• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

[atomic] psa-proftpd 1.3.2-1 Update

A

atomicturtle

Golden Pleskian
https://atomicrocketturtle.com/forum/viewtopic.php?f=12&t=2851

This is an update for proftpd to 1.3.2 we put together to correct the following issues:
Published to the [atomic-testing] channel, this release candidate should resolve the following issues:

https://atomicrocketturtle.com/forum/viewtopic.php?f=12&t=2851

(there are too many to post to a single forum message)

To Install:
yum --enablerepo=atomic-tesitng upgrade psa-proftpd

To install the atomic repositories:

wget -q -O - http://www.atomicorp.com/installers/atomic |sh
 
I ran the update on fedora core server and not I cannot login to any of the ftp accounts for domains. I have reset the password and tried again. I even tried to create a new domain and login with that and no go .


This is the error in /var/log/secure

Feb 20 00:39:15 viper proftpd: PAM unable to dlopen(/lib/security/pam_stack.so)
Feb 20 00:39:15 viper proftpd: PAM [error: /lib/security/pam_stack.so: cannot open shared object file: No such file or directory]
Feb 20 00:39:15 viper proftpd: PAM adding faulty module: /lib/security/pam_stack.so
 
Last edited:
Ah ha :)

Sounds like your etc/pam.d/proftpd.pam file in the package is not right for Fedora.

Do you have your old pam file from the last version?

If not I can post mine, but now I am on iPhone no cut and paste :(

I actually rebuilt the rpm with the correct pam file, are you Fedora 8 (i386) by chance?

Can you PM me as a reminder to give you the info, if your F8 i386 I can send you my rpm.
 
OK so I am able to login to my ftp again. My /etc/pam.d/proftpd file must have been replaced when i updated to 1.3.2 and the values did not match a test machine I have at home running fedora core.

Values after update that did not allow me to login ( Matched the config on my REHL5 servers ):

#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth

I changed /etc/pam.d/proftpd to match a fedora server without the update ( 1.3.1 )

#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth include system-auth
auth required pam_shells.so
account include system-auth
session include system-auth
session required pam_loginuid.so


Everything seems to be working now. Comments?
 
Works Perfect.

Transaction Test Succeeded
Running Transaction
Updating : psa-proftpd ######################### [1/2]
warning: /etc/pam.d/proftpd created as /etc/pam.d/proftpd.rpmnew
Cleanup : psa-proftpd ######################### [2/2]

The proftpd.rpmnew is exactly the same at /etc/pam.d/proftpd. Works perfect.
 
Hey atomicturtle, halleluya :) ... thanks for releasing that!

Confirmed, works as it should do on 8.6 CentOS 5.2
 
Thanks for the follow up, I'm going to publish this package to the [atomic] channel as a stable update.

You can now update it with:

yum upgrade psa-proftpd
 
Hi Art,

Just wanted to let you know that I put in the 1.3.2.2 upgrade on 2 different Centos5 systems and one worked, one died, same sort of issue. I am glad I stumbled across this post otherwise I would have continued to be in great do-do. The dead box had the following in /etc/pam.d/proftpd:

#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_pwdb.so shadow nullok
account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth

It was replaced with:

#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth

Everything is now working. The basic symptom was that nobody could login via proftpd, even though they had correct passwords.
 
While we are at it the Fedora pam is not 100% correct. You still can get issues logging lots of unnecessary events.

The correct PAM from fedora all the way upstream to rawhide is:

#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
# Comment the following line if you are having PAM issues with chrooted users
#session include system-auth
session required pam_loginuid.so


The session include system-auth should be commented out as it generates a lot of issues generating false alerts in ossec.
 
Just ran a yum update, and rebooted but still can't log in on FTP.

I'm running the new proftp (220 ProFTPD 1.3.2 Server (ProFTPD) [80.xxx.xx.xxx]) but can't log in on FTP at all.

I'm an ASL subscriber. Help!!!

Matt
 
CentOS 5.2

#%PAM-1.0M-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth include system-auth
auth required pam_shells.so
account include system-auth
#session include system-auth

Matt
 
Fixed it.

Used the following, please tell me if this is wrong Scott:-

#%PAM-1.0M-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
#session include system-auth
session required pam_loginuid.so

I was going to add this line:

auth required pam_stack.so sevice=system-auth

But didn't know what it did, so I left it out.

Thanks guys, using Matt Sonnentag and 105547111 did the trick. Linux newbie by the way, so not all up on everything. Now Windows servers and I know what I'm talking about, but needless to say they are not as secure as Linux with ASL running.

Thanks again :)

Matt
 
You must log in or register to reply here.

Similar threads

S
Resolved Web Application Firewall: Error when changing to ruleset "Atomic Advanced (erworben über Plesk)"
Replies
4
Views
949
Sascha Schlüter
S
F
Issue tortix repository for jammy: Warning: there are errors in 'apt-get update'
Replies
3
Views
2K
kpushkarev
K
A
Question Error Message Installing Plesk
Replies
1
Views
961
Kaspar@Plesk
Kaspar@Plesk
AboodHamwi
Issue Plesk Daily update is deleting proftpd library
Replies
4
Views
1K
AboodHamwi
AboodHamwi
WolFree
Resolved Cannot install NodeJS via Plesk Update Components
Replies
3
Views
10K
Peter Debik
P
Back
Top