ProFTPd and LDAP Auth

By Sikh
in Linux

 Share

Recommended Posts

Grand Master

Sikh

Posted
Posted

Hey Neowin,

 

I have Proftpd authenticating with LDAP perfectly fine. I am able to log in with filezilla or any other ftp client perfectly fine. What I can't do is create files or any of that. I can't figure out why. 

Based off the ProFTPd log at debug level 10 its passed the command "MKD" to all the mods that are loaded and never succeeds. Filezilla says its "Permissions Denied". Looking into this issue a little more and I found that the ID's generated by the LDAP users might not match the dir permissions. So I ran a 'ls -aln' and got the correct IDs. I then forced the UID and GID of the  LDAP users to the same IDs as the dir and still Permission Denied.

 

I hope someone can help!

 

Thanks,

Jimmy

Link to comment
https://www.neowin.net/forum/topic/1166525-proftpd-and-ldap-auth/
Share on other sites
Mentor

Karl L.

Posted
Posted

I have no experience with ProFTPd, but I have had similar problems with other daemons (notably SAMBA) failing to access files and directories with seemingly proper permissions. First, is your FTP server running as root or another user? The FTP server needs permission to write to the directory itself and setuid to the proper user, which means it should probably be running as root. Also, is SELinux enforcing? Even if the FTP server is running as root and apparently has permission to access the directory you are trying to write to and setuid to the proper user, SELinux could be blocking it. If that is the case, check your audit.log for specifics.

Grand Master

Sikh

Posted
  • Author
Posted

xorangekiller,

 

Thanks for replying. I actually didn't think about the proftpd user! The server is starting as the "proftpd:proftpd" user and group that gets created on install. I never thought about permissions for the server user because the local system user can do it perfectly fine, but now thinking about it, it would make sense that the ftpserver user have access to the folder, DERP. I will be trying this very soon. 

 

As far as SELinux goes, I'm running Ubuntu Server 12.10 and I don't see dmesg complaining about anything, so not sure if it is getting in the way or not. I don't see a audit.log in /var/log either.

 

Again thanks for the reply. Ill try anything at this point. Wish the ubuntu forums were back up right now -_-.

 

Thanks,

Sikh

Mentor

Karl L.

Posted
Posted

If you are using Ubuntu Server you are not running SELinux. Since audit.log (which is normally located in /var/log/audit/audit.log) is an SELinux construct, you will not have it. Ubuntu Server does use another kernel-level security mechanism, AppArmor, but it is much more passive than SELinux and shouldn't cause you any problems with ProFTPd. From the sound of it, daemon permissions are likely your problem.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.