How to disable FOG FTP passive mode?
-
root@nik-buz-s01:~# id fogproject uid=1002(fogproject) gid=1003(fogproject) groups=1003(fogproject),113(ftp) root@nik-buz-s01:~# id ftp uid=106(ftp) gid=113(ftp) groups=113(ftp) root@nik-buz-s01:~# ps aux | grep ftp root 717 0.0 0.0 2800 924 ? Ss Feb24 0:00 /usr/sbin/in.tftpd --listen --user root --address :69 --ipv4 -s /tftpboot root 5411 0.0 0.0 6704 888 pts/0 S+ 17:32 0:00 grep ftp root 13669 0.0 0.0 6620 2456 ? Ss Mar10 0:25 /usr/sbin/vsftpd /etc/vsftpd.conf -
@Single Please try logging into FTP via command line client and try renaming/moving those directories:
ftp fog.server.ip.add ... ls /images/dev rename /images/dev/10bf4879d860 /images/buz20_test -
@Sebastian-Roth said in How to disable FOG FTP passive mode?:
rename /images/dev/10bf4879d860 /images/buz20_test
ftp> ls /images/dev 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. 226 Transfer done (but failed to open directory). ftp> rename /images/dev/10bf4879d860 /images/buz20_test 550 RNFR command failed.Why???
FTP is allowed in nft firewall
... ct state new tcp dport { ftp-data, ftp } accept comment "Allow access to FTP-server" ... -
@Single Try changing the ownership (
chown -R fogproject:fogproject /images) and then FTP again. Doesn’t make sense, but give it a go. -
@Sebastian-Roth nothing changed
-
@Single I can’t imagine this to be a firewall issue though we can make sure. Just use ftp command line client directly on the FOG server (
ftp localhost) and try rename. -
# mount | grep images /dev/sdc2 on /images type ext4 (rw,relatime)Now it’s looks like it is vsftpd problem. Mb it can be helpful if I paste my vsftpd.conf here:
max_per_ip=200 anonymous_enable=NO userlist_enable=YES userlist_file=/etc/vsftpd/vsftpd.userlist user_config_dir=/etc/vsftpd/user_config_dir/ userlist_deny=NO local_enable=YES virtual_use_local_privs=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=NO log_ftp_protocol=YES vsftpd_log_file=/var/log/vsftp.log chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd/empty allow_writeable_chroot=YES listen=YES listen_ipv6=NO pam_service_name=vsftpd pasv_enable=NO tcp_wrappers=YES seccomp_sandbox=NO#cat /etc/vsftpd/user_config_dir/fogproject local_root=/images write_enable=YES -
@Single said in How to disable FOG FTP passive mode?:
Mb it can be helpful if I paste my vsftpd.conf here
You are kidding, right?!?! I have not tested this yet but I am fairly sure the config is causing the issue. If you had told us you have a modified config (different from what FOG generates for you) then we would have found the solution in no time.
chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd/empty allow_writeable_chroot=YESPretty sure this is part of the issue. But there might be other config options as well.
Default config generated by FOG:
max_per_ip=200 anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=YES pam_service_name=vsftpd userlist_enable=NO seccomp_sandbox=NO -
I’ll check and let you know
Probably I was stupid but it was required to have more than one FTP user with different FTP folders in that server. -
@Single It’s all good, you are allowed to modify the config on your server to whatever you want. Just saying that letting us know right away would have saved you a lot of time.
-
@Sebastian-Roth Thx for your help, Sebatian!
I commented out linechroot_local_user=YESAnd now everything is just fine about my FOG installation.
MB it makes sense to add into FOG wiki - that vsftpd option is incompatible to FOG.Now I need to find a way to chroot one user but not to chroot other, but it is definitely not a FOG problem. (And, it’s simple)
Thanks again.
Best regards!