• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

proftpd works fine but lots of pam_env warnings in /var/log/secure

S

Stephen_Stephen

New Pleskian
/var/log/secure:
May 27 10:12:57 proftpd: pam_unix(proftpd:session): session opened for user rambo by (uid=0)
May 27 10:12:57 proftpd[15153]: xx.xx.xx.xx (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]) - USER rambo: Login successful.
May 27 10:13:30 proftpd: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Permission denied
May 27 10:13:30 proftpd: pam_unix(proftpd:session): session closed for user rambo

this warning comes every time the ftp session disconnected: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Permission denied

my system is 2.6.32-504.8.1.el6.x86_64 and plesk12.0.18#47

thanks
GD
 
Last edited:
try changing /etc/pam.d/proftp to

#%PAM-1.0M-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
session required pam_loginuid.so


But dont forget to make a copy first in the event something goes wrong.

regards
Jan
 
Linulex said:
try changing /etc/pam.d/proftp to

#%PAM-1.0M-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
session required pam_loginuid.so


But dont forget to make a copy first in the event something goes wrong.

regards
Jan
Click to expand...


Thanks. I've tried that. now when ftp connects the following log message has gone:

proftpd: pam_unix(proftpd:session): session opened for user rambo by (uid=0)

and when ftp disconnects the are no logs. the pam_unix(proftpd:session) message has gone too:

proftpd: pam_unix(proftpd:session): session closed for user rambo

would the suggested changs create any side effect? should the original proftpd setting be there for a reason?

thanks
 
Last edited:
I have never noticed that. And to be honest, i don't really care when someone is disconnected, maybe thats why i never noticed it. It are the users that are connected that interest me.
 
Not just the disconnected one but also the connected log msg of pam_unix has gone too, something like below
proftpd: pam_unix(proftpd:session): session opened for user rambo by (uid=0)

which might make me think if the changes could lead to any possible risk as the original setting is there for a reason. any idea what pam_unix is?
 
Last edited:
Hi Thanks for the info.So does that mean the layer of pam_unix get lifted and it becomes less secure? The pam_unix log msg do not look like warnings at all I haven't got a problem with pam_unix and it's not what I want to get rid of anyway.


Say I want to undo the changes: Originally before I made the changes to /etc/pam.d/proftpd the log of /var/log/secure creates the following warning every time ftp disconnects:
...
proftpd: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Permission denied
...
This is the one I am concerned. does anyone know what it does/means too? I've checked /etc/security/pam_env.conf is an equivalence of an empty file.
 
Last edited:
Stephen_Dai said:
Not just the disconnected one but also the connected log msg of pam_unix has gone too, something like below
proftpd: pam_unix(proftpd:session): session opened for user rambo by (uid=0)

which might make me think if the changes could lead to any possible risk as the original setting is there for a reason. any idea what pam_unix is?
Click to expand...

The logs now show

May 30 10:18:28 res2 proftpd[28580]: xxxx.xxx.xx.xx (92.70.34.26[92.70.34.26]) - USER king: Login successful

at what time they logged in
from what ip they logged in
Who logged in

That is all the information i need in a login log.

Have a look at this thread http://talk.plesk.com/threads/deprecated-pam_stack-module-called-from-service-proftpd.283465/

the session message will be back again, but so will the error.

kind regards
Jan
 
I tried the above changes to /etc/pam.d/proftpd but still see the following issue:

Feb 10 09:47:40 a proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
Feb 10 09:47:40 a proftpd[3618]: xxx.xxx.xxx.xxx (174.123.136.2[174.123.136.2]) - USER fredblogs: Login successful.
Feb 10 09:47:40 a proftpd: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Permission denied

My proftpd file is as follows:

#%PAM-1.0M-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
session required pam_loginuid.so

OS ‪CentOS 6.6 (Final)‬
Plesk version 12.5.30 Update #20, last updated at Feb 8, 2016 05:07 PM

Can anyone help / advise how to get rid of the errors?
 
You must log in or register to reply here.

Similar threads

S
Issue FTP broken?
Replies
0
Views
100
Scared Donut
S
R
Plesk Random Crashes every few days 1-3 days
Replies
19
Views
2K
Dave W
Dave W
B
Question Proftp on disconnection Unable to open pam_env.conf
Replies
2
Views
2K
Bossman
B
UnS3eN
Issue No FTP (proFTP) access after 17.8.11 upgrade
Replies
4
Views
3K
UnS3eN
UnS3eN
M
Issue FTP login not possible for one domain
Replies
1
Views
1K
UFHH01
U
Back
Top