1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

[atomic] psa-proftpd 1.3.2-1 Update

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by atomicturtle, Feb 19, 2009.

  1. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    https://atomicrocketturtle.com/forum/viewtopic.php?f=12&t=2851

    This is an update for proftpd to 1.3.2 we put together to correct the following issues:
    Published to the [atomic-testing] channel, this release candidate should resolve the following issues:

    https://atomicrocketturtle.com/forum/viewtopic.php?f=12&t=2851

    (there are too many to post to a single forum message)

    To Install:
    yum --enablerepo=atomic-tesitng upgrade psa-proftpd

    To install the atomic repositories:

    wget -q -O - http://www.atomicorp.com/installers/atomic |sh
     
  2. onsightdata

    onsightdata Regular Pleskian

    25
     
    Joined:
    Jul 25, 2007
    Messages:
    132
    Likes Received:
    0
    I ran the update on fedora core server and not I cannot login to any of the ftp accounts for domains. I have reset the password and tried again. I even tried to create a new domain and login with that and no go .


    This is the error in /var/log/secure

    Feb 20 00:39:15 viper proftpd: PAM unable to dlopen(/lib/security/pam_stack.so)
    Feb 20 00:39:15 viper proftpd: PAM [error: /lib/security/pam_stack.so: cannot open shared object file: No such file or directory]
    Feb 20 00:39:15 viper proftpd: PAM adding faulty module: /lib/security/pam_stack.so
     
    Last edited: Feb 20, 2009
  3. 105547111

    105547111 Silver Pleskian

    32
    30%
    Joined:
    Jul 13, 2006
    Messages:
    643
    Likes Received:
    2
    Ah ha :)

    Sounds like your etc/pam.d/proftpd.pam file in the package is not right for Fedora.

    Do you have your old pam file from the last version?

    If not I can post mine, but now I am on iPhone no cut and paste :(

    I actually rebuilt the rpm with the correct pam file, are you Fedora 8 (i386) by chance?

    Can you PM me as a reminder to give you the info, if your F8 i386 I can send you my rpm.
     
  4. onsightdata

    onsightdata Regular Pleskian

    25
     
    Joined:
    Jul 25, 2007
    Messages:
    132
    Likes Received:
    0
    OK so I am able to login to my ftp again. My /etc/pam.d/proftpd file must have been replaced when i updated to 1.3.2 and the values did not match a test machine I have at home running fedora core.

    Values after update that did not allow me to login ( Matched the config on my REHL5 servers ):

    #%PAM-1.0
    auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
    auth required pam_stack.so service=system-auth
    auth required pam_shells.so
    account required pam_stack.so service=system-auth
    session required pam_stack.so service=system-auth

    I changed /etc/pam.d/proftpd to match a fedora server without the update ( 1.3.1 )

    #%PAM-1.0
    auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
    auth include system-auth
    auth required pam_shells.so
    account include system-auth
    session include system-auth
    session required pam_loginuid.so


    Everything seems to be working now. Comments?
     
  5. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Thanks for the info and the good research, which fedora are you on?
     
  6. onsightdata

    onsightdata Regular Pleskian

    25
     
    Joined:
    Jul 25, 2007
    Messages:
    132
    Likes Received:
    0
    2.6.23.17-88.fc7
     
  7. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Exactly what I needed, psa-proftpd 1.3.2-2 has been released to include the changes you sent.
     
  8. onsightdata

    onsightdata Regular Pleskian

    25
     
    Joined:
    Jul 25, 2007
    Messages:
    132
    Likes Received:
    0
    Works Perfect.

    Transaction Test Succeeded
    Running Transaction
    Updating : psa-proftpd ######################### [1/2]
    warning: /etc/pam.d/proftpd created as /etc/pam.d/proftpd.rpmnew
    Cleanup : psa-proftpd ######################### [2/2]

    The proftpd.rpmnew is exactly the same at /etc/pam.d/proftpd. Works perfect.
     
  9. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Awesome, I used your exact code there for the fc7+ setups.
     
  10. netweblogic

    netweblogic Guest

    0
     
    Hey atomicturtle, halleluya :) ... thanks for releasing that!

    Confirmed, works as it should do on 8.6 CentOS 5.2
     
  11. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Thanks for the follow up, I'm going to publish this package to the [atomic] channel as a stable update.

    You can now update it with:

    yum upgrade psa-proftpd
     
  12. Matt Sonnentag

    Matt Sonnentag Basic Pleskian

    23
    23%
    Joined:
    Mar 3, 2009
    Messages:
    29
    Likes Received:
    0
    Hi Art,

    Just wanted to let you know that I put in the 1.3.2.2 upgrade on 2 different Centos5 systems and one worked, one died, same sort of issue. I am glad I stumbled across this post otherwise I would have continued to be in great do-do. The dead box had the following in /etc/pam.d/proftpd:

    #%PAM-1.0
    auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
    auth required /lib/security/pam_pwdb.so shadow nullok
    account required /lib/security/pam_pwdb.so
    session required /lib/security/pam_pwdb.so
    auth required pam_stack.so service=system-auth
    auth required pam_shells.so
    account required pam_stack.so service=system-auth
    session required pam_stack.so service=system-auth

    It was replaced with:

    #%PAM-1.0
    auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
    auth required pam_stack.so service=system-auth
    auth required pam_shells.so
    account required pam_stack.so service=system-auth
    session required pam_stack.so service=system-auth

    Everything is now working. The basic symptom was that nobody could login via proftpd, even though they had correct passwords.
     
  13. 105547111

    105547111 Silver Pleskian

    32
    30%
    Joined:
    Jul 13, 2006
    Messages:
    643
    Likes Received:
    2
    While we are at it the Fedora pam is not 100% correct. You still can get issues logging lots of unnecessary events.

    The correct PAM from fedora all the way upstream to rawhide is:

    #%PAM-1.0
    session optional pam_keyinit.so force revoke
    auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
    auth required pam_shells.so
    auth include system-auth
    account include system-auth
    # Comment the following line if you are having PAM issues with chrooted users
    #session include system-auth
    session required pam_loginuid.so


    The session include system-auth should be commented out as it generates a lot of issues generating false alerts in ossec.
     
  14. laughingbuddha

    laughingbuddha Regular Pleskian

    25
     
    Joined:
    Aug 7, 2007
    Messages:
    107
    Likes Received:
    0
    Just ran a yum update, and rebooted but still can't log in on FTP.

    I'm running the new proftp (220 ProFTPD 1.3.2 Server (ProFTPD) [80.xxx.xx.xxx]) but can't log in on FTP at all.

    I'm an ASL subscriber. Help!!!

    Matt
     
  15. onsightdata

    onsightdata Regular Pleskian

    25
     
    Joined:
    Jul 25, 2007
    Messages:
    132
    Likes Received:
    0
    Can you paste your etc/pam.d/proftpd and what version of linux and build you are running
     
  16. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Are you using anon ftp with quotas enabled by any chance?
     
  17. laughingbuddha

    laughingbuddha Regular Pleskian

    25
     
    Joined:
    Aug 7, 2007
    Messages:
    107
    Likes Received:
    0
    CentOS 5.2

    #%PAM-1.0M-1.0
    auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
    auth include system-auth
    auth required pam_shells.so
    account include system-auth
    #session include system-auth

    Matt
     
  18. laughingbuddha

    laughingbuddha Regular Pleskian

    25
     
    Joined:
    Aug 7, 2007
    Messages:
    107
    Likes Received:
    0
    Fixed it.

    Used the following, please tell me if this is wrong Scott:-

    #%PAM-1.0M-1.0
    auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
    auth required pam_shells.so
    auth include system-auth
    account include system-auth
    #session include system-auth
    session required pam_loginuid.so

    I was going to add this line:

    auth required pam_stack.so sevice=system-auth

    But didn't know what it did, so I left it out.

    Thanks guys, using Matt Sonnentag and 105547111 did the trick. Linux newbie by the way, so not all up on everything. Now Windows servers and I know what I'm talking about, but needless to say they are not as secure as Linux with ASL running.

    Thanks again :)

    Matt
     
  19. Amin Taheri

    Amin Taheri Golden Pleskian Plesk Certified Professional

    33
     
    Joined:
    Jul 5, 2007
    Messages:
    1,398
    Likes Received:
    1
    Location:
    Seattle Area
    The latest version from ART fixes the quota issues.
    psa-proftpd-1.3.2-6 I think.
     
Loading...