I'm wondering if vsftpd supports user subcommand?
I found I can't switch user after ftp login.
Maybe someone can give me a certain answer.
I always got the message as below,
Quote:
mastest.user1{~ }% ftp mastest
Connected to mastest (172.26.80.149).
220 (vsFTPd 2.2.2)
Name (mastest:user1): user1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> user user2
530 Can't change to another user.
Login failed.
I enabled log_ftp_protocol=YES and checked the vsftpd.log,
it didn't help much actually. The log file only showed the following message.
pam_service_name is what you need to check - pam is an (usually) optional authorization control mechanism. And it clearly supports user change and is blocked as a possible security issue.
You did not specify your OS, but RH used to have /etc/pam.d/vsftpd that you can modify. I do not know if that is still correct or not - probably not. Just be sure to keep a backup.
Last edited by jim mcnamara; 08-31-2017 at 06:52 AM..
pam_service_name is what you need to check - pam is an (usually) optional authorization control mechanism. And it clearly supports user change and is blocked as a possible security issue.
You did not specify your OS, but RH used to have /etc/pam.d/vsftpd that you can modify. I do not know if that is still correct or not - probably not. Just be sure to keep a backup.
Thank you for response.
I've tried vsftpd on both RHEL 6.5 and RHEL 5.7, they all had the same issue. I did check pam_service_name, but I had no clue how to fine tune it. Would you please give me some suggestions?
Forgot to mention that the vsftpd version is,
vsftpd-2.0.5-21.el5 for RHEL 5
vsftpd-2.2.2-11.el6_4.1.x86_64 for RHEL 6
Do not mess with PAM unless you are in easy driving distance of the system, have a rescue CD and the technical know-how to fix it by hand. Even then, give it a couple of second thoughts. The risks of altering PAM are very high. You can easily render your system unbootable, un-login-able, or open security holes you could only discover by accident (or intentional intrusion).
Why do you need to change users after an FTP login? Why not login as the user you wanted to login as in the first place?
Why do you need to use FTP at all?
Explain your problem in more detail and we can probably find better solutions.
Do not mess with PAM unless you are in easy driving distance of the system, have a rescue CD and the technical know-how to fix it by hand. Even then, give it a couple of second thoughts. The risks of altering PAM are very high. You can easily render your system unbootable, un-login-able, or open security holes you could only discover by accident (or intentional intrusion).
Why do you need to change users after an FTP login? Why not login as the user you wanted to login as in the first place?
Why do you need to use FTP at all?
Explain your problem in more detail and we can probably find better solutions.
Thank you for reminding.
I don't have intention to alter or replace PAM actually,
I'm just thinking if any variables can be added/adjusted into vsftpd PAM file to solve USER command issue. Altering the PAM file is not necessary for me.
If there are other ways to solve the issue, that would be fine.
We have some in-house utilities worked among different domains.
Those utilities are served to users.
A user can run programs and upload data to a partially public account.
The program generates a ftp script including changing the user's account
to the public account "design" and then run the script to upload data.
The program designer uses .netrc to avoid inputing passwords
It's a little bit complicated to explain the designer's needs in detail.
I got a part of the designer's codes as below,
I know it's an outdated coding style since using .netrc is risky and unsafe. There are some history backgrounds out there.
We just focus on solving the issue.
Well, I found my workaround. the "ftp" command has the "-n" argument to supress using .netrc for auto-login.
That allows us to ftp connecting first and then decide login ID.
We can capitalize on this to solve our issue.
I don't know if there has better solution.
So, I may keep this post opening for a while.
That looks to me like a far better solution than playing with your PAM settings. There's just too much security risk in letting users play games with their logins after login.
:rolleyes:I am trying to setup all certificate based client-server environment in Linux using vsftpd and curl with openssl.
I would like to make a user access with vsftpd certificate and user own client certificate (self-signed) with private/public key.
I don't see google posts about the my plan... (4 Replies)
Hello
I am new to linux.
I have recently installed vsftpd in my Centos server. I have set the local_umask=0037.
But now i can't understand how the window users added in a centos server can see each-other folder.
---------- Post updated at 05:59 AM ---------- Previous update was at 05:55 AM... (7 Replies)
HI
I have set up vsftp on my Red hat server.
Chroot has been set up to control access to each user and folder directories.
This all works fine.
But i have one directory where i want to chroot but ensure that the ftp access is read only.
Any help appreciated
thanks
Treds (1 Reply)
Hi Friends,
I am trying to configure vsftpd server 2.0.5 on rhel5 64 bit installation.
I am getting an error when initiating an ssl connection.
I am using filezilla 3.0 ftp client.
Client is specifically using passive mode connection.
I can see the client is able to connect to the server,... (0 Replies)
Hi,
I am using VSFTPD.
I have instructed it to send all logging informartion to /var/log/messages.
I would like it to record the names of users who have failed loggin attempts. I have read up on it but have not found out how to do this. Any ideas? (1 Reply)
Hello,
When my fellow employees loggin to the FTP server they have no problems if they use FTP clients.
When they try and access the FTP site using their browsers using ftp://<domain> name all they get is a pub directory which is empty. They are not even prompted for loggin.
How to fix... (2 Replies)
Is there a way i can only force SSL encryption if they connect from outside our network OR allow certain IP's to connect without using encryption? (0 Replies)
We have a very old sun solaris ultra spac system (about 14 years old). We have information stored on it that we reference from time to time because our new software is lacking.
The system failed about a week ago and I had to do a hard boot to get it back up. It came up that time, but it failed... (6 Replies)
I've been fighting this for about a year: vsftp does not work on any of my RedHat Server 5.x systems - I keep getting a variation on 500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp or 500 OOPS: cannot locate user entry:nobody (different errors on different systems). I spent... (0 Replies)
I've been tearing my hair out over this: vsftp does not work on any of my RedHat Server 5.x systems - I keep getting a variation on 500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp or 500 OOPS: cannot locate user entry:nobody (different errors on different systems). I spent... (2 Replies)