Description of problem: Vsftpd current version will not start... Version-Release number of selected component (if applicable): 2.3.4-7.fc16 How reproducible: easy Steps to Reproduce: 1. See additional info below 2. 3. Actual results: Does not start Expected results: Should start Additional info: [root@one4 log]# uname -a Linux one4.biz 3.2.6-3.fc16.x86_64 #1 SMP Mon Feb 13 20:35:42 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux [root@one4 log]# yum list vsftpd Loaded plugins: presto, refresh-packagekit, security Installed Packages vsftpd.x86_64 2.3.4-7.fc16 @updates [root@one4 log]# systemctl enable vsftpd.service [root@one4 log]# systemctl |grep vsftpd vsftpd.service loaded failed failed Vsftpd ftp daemon [root@one4 log]# systemctl start vsftpd.service Job failed. See system logs and 'systemctl status' for details. [root@one4 log]# systemctl status vsftpd.service vsftpd.service - Vsftpd ftp daemon Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled) Active: failed since Mon, 20 Feb 2012 16:41:46 -0600; 10s ago Process: 7940 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=1/FAILURE) CGroup: name=systemd:/system/vsftpd.service [root@one4 log]#
Please, check if the vsftpd.conf is valid? (provide me the file if necessary) Check for /etc/shells - have to contain /bin/bash (see BZ#754795) What says /var/log/messages?
Hey Jiri Here you go.. jeff]# cat /etc/shells /sbin/nologin /bin/zsh /bin/tcsh /bin/csh /bin/dash /bin/dash /bin/bash /bin/sh jeff]# systemctl restart vsftpd.service Failed to issue method call: Unit vsftpd.service failed to load: Bad message. See system logs and 'systemctl status vsftpd.service' for details. [jeff@one4 jeff]# systemctl status vsftpd.service vsftpd.service - Vsftpd ftp daemon Loaded: error (Reason: Bad message) Active: failed since Mon, 20 Feb 2012 20:04:53 -0600; 12h ago tail /var/log/messages Feb 21 08:41:25 one4 dbus[865]: [system] Successfully activated service 'net.reactivated.Fprint' Feb 21 08:41:25 one4 dbus-daemon[865]: dbus[865]: [system] Activating service name='net.reactivated.Fprint' (using servicehelper) Feb 21 08:41:25 one4 dbus-daemon[865]: Launching FprintObject Feb 21 08:41:25 one4 dbus-daemon[865]: dbus[865]: [system] Successfully activated service 'net.reactivated.Fprint' Feb 21 08:41:25 one4 dbus-daemon[865]: ** Message: D-Bus service launched with name: net.reactivated.Fprint Feb 21 08:41:25 one4 dbus-daemon[865]: ** Message: entering main loop Feb 21 08:41:27 one4 systemd-logind[817]: New session c1 of user root. Feb 21 08:41:55 one4 dbus-daemon[865]: ** Message: No devices in use, exit Feb 21 08:45:01 one4 xinetd[999]: START: ftp pid=9268 from=::1 Feb 21 08:45:04 one4 xinetd[999]: EXIT: ftp status=1 pid=9268 duration=3(sec) cat /etc/vsftpd/vsftpd.conf # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: ftpd_banner=Logged into One4.biz Be nice you are being watched. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen=YES # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd with two configuration files. # Make sure, that one of the listen options is commented !! listen_ipv6=NO pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES force_dot_files=YES passwd_chroot_enable=YES pasv_max_port=1024 pasv_promiscuous=yes no_anon_password=YES use_localtime=YES anon_root=/var/ftp/pub vsftpd_log_file=/var/log/vsftpd.log max_per_ip=1 max_clients=5
More info change disable from yes to no in /etc/xinetd.d/vsftpd and tried to start it again. get this: xinetd.d]# systemctl status vsftpd.service vsftpd.service - Vsftpd ftp daemon Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled) Active: failed since Tue, 21 Feb 2012 12:26:03 -0600; 6s ago Process: 26126 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=1/FAILURE) CGroup: name=systemd:/system/vsftpd.service get this in /var/log/messages Feb 21 12:36:56 one4 systemd[1]: vsftpd.service: control process exited, code=exited status=1 Feb 21 12:36:56 one4 systemd[1]: Unit vsftpd.service entered failed state. Config file the same
One thing I also noticed after an uninstall and a re-install that he vsftpd start-up script was not in the /etc/rc.d/init.d directory as it has been in the past. Moved in a backup copy still did not start.
Boy this gets stranger by the day. Updated to current kernel 3.2.7-1 and Vsftpd started but 3 times? Probably the startup script in /etc/rc.d/init.d/vsftpd Also, Xinetd started looping again. systemctl stop vsftpd.service worked but xinetd still looping. systemstl start vsftpd.service started correctly xinetd still looping. top - 16:19:56 up 2:47, 3 users, load average: 2.12, 1.76, 1.71 Tasks: 168 total, 2 running, 166 sleeping, 0 stopped, 0 zombie Cpu(s): 3.0%us, 94.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 3.0%hi, 0.0%si, 0.0%st Mem: 2052684k total, 1736784k used, 315900k free, 150916k buffers Swap: 2326524k total, 0k used, 2326524k free, 673312k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 1001 root 20 0 22288 916 692 R 50.5 0.0 81:40.32 xinetd 840 root 20 0 237m 1644 1152 S 44.5 0.1 71:33.89 rsyslogd 2391 jeff 20 0 1226m 30m 17m S 1.3 1.5 1:57.45 knotify4 30878 root 20 0 0 0 0 S 0.3 0.0 0:00.02 kworker/0:2 1 root 20 0 39696 5136 1940 S 0.0 0.3 0:00.67 systemd 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd 3 root 20 0 0 0 0 S 0.0 0.0 0:00.02 ksoftirqd/0 6 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0 7 root RT 0 0 0 0 S 0.0 0.0 0:00.01 watchdog/0 8 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 cpuset 9 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 khelper 10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kdevtmpfs 11 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 netns 12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 sync_supers 13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 bdi-default 14 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kintegrityd 15 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kblockd 16 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 ata_sff 17 root 20 0 0 0 0 S 0.0 0.0 0:00.05 khubd 18 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 md 21 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kswapd0 22 root 25 5 0 0 0 S 0.0 0.0 0:00.00 ksmd 23 root 39 19 0 0 0 S 0.0 0.0 0:00.40 khugepaged 24 root 20 0 0 0 0 S 0.0 0.0 0:00.00 fsnotify_mark 25 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 crypto 31 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kthrotld 33 root 20 0 0 0 0 S 0.0 0.0 0:00.00 scsi_eh_0 34 root 20 0 0 0 0 S 0.0 0.0 0:00.00 scsi_eh_1 35 root 20 0 0 0 0 S 0.0 0.0 0:00.00 scsi_eh_2 37 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kworker/u:3 38 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kpsmoused [jeff@one4 ~]$ su Password: [root@one4 jeff]# ps -ef|grep vsftpd root 1023 1 0 13:32 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf root 31543 1023 0 16:20 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf nobody 31544 31543 0 16:20 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf root 31547 31518 0 16:20 pts/1 00:00:00 grep --color=auto vsftpd [root@one4 jeff]# uname -a Linux one4.biz 3.2.7-1.fc16.x86_64 #1 SMP Tue Feb 21 01:40:47 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
Hi, you have to decide if you want to start vsftpd through xinetd or in standalone mode. xinetd: vsftpd.conf: listen=NO listen_ipv6=NO /etc/xinetd.d/vsftpd: disabled no standalone mode: vsftpd.conf: listen xor listen_ipv6 set to YES /etc/xinetd.d/vsftpd: disabled yes ps -ef ... in comment #5 discovers running vsftpd even with child that handles client request. Your conf file works fine on my f16 machine. Kill all vsftpd processes check/modify xinetd & vsftpd configuration in accordance to example above and try it again.
No go with xinetd... cat vs*conf # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: ftpd_banner=Logged into One4.biz Be nice you are being watched. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen=NO # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd with two configuration files. # Make sure, that one of the listen options is commented !! listen_ipv6=NO pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES force_dot_files=YES passwd_chroot_enable=YES pasv_max_port=1024 pasv_promiscuous=yes no_anon_password=YES use_localtime=YES anon_root=/var/ftp/pub vsftpd_log_file=/var/log/vsftpd.log max_per_ip=1 max_clients=5 cat /etc/x*.d/vsftpd # default: off # description: The vsftpd FTP server serves FTP connections. It uses\ # normal, unencrypted usernames and passwords for authentication. service ftp { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/vsftpd nice = 10 } xinetd running ps -ef |grep xinetd root 3655 1 0 10:18 ? 00:00:00 xinetd Ensure vsftpd not running, start service fails ps -ef|grep vsftpd root 4334 3980 0 10:29 pts/1 00:00:00 grep --color=auto vsftpd [root@one4 vsftpd]# systemctl start vsftpd.service Job failed. See system logs and 'systemctl status' for details. [root@one4 vsftpd]# systemctl status vsftpd.service vsftpd.service - Vsftpd ftp daemon Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled) Active: failed since Fri, 24 Feb 2012 10:29:56 -0600; 6s ago Process: 4337 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=1/FAILURE) Main PID: 924 (code=killed, signal=TERM) CGroup: name=systemd:/system/vsftpd.service
Changed it to standalone mode which works appears it does not like xinetd mode or I still have something miss configured. vsftpd.conf listen=YES systemctl start vsftpd.service [root@one4 vsftpd]# systemctl status vsftpd.service vsftpd.service - Vsftpd ftp daemon Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled) Active: active (running) since Fri, 24 Feb 2012 10:39:45 -0600; 4s ago Process: 4975 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS) Main PID: 4976 (vsftpd) CGroup: name=systemd:/system/vsftpd.service └ 4976 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
Please, don't try starting vsftpd when the vsftpd is configured to be started through xinetd. You have to configure: /etc/xinetd.d/vsftpd (disable no) /etc/vsftpd/vsftpd.conf (listen & listen_ipv6 NO) # sytemctl start xinetd.service Eventually adjust firewall. Nothing more. The xinetd will start vsftpd when necessary. You haven't start it manually!!! This is xinetd's job. You start vsftpd using systemctl only in standalone mode!!! Closing 'notabug'.
Jiri, Sorry your settings do not work... cat /etc/xinetd.d/vsftpd # default: off # description: The vsftpd FTP server serves FTP connections. It uses\ # normal, unencrypted usernames and passwords for authentication. service ftp { disable = no socket_type = stream wait = no user = root server = /usr/sbin/vsftpd nice = 10 } [root@one4 jeff]# cat /etc/vsftpd/vsftpd.conf # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: ftpd_banner=Logged into One4.biz Be nice you are being watched. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen= NO # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd with two configuration files. # Make sure, that one of the listen options is commented !! listen_ipv6=NO pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES force_dot_files=YES passwd_chroot_enable=YES pasv_max_port=1024 pasv_promiscuous=yes no_anon_password=YES use_localtime=YES anon_root=/var/ftp/pub vsftpd_log_file=/var/log/vsftpd.log max_per_ip=1 max_clients=5 [root@one4 jeff]# systemctl start xinetd.service Tried to ftp from another system looks like I connect but vsftpd does not start? [root@one4 jeff]# ps -ef|grep vsftpd root 17521 17257 0 10:21 pts/1 00:00:00 grep --color=auto vsftpd Tried to start vsftpd.service throws an error.. systemctl start vsftpd.service Job failed. See system logs and 'systemctl status' for details. [root@one4 jeff]# systemctl status vsftpd.service vsftpd.service - Vsftpd ftp daemon Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled) Active: failed since Mon, 27 Feb 2012 10:25:32 -0600; 13s ago Process: 17715 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=1/FAILURE) Main PID: 4976 (code=killed, signal=TERM) CGroup: name=systemd:/system/vsftpd.service Only way to get it to run is stand alone, no firewall changes required and can connect just fine.
When xinetd is started you are able to use ftp client to connect to server. A request from the client asks xinetd for starting vsftpd. The xinetd ensures the services are running only when necessary. Please read 'man xinetd'.
Yes did that first, seems to work fine for other services. Got a bit further.. Server runs but throws an error. ftp one4.biz Connected to one4.biz (192.168.69.50). 500 OOPS: bad bool value in config file for: listen Changed listen=YES to listen=NO since it is Boolean there can not be a third option does it need to be commented out? In fact, you must comment "listen" out in order to get it to run. Boolean now has three options.. Bug found. cat /etc/vsftpd/vsftpd.conf # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: ftpd_banner=Logged into One4.biz Be nice you are being watched. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen= NO # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd with two configuration files. # Make sure, that one of the listen options is commented !! listen_ipv6=NO pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES force_dot_files=YES passwd_chroot_enable=YES pasv_max_port=1024 pasv_promiscuous=yes no_anon_password=YES use_localtime=YES anon_root=/var/ftp/pub vsftpd_log_file=/var/log/vsftpd.log max_per_ip=1 max_clients=5 Working Config is.... cat /etc/vsftpd/vsftpd.conf # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: ftpd_banner=Logged into One4.biz Be nice you are being watched. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. #listen= NO # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd with two configuration files. # Make sure, that one of the listen options is commented !! listen_ipv6=NO pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES force_dot_files=YES passwd_chroot_enable=YES pasv_max_port=1024 pasv_promiscuous=yes no_anon_password=YES use_localtime=YES anon_root=/var/ftp/pub vsftpd_log_file=/var/log/vsftpd.log max_per_ip=1 max_clients=5
> In fact, you must comment "listen" > out in order to get it to run. Boolean now has three options.. Bug found. Read the comment block right above the 'listen_ipv6' option in the config file you pasted in comment 12.
Good point I guess the option of listen=no is just redundant then and a bit confusing.. When would you use listen=NO? Standalone with no listener? Just curious.. Clear as mud..
As I understand it, listen and listen_ipv6 are two separate options, depending on whether you want to use IPv4 or IPv6. If you want to use standalone, you set one of those to 'yes'. If you want to use both, you need two separate config files and have to run two instances of vsftpd. If set to 'no', you can't run vsftpd on its own and have to configure xinetd to start it.
Bingo. if you set them both to NO vsftpd throws an error ftp one4.biz Connected to one4.biz (192.168.69.50). 500 OOPS: bad bool value in config file for: listen Not processing the config file. Config file notice both listen values are set to NO cat /etc/vsftpd/vsftpd.conf # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: ftpd_banner=Logged into One4.biz Be nice you are being watched. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen= NO # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd with two configuration files. # Make sure, that one of the listen options is commented !! listen_ipv6=NO pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES force_dot_files=YES passwd_chroot_enable=YES pasv_max_port=1024 pasv_promiscuous=yes no_anon_password=YES use_localtime=YES anon_root=/var/ftp/pub vsftpd_log_file=/var/log/vsftpd.log max_per_ip=1 max_clients=5 If I comment out the first Listen like so: cat /etc/vsftpd/vsftpd.conf # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: ftpd_banner=Logged into One4.biz Be nice you are being watched. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. #listen= NO # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd with two configuration files. # Make sure, that one of the listen options is commented !! listen_ipv6=NO pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES force_dot_files=YES passwd_chroot_enable=YES pasv_max_port=1024 pasv_promiscuous=yes no_anon_password=YES use_localtime=YES anon_root=/var/ftp/pub vsftpd_log_file=/var/log/vsftpd.log max_per_ip=1 max_clients=5 It works... ftp one4.biz Connected to one4.biz (192.168.69.50). 220 Logged into One4.biz Be nice you are being watched. Name (one4.biz:jeff):