• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

proftpd works fine but lots of pam_env warnings in /var/log/secure

S

Stephen_Stephen

New Pleskian
/var/log/secure:
May 27 10:12:57 proftpd: pam_unix(proftpd:session): session opened for user rambo by (uid=0)
May 27 10:12:57 proftpd[15153]: xx.xx.xx.xx (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]) - USER rambo: Login successful.
May 27 10:13:30 proftpd: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Permission denied
May 27 10:13:30 proftpd: pam_unix(proftpd:session): session closed for user rambo

this warning comes every time the ftp session disconnected: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Permission denied

my system is 2.6.32-504.8.1.el6.x86_64 and plesk12.0.18#47

thanks
GD
 
Last edited:
try changing /etc/pam.d/proftp to

#%PAM-1.0M-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
session required pam_loginuid.so


But dont forget to make a copy first in the event something goes wrong.

regards
Jan
 
Linulex said:
try changing /etc/pam.d/proftp to

#%PAM-1.0M-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
session required pam_loginuid.so


But dont forget to make a copy first in the event something goes wrong.

regards
Jan
Click to expand...


Thanks. I've tried that. now when ftp connects the following log message has gone:

proftpd: pam_unix(proftpd:session): session opened for user rambo by (uid=0)

and when ftp disconnects the are no logs. the pam_unix(proftpd:session) message has gone too:

proftpd: pam_unix(proftpd:session): session closed for user rambo

would the suggested changs create any side effect? should the original proftpd setting be there for a reason?

thanks
 
Last edited:
I have never noticed that. And to be honest, i don't really care when someone is disconnected, maybe thats why i never noticed it. It are the users that are connected that interest me.
 
Not just the disconnected one but also the connected log msg of pam_unix has gone too, something like below
proftpd: pam_unix(proftpd:session): session opened for user rambo by (uid=0)

which might make me think if the changes could lead to any possible risk as the original setting is there for a reason. any idea what pam_unix is?
 
Last edited:
Hi Thanks for the info.So does that mean the layer of pam_unix get lifted and it becomes less secure? The pam_unix log msg do not look like warnings at all I haven't got a problem with pam_unix and it's not what I want to get rid of anyway.


Say I want to undo the changes: Originally before I made the changes to /etc/pam.d/proftpd the log of /var/log/secure creates the following warning every time ftp disconnects:
...
proftpd: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Permission denied
...
This is the one I am concerned. does anyone know what it does/means too? I've checked /etc/security/pam_env.conf is an equivalence of an empty file.
 
Last edited:
Stephen_Dai said:
Not just the disconnected one but also the connected log msg of pam_unix has gone too, something like below
proftpd: pam_unix(proftpd:session): session opened for user rambo by (uid=0)

which might make me think if the changes could lead to any possible risk as the original setting is there for a reason. any idea what pam_unix is?
Click to expand...

The logs now show

May 30 10:18:28 res2 proftpd[28580]: xxxx.xxx.xx.xx (92.70.34.26[92.70.34.26]) - USER king: Login successful

at what time they logged in
from what ip they logged in
Who logged in

That is all the information i need in a login log.

Have a look at this thread http://talk.plesk.com/threads/deprecated-pam_stack-module-called-from-service-proftpd.283465/

the session message will be back again, but so will the error.

kind regards
Jan
 
I tried the above changes to /etc/pam.d/proftpd but still see the following issue:

Feb 10 09:47:40 a proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
Feb 10 09:47:40 a proftpd[3618]: xxx.xxx.xxx.xxx (174.123.136.2[174.123.136.2]) - USER fredblogs: Login successful.
Feb 10 09:47:40 a proftpd: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Permission denied

My proftpd file is as follows:

#%PAM-1.0M-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
session required pam_loginuid.so

OS ‪CentOS 6.6 (Final)‬
Plesk version 12.5.30 Update #20, last updated at Feb 8, 2016 05:07 PM

Can anyone help / advise how to get rid of the errors?
 
You must log in or register to reply here.

Similar threads

K
Issue proftpd: pam_env
Replies
2
Views
590
kevinjansen
K
S
Issue FTP broken?
Replies
10
Views
1K
kevinjansen
K
B
Question Proftp on disconnection Unable to open pam_env.conf
Replies
2
Views
3K
Bossman
B
UnS3eN
Issue No FTP (proFTP) access after 17.8.11 upgrade
Replies
4
Views
3K
UnS3eN
UnS3eN
M
Issue FTP login not possible for one domain
Replies
1
Views
2K
UFHH01
U
Back
Top