• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved no ftp connection - couldn't open /etc/ftpusers

Koen Verbruggen

Basic Pleskian
I am unable to connect using FTP with TLS/SSL on Plesk Onyx.
Running service xinetd status taught me: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers

Solutions like these don't solve the problem.

Security settings are set to allow only FTPS connections. Checked with setting this to allow non secure FTP sessions but no solution.
 
Hi Koen Verbruggen,

unfortunately, you miss to tell us, WHICH operating system you use.

Second, did you try to re-install the ProFTPD - related packages?

Third, pls. post the output of the command:
Code:
cat /etc/pam.d/proftpd
 
Hi UFHH01,
Thanks for the response.

1) I am on CentOS.
2) When i try to de-install this using Plesk installer it says a lot of packages which depend on proftpd will be de-installed as well. Is there a better way to re-install?
3)

#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
session include system-auth
session required pam_loginuid.so
 
Hi Koen Verbruggen,

2) When i try to de-install this using Plesk installer it says a lot of packages which depend on proftpd will be de-installed as well. Is there a better way to re-install?
Example:
Code:
rpm -qa | grep PACKAGE-NAME ( here: proftpd )

yum reinstall FOUND-PACKAGE-NAMES-FROM-THE-PREVIOUS-COMMAND

In addition, pls check with:
Code:
rpm -V psa-proftpd
... if your setup doesn't miss something.

If you experience for example, that "/var/run/proftpd" is missing, pls. create this folder with:
Code:
mkdir -p /var/run/proftpd
Afterwards, pls. restart ProFTPD with "service xinetd restart"​
 
Re-install did not solve the problems I experience, still the same error.

rpm -V psa-proftpd resolves in
S.5....T. c /etc/xinetd.d/ftp_psa which is a file that exists. How do I know if I mis a folder.
 
Hi Koen Verbruggen,

the check would print out on your command line for example:
Code:
rpm -V psa-proftpd
S.5....T.  c /etc/pam.d/proftpd
SM5....T.  c /etc/xinetd.d/ftp_psa
missing     /var/run/proftpd
Did you shorten the output from your command line?
 
Hi Koen Verbruggen,

the check would print out on your command line for example:
Code:
rpm -V psa-proftpd
S.5....T.  c /etc/pam.d/proftpd
SM5....T.  c /etc/xinetd.d/ftp_psa
missing     /var/run/proftpd
Did you shorten the output from your command line?

No. Before re-install I recall getting two lines, now only this one.
I will revert to last backup and try again
 
Dear AYamshanov,
I've tried both of your solutions, no TSL/SSL didn't work.
Neither did commenting out the line in pam_stack.so

This is the result in /var/log/secure when I try to connect with FTPS:
Code:
May 19 09:11:43 vps proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
May 19 09:11:43 vps unix_chkpwd[25575]: password check failed for user (vps)
May 19 09:11:43 vps proftpd: pam_unix(proftpd:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/ftpd25573 ruser=vps rhost=IPADDRESS  user=vps
May 19 09:11:45 vps proftpd[25573]: 0.0.0.0 (IPADDRESS[IPADDRESS]) - USER vps (Login failed): Incorrect password
 
Hi,
I thought this was triggered by the fact that it couldn't read the /etc/ftpusers :)

Login is succesful now, but I run in the same experience I had before: ftp client isn't able to load file listing.
/var/log/secure:
Code:
May 19 09:56:44 vps proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
May 19 09:56:44 vps proftpd: pam_unix(proftpd:session): session opened for user vps by (uid=0)
May 19 09:56:44 vps proftpd[5336]: 0.0.0.0 (IPADDRESS[IPADDRESS]) - USER vps: Login successful.
May 19 09:57:44 vps proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
May 19 09:57:44 vps proftpd: pam_unix(proftpd:session): session opened for user vps by (uid=0)
May 19 09:57:44 vps proftpd[5347]: 0.0.0.0 (IPADDRESS[IPADDRESS]) - USER vps: Login successful.
May 19 09:58:45 vps proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
May 19 09:58:45 vps proftpd: pam_unix(proftpd:session): session opened for user vps by (uid=0)
May 19 09:58:45 vps proftpd[5362]: 0.0.0.0 (IPADDRESS[IPADDRESS]) - USER vps: Login successful.
May 19 09:59:11 vps proftpd: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
May 19 09:59:11 vps proftpd: pam_systemd(proftpd:session): Failed to connect to system bus: No such file or directory
May 19 09:59:11 vps proftpd: pam_unix(proftpd:session): session closed for user vps
May 19 09:59:45 vps proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
May 19 09:59:45 vps proftpd: pam_unix(proftpd:session): session opened for user vps by (uid=0)
May 19 09:59:45 vps proftpd[5381]: 0.0.0.0 (IPADDRESS[IPADDRESS]) - USER vps: Login successful.
May 19 10:00:12 vps proftpd: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
May 19 10:00:12 vps proftpd: pam_systemd(proftpd:session): Failed to connect to system bus: No such file or directory
May 19 10:00:12 vps proftpd: pam_unix(proftpd:session): session closed for user vps
 
Hi Koen Verbruggen,

Couldn't open /etc/ftpusers
and
Unable to open config file: /etc/security/pam_env.conf: No such file or directory
... brings us back to : => #4 and #3

pam_systemd(proftpd:session): Failed to connect to system bus: No such file or directory
... brings us to : => #2

For Ubuntu/Debian - based systems, you would use:
Code:
sudo update-rc.d dbus defaults
sudo service dbus restart
/etc/init.d/xinetd stop
/etc/init.d/xinetd start

For CentOS/RHEL - based systems, you would use:
Code:
sudo update-rc.d dbus defaults
systemctl restart dbus.service
systemctl stop xinetd.service
systemctl start xinetd.service
 
You hide IP-address. So, could you say, is your server behind NAT? As an example, it inside AWS/Azure? Could be firewall drops FTP-data traffic? Do you use active FTP mode or passive? Have you got any logs from FTP-client when it isn't able to load file listing?
 
I'm not behind NAT. Using Pasive mode.

The service seems to be very instable.
I do copy the password which i'm 100% sure is correct.
Sometimes the login is logged as authentication failure. Sometime as succesful, however, after being succesful and the client keeps waiting the client asks for password again, wrong authentication? After trying once or twice with correct password the connection drops.

/system/log/secure (without IP hidden)
Code:
May 19 11:48:57 vps proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
May 19 11:48:58 vps unix_chkpwd[4286]: password check failed for user (vps)
May 19 11:48:58 vps proftpd: pam_unix(proftpd:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/ftpd4279 ruser=vps rhost=185.52.12.115  user=vps
May 19 11:48:59 vps proftpd[4279]: 0.0.0.0 (185.52.12.115[185.52.12.115]) - USER vps (Login failed): Incorrect password
May 19 11:49:35 vps proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
May 19 11:49:35 vps unix_chkpwd[4299]: password check failed for user (vps)
May 19 11:49:35 vps proftpd: pam_unix(proftpd:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/ftpd4297 ruser=vps rhost=185.52.12.115  user=vps
May 19 11:49:37 vps proftpd[4297]: 0.0.0.0 (185.52.12.115[185.52.12.115]) - USER vps (Login failed): Incorrect password
May 19 11:49:42 vps proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
May 19 11:49:42 vps proftpd: pam_unix(proftpd:session): session opened for user vps by (uid=0)
May 19 11:49:42 vps proftpd[4297]: 0.0.0.0 (185.52.12.115[185.52.12.115]) - USER vps: Login successful.
May 19 11:49:55 vps proftpd: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Permission denied
May 19 11:49:55 vps proftpd: pam_systemd(proftpd:session): Failed to connect to system bus: Permission denied
May 19 11:49:55 vps proftpd: pam_unix(proftpd:session): session closed for user vps
May 19 11:49:56 vps proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
May 19 11:49:56 vps unix_chkpwd[4309]: password check failed for user (vps)
May 19 11:49:56 vps proftpd: pam_unix(proftpd:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/ftpd4306 ruser=vps rhost=185.52.12.115  user=vps
May 19 11:49:58 vps proftpd[4306]: 0.0.0.0 (185.52.12.115[185.52.12.115]) - USER vps (Login failed): Incorrect password
May 19 11:50:06 vps proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
May 19 11:50:06 vps proftpd: pam_unix(proftpd:session): session opened for user vps by (uid=0)
May 19 11:50:06 vps proftpd[4306]: 0.0.0.0 (185.52.12.115[185.52.12.115]) - USER vps: Login successful.
May 19 11:50:22 vps proftpd: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Permission denied
May 19 11:50:22 vps proftpd: pam_systemd(proftpd:session): Failed to connect to system bus: Permission denied
May 19 11:50:22 vps proftpd: pam_unix(proftpd:session): session closed for user vps

CyberDuck log:
Code:
220 ProFTPD 1.3.5d Server (ProFTPD) [136.144.133.35]
AUTH TLS
234 AUTH TLS successful
USER vps
331 Password required for vps
PASS *****************
530 Login incorrect.
USER vps
331 Password required for vps
PASS *****************
230 User vps logged in
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
FEAT
211-Features:
 PBSZ
 AUTH TLS
 MFF modify;UNIX.group;UNIX.mode;
 REST STREAM
 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
 LANG en-US.UTF-8*
 UTF8
 EPRT
 EPSV
 MDTM
 SSCN
 TVFS
 MFMT
 SIZE
 PROT
 CCC
211 End
OPTS UTF8 ON
200 UTF8 set to on
SYST
215 UNIX Type: L8
PWD
257 "/" is the current directory
CWD /
250 CWD command successful
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (136,144,133,35,118,154).
 
IP-addresses from `/system/log/secure` not interested, this is IP-address of FTP-client.


Next, are you sure you copy password without space near password?


> 227 Entering Passive Mode (136,144,133,35,118,154).
Next, I think a problem here is connecting between FTP-client and FTP-server. In line above, server says FTP-client connect to server' IP-address 136.144.133.35 and port 30362 (
=118*256+154). So, are you sure firewall doesn't block traffic to 136.144.133.35:30362/tcp on client or server side?
 
I was getting lots of
proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers

so I just did a "touch /etc/ftpusers"
no more errors :)
-t
 
Back
Top