Bug 795568 - vsftpd does not start Fedora 16
Summary: vsftpd does not start Fedora 16
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: vsftpd
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jiri Skala
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-20 22:44 UTC by jeff
Modified: 2014-11-09 22:35 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-27 07:37:25 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description jeff 2012-02-20 22:44:59 UTC
Description of problem:
Vsftpd current version will not start...


Version-Release number of selected component (if applicable):
2.3.4-7.fc16         

How reproducible:
easy


Steps to Reproduce:
1. See additional info below
2.
3.
  
Actual results:
Does not start

Expected results:
Should start


Additional info:
[root@one4 log]# uname -a
Linux one4.biz 3.2.6-3.fc16.x86_64 #1 SMP Mon Feb 13 20:35:42 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
[root@one4 log]# yum list vsftpd
Loaded plugins: presto, refresh-packagekit, security
Installed Packages
vsftpd.x86_64                                                 2.3.4-7.fc16                                                 @updates
[root@one4 log]# systemctl enable vsftpd.service
[root@one4 log]# systemctl |grep vsftpd
vsftpd.service            loaded failed failed        Vsftpd ftp daemon
[root@one4 log]# systemctl start vsftpd.service
Job failed. See system logs and 'systemctl status' for details.
[root@one4 log]# systemctl status vsftpd.service
vsftpd.service - Vsftpd ftp daemon
          Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled)
          Active: failed since Mon, 20 Feb 2012 16:41:46 -0600; 10s ago
         Process: 7940 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=1/FAILURE)
          CGroup: name=systemd:/system/vsftpd.service
[root@one4 log]#

Comment 1 Jiri Skala 2012-02-21 07:44:25 UTC
Please, check if the vsftpd.conf is valid? (provide me the file if necessary)

Check for /etc/shells - have to contain /bin/bash (see BZ#754795)

What says /var/log/messages?

Comment 2 jeff 2012-02-21 14:49:44 UTC
Hey Jiri  Here you go..

 jeff]# cat /etc/shells
/sbin/nologin
/bin/zsh
/bin/tcsh
/bin/csh
/bin/dash
/bin/dash
/bin/bash
/bin/sh


jeff]# systemctl restart vsftpd.service
Failed to issue method call: Unit vsftpd.service failed to load: Bad message. See system logs and 'systemctl status vsftpd.service' for details.
[jeff@one4 jeff]# systemctl status vsftpd.service
vsftpd.service - Vsftpd ftp daemon
          Loaded: error (Reason: Bad message)
          Active: failed since Mon, 20 Feb 2012 20:04:53 -0600; 12h ago


 tail /var/log/messages
Feb 21 08:41:25 one4 dbus[865]: [system] Successfully activated service 'net.reactivated.Fprint'
Feb 21 08:41:25 one4 dbus-daemon[865]: dbus[865]: [system] Activating service name='net.reactivated.Fprint' (using servicehelper)
Feb 21 08:41:25 one4 dbus-daemon[865]: Launching FprintObject
Feb 21 08:41:25 one4 dbus-daemon[865]: dbus[865]: [system] Successfully activated service 'net.reactivated.Fprint'
Feb 21 08:41:25 one4 dbus-daemon[865]: ** Message: D-Bus service launched with name: net.reactivated.Fprint
Feb 21 08:41:25 one4 dbus-daemon[865]: ** Message: entering main loop
Feb 21 08:41:27 one4 systemd-logind[817]: New session c1 of user root.
Feb 21 08:41:55 one4 dbus-daemon[865]: ** Message: No devices in use, exit
Feb 21 08:45:01 one4 xinetd[999]: START: ftp pid=9268 from=::1
Feb 21 08:45:04 one4 xinetd[999]: EXIT: ftp status=1 pid=9268 duration=3(sec)


cat /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Logged into One4.biz Be nice you are being watched.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=NO

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
force_dot_files=YES
passwd_chroot_enable=YES
pasv_max_port=1024
pasv_promiscuous=yes
no_anon_password=YES
use_localtime=YES
anon_root=/var/ftp/pub
vsftpd_log_file=/var/log/vsftpd.log
max_per_ip=1
max_clients=5

Comment 3 jeff 2012-02-21 18:38:04 UTC
More info change disable from yes to no in /etc/xinetd.d/vsftpd and tried to start it again.

get this:
 xinetd.d]# systemctl status vsftpd.service
vsftpd.service - Vsftpd ftp daemon
          Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled)
          Active: failed since Tue, 21 Feb 2012 12:26:03 -0600; 6s ago
         Process: 26126 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=1/FAILURE)
          CGroup: name=systemd:/system/vsftpd.service

get this in /var/log/messages

Feb 21 12:36:56 one4 systemd[1]: vsftpd.service: control process exited, code=exited status=1
Feb 21 12:36:56 one4 systemd[1]: Unit vsftpd.service entered failed state.

Config file the same

Comment 4 jeff 2012-02-23 17:04:14 UTC
One thing I also noticed after an uninstall and a re-install that he vsftpd start-up script was not in the /etc/rc.d/init.d directory as it has been in the past.  Moved in a backup copy still did not start.

Comment 5 jeff 2012-02-23 22:52:24 UTC
Boy this gets stranger by the day.

Updated to current kernel 3.2.7-1 and Vsftpd started but 3 times?
Probably the startup script in /etc/rc.d/init.d/vsftpd
Also, Xinetd started looping again.

systemctl stop vsftpd.service worked but xinetd still looping.

systemstl start vsftpd.service started correctly xinetd still looping.

top - 16:19:56 up  2:47,  3 users,  load average: 2.12, 1.76, 1.71
Tasks: 168 total,   2 running, 166 sleeping,   0 stopped,   0 zombie
Cpu(s):  3.0%us, 94.0%sy,  0.0%ni,  0.0%id,  0.0%wa,  3.0%hi,  0.0%si,  0.0%st
Mem:   2052684k total,  1736784k used,   315900k free,   150916k buffers
Swap:  2326524k total,        0k used,  2326524k free,   673312k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                               
 1001 root      20   0 22288  916  692 R 50.5  0.0  81:40.32 xinetd                                                                
  840 root      20   0  237m 1644 1152 S 44.5  0.1  71:33.89 rsyslogd                                                              
 2391 jeff      20   0 1226m  30m  17m S  1.3  1.5   1:57.45 knotify4                                                              
30878 root      20   0     0    0    0 S  0.3  0.0   0:00.02 kworker/0:2                                                           
    1 root      20   0 39696 5136 1940 S  0.0  0.3   0:00.67 systemd                                                               
    2 root      20   0     0    0    0 S  0.0  0.0   0:00.00 kthreadd                                                              
    3 root      20   0     0    0    0 S  0.0  0.0   0:00.02 ksoftirqd/0                                                           
    6 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 migration/0                                                           
    7 root      RT   0     0    0    0 S  0.0  0.0   0:00.01 watchdog/0                                                            
    8 root       0 -20     0    0    0 S  0.0  0.0   0:00.00 cpuset                                                                
    9 root       0 -20     0    0    0 S  0.0  0.0   0:00.00 khelper                                                               
   10 root      20   0     0    0    0 S  0.0  0.0   0:00.00 kdevtmpfs                                                             
   11 root       0 -20     0    0    0 S  0.0  0.0   0:00.00 netns                                                                 
   12 root      20   0     0    0    0 S  0.0  0.0   0:00.00 sync_supers                                                           
   13 root      20   0     0    0    0 S  0.0  0.0   0:00.00 bdi-default                                                           
   14 root       0 -20     0    0    0 S  0.0  0.0   0:00.00 kintegrityd                                                           
   15 root       0 -20     0    0    0 S  0.0  0.0   0:00.00 kblockd                                                               
   16 root       0 -20     0    0    0 S  0.0  0.0   0:00.00 ata_sff                                                               
   17 root      20   0     0    0    0 S  0.0  0.0   0:00.05 khubd                                                                 
   18 root       0 -20     0    0    0 S  0.0  0.0   0:00.00 md                                                                    
   21 root      20   0     0    0    0 S  0.0  0.0   0:00.00 kswapd0                                                               
   22 root      25   5     0    0    0 S  0.0  0.0   0:00.00 ksmd                                                                  
   23 root      39  19     0    0    0 S  0.0  0.0   0:00.40 khugepaged                                                            
   24 root      20   0     0    0    0 S  0.0  0.0   0:00.00 fsnotify_mark                                                         
   25 root       0 -20     0    0    0 S  0.0  0.0   0:00.00 crypto                                                                
   31 root       0 -20     0    0    0 S  0.0  0.0   0:00.00 kthrotld                                                              
   33 root      20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_0                                                             
   34 root      20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_1                                                             
   35 root      20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_2                                                             
   37 root      20   0     0    0    0 S  0.0  0.0   0:00.00 kworker/u:3                                                           
   38 root       0 -20     0    0    0 S  0.0  0.0   0:00.00 kpsmoused                                                             
[jeff@one4 ~]$ su
Password: 
[root@one4 jeff]# ps -ef|grep vsftpd
root      1023     1  0 13:32 ?        00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
root     31543  1023  0 16:20 ?        00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
nobody   31544 31543  0 16:20 ?        00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
root     31547 31518  0 16:20 pts/1    00:00:00 grep --color=auto vsftpd
[root@one4 jeff]# uname -a
Linux one4.biz 3.2.7-1.fc16.x86_64 #1 SMP Tue Feb 21 01:40:47 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Comment 6 Jiri Skala 2012-02-24 07:19:15 UTC
Hi,
you have to decide if you want to start vsftpd through xinetd or in standalone mode.

xinetd:

vsftpd.conf:
listen=NO
listen_ipv6=NO

/etc/xinetd.d/vsftpd: disabled no

standalone mode:

vsftpd.conf:
listen xor listen_ipv6 set to YES

/etc/xinetd.d/vsftpd: disabled yes

ps -ef ... in comment #5 discovers running vsftpd even with child that handles client request.

Your conf file works fine on my f16 machine. Kill all vsftpd processes check/modify xinetd & vsftpd configuration in accordance to example above and try it again.

Comment 7 jeff 2012-02-24 16:31:02 UTC
No go with xinetd...

cat vs*conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Logged into One4.biz Be nice you are being watched.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=NO
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=NO

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
force_dot_files=YES
passwd_chroot_enable=YES
pasv_max_port=1024
pasv_promiscuous=yes
no_anon_password=YES
use_localtime=YES
anon_root=/var/ftp/pub
vsftpd_log_file=/var/log/vsftpd.log
max_per_ip=1
max_clients=5

cat /etc/x*.d/vsftpd
# default: off
# description: The vsftpd FTP server serves FTP connections. It uses\
# normal, unencrypted usernames and passwords for authentication.
service ftp
{
        disable = yes
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
nice = 10
}

xinetd running
ps -ef |grep xinetd
root      3655     1  0 10:18 ?        00:00:00 xinetd

Ensure vsftpd not running, start service fails
ps -ef|grep vsftpd
root      4334  3980  0 10:29 pts/1    00:00:00 grep --color=auto vsftpd
[root@one4 vsftpd]# systemctl start vsftpd.service
Job failed. See system logs and 'systemctl status' for details.
[root@one4 vsftpd]# systemctl status vsftpd.service
vsftpd.service - Vsftpd ftp daemon
          Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled)
          Active: failed since Fri, 24 Feb 2012 10:29:56 -0600; 6s ago
         Process: 4337 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=1/FAILURE)
        Main PID: 924 (code=killed, signal=TERM)
          CGroup: name=systemd:/system/vsftpd.service

Comment 8 jeff 2012-02-24 16:41:30 UTC
Changed it to standalone mode which works appears it does not like xinetd mode or I still have something miss configured.

vsftpd.conf

listen=YES

systemctl start vsftpd.service
[root@one4 vsftpd]# systemctl status vsftpd.service
vsftpd.service - Vsftpd ftp daemon
          Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled)
          Active: active (running) since Fri, 24 Feb 2012 10:39:45 -0600; 4s ago
         Process: 4975 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)
        Main PID: 4976 (vsftpd)
          CGroup: name=systemd:/system/vsftpd.service
                  └ 4976 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

Comment 9 Jiri Skala 2012-02-27 07:37:25 UTC
Please, don't try starting vsftpd when the vsftpd is configured to be started through xinetd. You have to configure:

/etc/xinetd.d/vsftpd (disable no)
/etc/vsftpd/vsftpd.conf (listen & listen_ipv6 NO)
# sytemctl start xinetd.service

Eventually adjust firewall. Nothing more. The xinetd will start vsftpd when necessary. You haven't start it manually!!! This is xinetd's job.

You start vsftpd using systemctl only in standalone mode!!!

Closing 'notabug'.

Comment 10 jeff 2012-02-27 16:27:58 UTC
Jiri,

Sorry your settings do not work...  
cat /etc/xinetd.d/vsftpd
# default: off
# description: The vsftpd FTP server serves FTP connections. It uses\
# normal, unencrypted usernames and passwords for authentication.
service ftp
{
        disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
nice = 10
}
[root@one4 jeff]# cat /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Logged into One4.biz Be nice you are being watched.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen= NO
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=NO

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
force_dot_files=YES
passwd_chroot_enable=YES
pasv_max_port=1024
pasv_promiscuous=yes
no_anon_password=YES
use_localtime=YES
anon_root=/var/ftp/pub
vsftpd_log_file=/var/log/vsftpd.log
max_per_ip=1
max_clients=5
[root@one4 jeff]# systemctl start xinetd.service

Tried to ftp from another system looks like I connect but vsftpd does not start?

[root@one4 jeff]# ps -ef|grep vsftpd
root     17521 17257  0 10:21 pts/1    00:00:00 grep --color=auto vsftpd

Tried to start vsftpd.service throws an error..

systemctl start vsftpd.service
Job failed. See system logs and 'systemctl status' for details.
[root@one4 jeff]# systemctl status vsftpd.service
vsftpd.service - Vsftpd ftp daemon
          Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled)
          Active: failed since Mon, 27 Feb 2012 10:25:32 -0600; 13s ago
         Process: 17715 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=1/FAILURE)
        Main PID: 4976 (code=killed, signal=TERM)
          CGroup: name=systemd:/system/vsftpd.service


Only way to get it to run is stand alone, no firewall changes required and can connect just fine.

Comment 11 Jiri Skala 2012-02-28 07:32:50 UTC
When xinetd is started you are able to use ftp client to connect to server. A request from the client asks xinetd for starting vsftpd. The xinetd ensures the services are running only when necessary.

Please read 'man xinetd'.

Comment 12 jeff 2012-02-28 19:02:20 UTC
Yes did that first, seems to work fine for other services.  Got a bit further..

Server runs but throws an error.

ftp one4.biz
Connected to one4.biz (192.168.69.50).
500 OOPS: bad bool value in config file for: listen

Changed listen=YES to listen=NO since it is Boolean there can not be a third option does it need to be commented out?  In fact, you must comment "listen" out in order to get it to run. Boolean now has three options..  Bug found.

cat /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Logged into One4.biz Be nice you are being watched.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen= NO
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=NO

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
force_dot_files=YES
passwd_chroot_enable=YES
pasv_max_port=1024
pasv_promiscuous=yes
no_anon_password=YES
use_localtime=YES
anon_root=/var/ftp/pub
vsftpd_log_file=/var/log/vsftpd.log
max_per_ip=1
max_clients=5

Working Config is....
cat /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Logged into One4.biz Be nice you are being watched.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
#listen= NO
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=NO

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
force_dot_files=YES
passwd_chroot_enable=YES
pasv_max_port=1024
pasv_promiscuous=yes
no_anon_password=YES
use_localtime=YES
anon_root=/var/ftp/pub
vsftpd_log_file=/var/log/vsftpd.log
max_per_ip=1
max_clients=5

Comment 13 Jan Synacek 2012-03-05 07:01:44 UTC
> In fact, you must comment "listen"
> out in order to get it to run. Boolean now has three options..  Bug found.

Read the comment block right above the 'listen_ipv6' option in the config file you pasted in comment 12.

Comment 14 jeff 2012-03-06 02:44:37 UTC
Good point I guess the option of listen=no is just redundant then and a bit confusing..

When would you use listen=NO?  Standalone with no listener?  Just curious..  Clear as mud..

Comment 15 Jan Synacek 2012-03-06 06:27:38 UTC
As I understand it, listen and listen_ipv6 are two separate options, depending on whether you want to use IPv4 or IPv6. If you want to use standalone, you set one of those to 'yes'. If you want to use both, you need two separate config files and have to run two instances of vsftpd. If set to 'no', you can't run vsftpd on its own and have to configure xinetd to start it.

Comment 16 jeff 2012-03-06 22:29:02 UTC
Bingo. if you set them both to NO vsftpd throws an error

ftp one4.biz
Connected to one4.biz (192.168.69.50).
500 OOPS: bad bool value in config file for: listen

Not processing the config file.



Config file notice both listen values are set to NO

cat /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Logged into One4.biz Be nice you are being watched.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen= NO
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=NO

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
force_dot_files=YES
passwd_chroot_enable=YES
pasv_max_port=1024
pasv_promiscuous=yes
no_anon_password=YES
use_localtime=YES
anon_root=/var/ftp/pub
vsftpd_log_file=/var/log/vsftpd.log
max_per_ip=1
max_clients=5


If I comment out the first Listen like so:
cat /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Logged into One4.biz Be nice you are being watched.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
#listen= NO
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=NO

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
force_dot_files=YES
passwd_chroot_enable=YES
pasv_max_port=1024
pasv_promiscuous=yes
no_anon_password=YES
use_localtime=YES
anon_root=/var/ftp/pub
vsftpd_log_file=/var/log/vsftpd.log
max_per_ip=1
max_clients=5

It works...
ftp one4.biz
Connected to one4.biz (192.168.69.50).
220 Logged into One4.biz Be nice you are being watched.
Name (one4.biz:jeff):


Note You need to log in before you can comment on or make changes to this bug.