Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 27 Nov 2014, 23:10
All times are UTC - 4
 Forum index » House Training » Bugs ( Submit bugs )
adduser and pure-ftpd
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [4 Posts]  
Author Message
Robotop


Joined: 08 Dec 2009
Posts: 34
Location: Italy

PostPosted: Sun 14 Jul 2013, 14:10    Post subject:  adduser and pure-ftpd
Subject description: error in adduser ?
 

Hello, I'm playing with Wary Puppy 5.5 and pure-ftpd as ftp server. There is a problem when I add one user: the relative record added in file /etc/passwd, correspondent to new user, terminates with :/bin/bash . If you connect to ftp server and enter the right username and password, you will receive authentication error, 'cause the /bin/bash directory, relative to incoming user, does not exist. Modifying the record from :/bin/bash to :/bin/sh will solve the problem and makes the ftp server able to recognize username and password.
Back to top
View user's profile Send private message Visit poster's website 
npierce

Joined: 28 Dec 2009
Posts: 858

PostPosted: Thu 25 Jul 2013, 15:42    Post subject:  

Various Unix/Linux applications call the getusershell() C library function to determine if a binary executable is in fact a valid user shell. Among the applications which do this are ftpd and pure-ftpd.

The getusershell() function looks at the list of valid user shells that are installed on your system. That list lives in the /etc/shells file. If that file is missing, the function assumes that /bin/sh and /bin/csh are valid shells, but no others are.

Apparently Wary 5.5 is missing the /etc/shells file. (Hmmm, I just looked at half a dozen Puppies, and none of them had an /etc/shells file: Puppy 4.3.1, Racy 5.2.2, Slacko 5.5-PAE, Precise 5.5, Precise 5.6, Wheezy 3.5.2.5-SCSI)

I don't have Wary 5.5, but I would guess that creating an /etc/shells file with the following contents would solve the problem:
Code:
/bin/sh
/bin/bash

If you have any other user shells in Wary 5.5, you could also list those. When editing the file, be sure to hit Enter, if necessary, to properly end the last line, or pure-ftpd may hang because it can't find the end of the /etc/shells file.


Here's what the pure-ftpd documentation says:

.:.PURE-FTPD .:. Documentation for version 1.0.36 wrote:
Users need a shell listed in /etc/shells to get restricted or unrestricted FTP access. Alternatively, you can give them "ftp" as a shell. Users with a "ftp" shell will be able to login through FTP only: no telnet, no SSH. And there's no need (and you shouldn't do so) for an "ftp" entry in /etc/shells.

(Note that the version of pure-ftpd in Wary 5.5 may be older than 1.0.36 README file quoted above. But in Racy 5.4.91 I have pure-ftpd 1.0.22, and its README has the same paragraph.)

Documentation for pure-ftpd can be found with Menu -> Help -> Complete list of packages -> pureftpd.


Additional reading:
shells(5) - Linux man page
getusershell(3) - Linux man page
Back to top
View user's profile Send private message 
ahoppin

Joined: 16 May 2011
Posts: 91

PostPosted: Tue 13 Aug 2013, 02:42    Post subject: Can't login under vsftpd  

I'm trying to get a small scale ftp server running in Precise 5.7.1 Retro. It'll be facing the net but I want it only for my use, not public use, so it needs to be fairly secure.

Vsftpd looked like a good choice and was in the Ubuntu-Precise repo. It seemed to install fine.

However, I've run into what I think is a problem similar to the one in this thread. Anonymous logins to vsftpd work, but not authenticated ones.

Vsftpd uses pam for authentication.

Using adduser, I added a user (let's call him ftpuser) and gave him a password. The user gets added to /etc/passwd and also to /etc/shadow. However, vsftpd won't allow ftpuser to connect, saying the login is incorrect.

Spot, which supposedly has a null password, also can't log in.

This command line sequence also fails:

su spot
sudo -u ftpuser sh

Sudo prompts for a password for ftpuser, but it won't accept the password I set with adduser (and then tried resetting with passwd).

As suggested here, I created a file /etc/shells containing

/bin/sh
/bin/bash

but that didn't help.

I tried setting a null password for ftpuser with passwd (dangerous, I know), but still can't sudo to ftpuser nor can I log in via vsftpd.

I tried editing /etc/shadow directly, removing the password in ftpuser's password field, so the account should have had no password. No dice.

Tried the same with /etc/passwd, removing the x that (I think) directs authentication to /etc/shadow - same result.

ftpuser can't log in, even with a null password.

I removed ftpuser with deluser and added ftpuser to /etc/passwd manually, both with and without a password, and still the same deal. ftpuser can't log in, no matter what I do.

Am I running up against an inevitable limitation of Puppy and his single-user nature?

Should I try a different ftp server? Before I try them all, does anyone have a recommendation?

Thanks, all.
Back to top
View user's profile Send private message 
npierce

Joined: 28 Dec 2009
Posts: 858

PostPosted: Fri 23 Aug 2013, 22:47    Post subject:  

ahoppin wrote:
Using adduser, I added a user (let's call him ftpuser) and gave him a password. The user gets added to /etc/passwd and also to /etc/shadow. However, vsftpd won't allow ftpuser to connect, saying the login is incorrect.

May I assume that after using adduser, you have verified that the user can login normally with login, as in the following excerpt from a bash session?
Code:
# mkdir -p /home
# adduser ftpuser
Changing password for ftpuser
New password:
Retype password:
Password for ftpuser changed by root
# login ftpuser
Password:
# whoami
ftpuser
#

I am unfamiliar with vsftpd, so can't help you there. But I may be able to clear up a bit of confusion about sudo.

Not just anyone can use sudo. In order to use sudo, a user should be listed in the /etc/sudoers file, or should be a member of a group that is listed in the /etc/sudoers file.

For instance, various Puppies have a sudoers file that contains this line:
Code:
%users  ALL=(ALL) ALL, NOPASSWD: SHUTDOWN, SYSTEM

This line says that all members of the group named "users" may run any command on any host as any user. (Note that the % character indicates that "users" is the name of a group, not the name of a user.) Also, all members of the "users" group may run certain commands without supplying a password; those commands were previously defined with a couple of Cmnd_Alias entries.

If your sudoers file has that line, giving permission to your new user to run sudo may be as easy as adding her to the group named "users":
Code:
addgroup ftpuser users

(Of course, that's just an example. Since the "users" group probably has access to more than an ftp user really needs, you may want to simply add ftpuser to the sudoers file as a user, or as a member a group with fewer privileges.)

Also be aware that the password expected by sudo might not be the password of the user that is invoking sudo or the password of the user indicated by sudo's -u option. Although by default sudo does expect the password of the user that invokes it, it may want the password of the user specified by sudo's -u parameter, the password of the user defined by the runas_default option (normally root), or the password of root, if one of the targetpw, runaspw, or rootpw flags, respectively, is set in the sudoers file for the user that is invoking sudo.

(Oddly, looking at some recent Puppies and one not-so-recent Puppy (slacko-5.5-PAE, precise-5.5, precise-5.6, wheezy-3.5.2.5, and racy-5.2.2) I find this line:
Code:
Defaults:users  runaspw, passwd_tries=1

Probably the intention was to set the runaspw flag for all members of the "users" group, but the line has a typo: it is missing the leading % character for the group name. So it only sets the runaspw flag for a non-existent user named "users".)

For more details see the man page for sudoers.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [4 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Bugs ( Submit bugs )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0673s ][ Queries: 11 (0.0040s) ][ GZIP on ]