I’m running Virtualmin 2.6.10 along with proftpd 1.2.10 and I am experience an issue where certain files in the user’s home-directory are inaccessible. The permissions on the directory impose no limiations so I’m left to think that either webmin, virtualmin or perhaps some other program is moderating file-access in some capacity…? Has anyone any advice?
The directories not showing up are
/home/public_html
/home/logs
/home/cgi-bin
Directories that do show up
/home/.usermin
/home/homes
I have since fixed the problem. Apparently webmin had injected an ExtendedLog directive inbetween a ruleset causing some issues apparently. Repositioning it in the config file, followed by a healthy service restart seemed to make everything work.
Thanks for the update and the good sleuthing out of the problem. I’ll file a bug about this issue, and Jamie and I will do a bit of work to be sure we don’t break configuration file order in the future.
Yeah, I added a custom logfile via the proftpd module. Strangely enough though, while I thought I had localized the problem its now manifesting on a new server of mine. The config file appears no different from the one I posted above, but still there are certain directories whose accessibility is denied due to "permissions".
Would you say the problem is specific to proftpd, or do you suppose apache or some other program is interferring?
Apache cannot have any impact on ProFTPd access or permissions. It has to be an actual permissions issue (i.e. ownership or insufficient privileges), or an issue with ProFTPd configuration. I can’t tell from the information we have so far.
What appears in the log when this problem shows up?
I wish this forum allowed a person to edit their posts… I deliberately altered my prior post for privacy reasons, but I realize now that the information is echoed in the audit.log.
SELinux should not be enabled on any currently supported system–even the targeted policy on Fedora Core 4 has some issues that prevent it from being useful on a virtual hosting system. If it has been re-enabled on your system after installation, then you will run into a number of permissions problems–not just with ProFTPd.
You can check the state of selinux with the sestatus command.
You had it on the button. I disabled SELinux, and it all runs beautifully now. What was it about the audit.log that indicated SELinux was interferring?
It was a lucky guess. The audit log looks the same, as far as I know, whether the system is in permissive mode (which will work fine) or enforcing mode (which won’t). Since you were complaining about mysterious permissions issues, I just figured it was on.
I’ve had enough run-ins with mysterious permissions issues and SELinux to suspect it very soon in any permissions conversation.
One of these days there will be a guide to the gotchas and fixes for virtual hosting with SELinux enabled…but it hasn’t come into existence yet. If it still doesn’t exist when the EA period comes to an end, and I have some more free time, I’ll tackle it myself. (And I might even try to figure out a way to make it an option during install, though SELinux is currently not packageable in any sane way.)
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
ServerType standalone #ServerType inetd
DefaultServer on
MaxInstances 20
User nobody
Group nobody
ScoreboardFile /var/run/proftpd.score
#TLSEngine on #TLSRequired on #TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem #TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem #TLSCipherSuite ALL:!ADH:!DES #TLSOptions NoCertRequest #TLSVerifyClient off #TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 #TLSLog /var/log/proftpd/tls.log
So the ExtendedLog line was interjected in the[GLOBAL></GLOBAL> ruleset just a few lines above it. I repositioned it a few lines down, restarted the service and everything was suddenly funtional.
------BEGIN PROFTPD.CONF------
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
ServerType standalone #ServerType inetd
DefaultServer on
AccessGrantMsg "User %u logged in." #DisplayConnect /etc/ftpissue #DisplayLogin /etc/ftpmotd #DisplayGoAway /etc/ftpgoaway
DeferWelcome off
DefaultRoot ~ !adm
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
IdentLookups off
UseReverseDNS off
Port 21
Umask 022
ListOptions "-a" #MultilineRFC2228 off #RootLogin off #LoginPasswordPrompt on #MaxLoginAttempts 3 #MaxClientsPerHost none #AllowForeignAddress off # For FXP
AllowRetrieveRestart on
AllowStoreRestart on
MaxInstances 20
User nobody
Group nobody
ScoreboardFile /var/run/proftpd.score
Normally, we want users to do a few things.
<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
#TLSEngine on #TLSRequired on #TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem #TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem #TLSCipherSuite ALL:!ADH:!DES #TLSOptions NoCertRequest #TLSVerifyClient off
##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 #TLSLog /var/log/proftpd/tls.log