |happen?  If 
> |> |not, then I suspect the version of glibc that ships with 
> |FC3: it does 
> |> |not handle use of the DNS resolver library from within a chroot.
> |> |
> |> |Hope this helps,
> |> |TJ

--

-- 
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts <at> ewilts.org
Member #1, Red Hat Community Ambassador Program

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Marc Haber | 16 Jan 12:53 2006
Picon

Re: [Proftpd-user] Issue with AuthUserFile - Permissions set in config file ignored

Hi,

sorry for taking so long to reply, the holidays threw me out of my
normal work cycle.

On Thu, Dec 22, 2005 at 10:19:52AM -0800, TJ Saunders wrote:
> > Would it be possible to have more information about this fact in the
> > debug output? I would be interested, for exaple, with which uid/gid
> > combiation proftpd tries to execute the access, and which exact call
> > fails.
> 
> That sort of information would require more work than is necessary, in my
> opinion.  Checking of access is done by the filesystem/OS, not by an
> application like proftpd.  Asking the application to duplicate the checks
> done by the kernel is not very efficient.  As you discovered below, there
> are other, better ways of obtaining this information.

I would, however, like to have more information about _what_ the
application is actually trying and which privileges it assumes.
Currently, the debug information doesn't even have neither the actual
error code that is passed by the OS, nor the actual error message that
is being transmitted to the client.

> > Actually, stracing the process was helpful to see that in response to
> > the STOR command, proftpd successfully chroots to the correct
> > directory /mnt/main10/var/ftp/customer/user to stat /.bashrc there,
> > which is answered with ENOENT, and then continues in dispatching the
> > POST_CMD_ERR to the modules.
> 
> > The directory is ftp-admin(1003):ftp-customer(1004) 2775, and the
> > logged-in user is mapped to uid 1003 with primary group 1004 in
> > /etc/proftpd.passwd and /etc/proftpd.group.
> 
> Debugging output, level 10, will display the list of group IDs and names
> that proftpd retrieves for a user.  You might double-check, in the output,
> to see that proftpd is retrieving the proper list of IDs/names.

The parts of the log that I consider relevant are:
retrieved group IDs: 1004, 1004
retrieved group names: ftp-customer, ftp-customer
setting group ID: 1004
ROOT PRIVS: ID switching disabled

Should there be more?

A strace shows that the privileges are changed to:
[pid  3007] setgid32(1004)              = 0
[pid  3007] setresuid32(-1, 1003, -1)   = 0
so proftpd should be running as ftp-admin:ftp-customer, and should
thus have access privileges for the directory, which is
ftp-admin(1003):ftp-customer(1004) 2775.

Even when I change the directory mode to 2777 (which is a real stupid
thing to do, but I was really desperate, and I changed the mode back
to 2775 afterwards), I get a "permission denied" error in the client.

I have also verified from strace and debugging output that proftpd is
actually chrooting to the correct directory.

Any more hints

Greetings
Marc

--

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Matus UHLAR - fantomas | 18 Jan 15:31 2006
Picon

[Proftpd-user] logfile rotation?

Hello,

How does the logfile rotation probblem currently look like?

If proftpd reloads config (sighup), does it reopen ALL logfiles
(controlslog, serverlog, transferlog/extendedlog, tlslog, etc)?

Do child processes do the same or I'll have to wait until they finish?

(If childs don't reopen logs, limitting TimeoutSession to <24 hours would
allow delayed compression at least)
--

-- 
Matus UHLAR - fantomas, uhlar <at> fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html


Gmane