FreeBSD FTP Server screwed
Results 1 to 6 of 6

Thread: FreeBSD FTP Server screwed

  1. #1

    FreeBSD FTP Server screwed

    Hey guys,
    I just installed FreeBSD on a spare box I have here and have a problem....my FTP server won't let anybody in although I can log in via SSH....the FTP server was working then it just started rejecting logins with login incorrect messages...what'a up?

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    which user are you trying to login as?

  3. #3
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    First, you want to check to see if the service is running on the machine. Normally, with tcp-wrappers installed, it'll look like in.ftpd in /etc/services and the ports (20 for data, 21 for transfer) are declared in /etc/inetd.conf (something I don't know if updated BSD uses, like Redhat uses xinetd now). Then make sure /etc/ftpusers doesn't have the account you're ftping in as listed (like root). Nobody will be able to log in if their name is in /etc/ftpusers.

    Note: this is related mostly for RH linux structures but the similarities between the two should carry over.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Originally posted here by Vorlin
    Then make sure /etc/ftpusers doesn't have the account you're ftping in as listed (like root). Nobody will be able to log in if their name is in /etc/ftpusers.
    Thanx Vorlin....that is exactly what I was getting at when I asked who he was trying to log in as...just didn't feel like explaining it...

  5. #5
    ok...fixed it...problem was I was trying to START ftpd as root but run it with limted rights. i set that line in inetd.conf to nobody...after that nobody could log in to the server....how do i not have FTPD running as root?

  6. #6
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Because if someone compromised your ftp daemon with a buffer overflow (those are most prevalent to get into a system remotely), then they'd have a root shell and could do whatever they want. Just like apache it seems, most major services are turning over to user nobody after initial launch so that it's a limited account started by root but not run *as* root. Better security that way. The user nobody usually has no shell (/bin/false usually), is locked, etc...
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides