We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
ProFtpD Bug unknown configuration directive 'VRootEngine'
ProFtpD Bug unknown configuration directive 'VRootEngine'
I use this guide: https://vestacp.com/docs/#how-to-replac ... hel-centos
I use http://c.vestacp.com/0.9.8/rhel/proftpd.conf config.
OS version:
Proftpd -V
P.S. With default configs it starts but can't login, causes 530.
Okay found these configs in:
/usr/local/vesta/install/rhel/7/proftpd/proftpd.conf
But still 530 login error, might be because mod_vroot.c is missing.
pam_env.conf
proftpd -l shows that mod_vroot.c is missing:
How do I get it?
Update:
Temporarily install vsftpd and its working, had as well to add /sbin/nologin to /etc/shells
I use http://c.vestacp.com/0.9.8/rhel/proftpd.conf config.
Code: Select all
Vas 20 21:01:57 hosting yum[11830]: Updated: ImageMagick6-libs-6.9.10.28-1.el7.remi.x86_64
Vas 20 21:03:17 hosting systemd[1]: Starting ProFTPD FTP Server...
-- Subject: Unit proftpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit proftpd.service has begun starting up.
Vas 20 21:03:17 hosting proftpd[20153]: 2019-02-20 21:03:17,743 hosting proftpd[20153]: mod_memcache/0.1: compiled using libmemcached-1.0.16 headers, but linked to libmemcached-1.0.18 library
Vas 20 21:03:17 hosting proftpd[20153]: 2019-02-20 21:03:17,744 hosting proftpd[20153]: fatal: unknown configuration directive 'VRootEngine' on line 5 of '/etc/proftpd.conf'
Vas 20 21:03:17 hosting systemd[1]: proftpd.service: control process exited, code=exited status=1
Vas 20 21:03:17 hosting systemd[1]: Failed to start ProFTPD FTP Server.
-- Subject: Unit proftpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit proftpd.service has failed.
--
-- The result is failed.
Vas 20 21:03:17 hosting systemd[1]: Unit proftpd.service entered failed state.
Vas 20 21:03:17 hosting systemd[1]: proftpd.service failed.
Code: Select all
etc]# cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core)
Code: Select all
proftpd -V
Compile-time Settings:
Version: 1.3.5e (maint)
Platform: LINUX [Linux 2.6.32-042stab127.2 x86_64]
Built: Wed Jan 31 2018 16:32:29 UTC
Built With:
configure '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--libexecdir=/usr/libexec/proftpd' '--localstatedir=/run/proftpd' '--disable-strip' '--enable-ctrls' '--enable-dso' '--enable-facl' '--enable-ipv6' '--enable-memcache' '--enable-nls' '--enable-openssl' '--enable-pcre' '--enable-shadow' '--enable-tests' '--with-libraries=/usr/lib64/mysql' '--with-includes=/usr/include/mysql' '--with-modules=mod_readme:mod_auth_pam:mod_tls' '--with-shared=mod_sql:mod_sql_passwd:mod_sql_mysql:mod_sql_postgres:mod_sql_sqlite:mod_quotatab:mod_quotatab_file:mod_quotatab_ldap:mod_quotatab_radius:mod_quotatab_sql:mod_ldap:mod_ban:mod_wrap:mod_ctrls_admin:mod_facl:mod_load:mod_vroot:mod_radius:mod_ratio:mod_rewrite:mod_site_misc:mod_exec:mod_shaper:mod_geoip:mod_wrap2:mod_wrap2_file:mod_wrap2_sql:mod_copy:mod_deflate:mod_ifversion:mod_qos:mod_sftp:mod_sftp_pam:mod_sftp_sql:mod_tls_shmcache:mod_tls_memcache:mod_ifsession' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic'
CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wall
LDFLAGS: -L$(top_srcdir)/lib -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -L/usr/lib64/mysql -L/usr/lib64/mysql -L/usr/lib64
LIBS: -lacl -lpcreposix -lpcre -lssl -lcrypto -lssl -lcrypto -lcap -lmemcached -lmemcachedutil -lssl -lcrypto -lpam -lsupp -lcrypt -ldl
Files:
Configuration File:
/etc/proftpd.conf
Pid File:
/run/proftpd/proftpd.pid
Scoreboard File:
/run/proftpd/proftpd.scoreboard
Header Directory:
/usr/include/proftpd
Shared Module Directory:
/usr/libexec/proftpd
Features:
- Autoshadow support
+ Controls support
+ curses support
- Developer support
+ DSO support
+ IPv6 support
+ Largefile support
- Lastlog support
+ Memcache support
+ ncursesw support
+ NLS support
+ OpenSSL support (FIPS enabled)
+ PCRE support
+ POSIX ACL support
+ Shadow file support
+ Sendfile support
+ Trace support
Tunable Options:
PR_TUNABLE_BUFFER_SIZE = 1024
PR_TUNABLE_DEFAULT_RCVBUFSZ = 8192
PR_TUNABLE_DEFAULT_SNDBUFSZ = 8192
PR_TUNABLE_GLOBBING_MAX_MATCHES = 100000
PR_TUNABLE_GLOBBING_MAX_RECURSION = 8
PR_TUNABLE_HASH_TABLE_SIZE = 40
PR_TUNABLE_NEW_POOL_SIZE = 512
PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
PR_TUNABLE_SELECT_TIMEOUT = 30
PR_TUNABLE_TIMEOUTIDENT = 10
PR_TUNABLE_TIMEOUTIDLE = 600
PR_TUNABLE_TIMEOUTLINGER = 30
PR_TUNABLE_TIMEOUTLOGIN = 300
PR_TUNABLE_TIMEOUTNOXFER = 300
PR_TUNABLE_TIMEOUTSTALLED = 3600
PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10
P.S. With default configs it starts but can't login, causes 530.
Okay found these configs in:
/usr/local/vesta/install/rhel/7/proftpd/proftpd.conf
Code: Select all
ServerName "FTP"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
DefaultServer on
DefaultRoot ~ !adm
<IfModule mod_vroot.c>
VRootEngine on
VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf
</IfModule>
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
UseReverseDNS off
User nobody
Group nobody
MaxInstances 20
UseSendfile off
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
ListOptions -a
RequireValidShell off
PassivePorts 12000 12100
<Global>
Umask 002
IdentLookups off
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
pam_env.conf
Code: Select all
#
# This is the configuration file for pam_env, a PAM module to load in
# a configurable list of environment variables for a
#
# The original idea for this came from Andrew G. Morgan ...
#<quote>
# Mmm. Perhaps you might like to write a pam_env module that reads a
# default environment from a file? I can see that as REALLY
# useful... Note it would be an "auth" module that returns PAM_IGNORE
# for the auth part and sets the environment returning PAM_SUCCESS in
# the setcred function...
#</quote>
#
# What I wanted was the REMOTEHOST variable set, purely for selfish
# reasons, and AGM didn't want it added to the SimpleApps login
# program (which is where I added the patch). So, my first concern is
# that variable, from there there are numerous others that might/would
# be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER .....
#
# Of course, these are a different kind of variable than REMOTEHOST in
# that they are things that are likely to be configured by
# administrators rather than set by logging in, how to treat them both
# in the same config file?
#
# Here is my idea:
#
# Each line starts with the variable name, there are then two possible
# options for each variable DEFAULT and OVERRIDE.
# DEFAULT allows and administrator to set the value of the
# variable to some default value, if none is supplied then the empty
# string is assumed. The OVERRIDE option tells pam_env that it should
# enter in its value (overriding the default value) if there is one
# to use. OVERRIDE is not used, "" is assumed and no override will be
# done.
#
# VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]
#
# (Possibly non-existent) environment variables may be used in values
# using the ${string} syntax and (possibly non-existent) PAM_ITEMs may
# be used in values using the @{string} syntax. Both the $ and @
# characters can be backslash escaped to be used as literal values
# values can be delimited with "", escaped " not supported.
# Note that many environment variables that you would like to use
# may not be set by the time the module is called.
# For example, HOME is used below several times, but
# many PAM applications don't make it available by the time you need it.
#
#
# First, some special variables
#
# Set the REMOTEHOST variable for any hosts that are remote, default
# to "localhost" rather than not being set at all
#REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
#
# Set the DISPLAY variable if it seems reasonable
#DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
#
#
# Now some simple variables
#
#PAGER DEFAULT=less
#MANPAGER DEFAULT=less
#LESS DEFAULT="M q e h15 z23 b80"
#NNTPSERVER DEFAULT=localhost
#PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
#:/usr/bin:/usr/local/bin/X11:/usr/bin/X11
#
# silly examples of escaped variables, just to show how they work.
#
#DOLLAR DEFAULT=\$
#DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR}
#DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST}
#ATSIGN DEFAULT="" OVERRIDE=\@
Code: Select all
proftpd -l
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_rlimit.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_facts.c
mod_dso.c
mod_ident.c
mod_readme.c
mod_auth_pam.c
mod_tls.c
mod_memcache.c
mod_cap.c
mod_ctrls.c
mod_lang.c
Update:
Temporarily install vsftpd and its working, had as well to add /sbin/nologin to /etc/shells
Re: ProFtpD Bug unknown configuration directive 'VRootEngine'
Hi
I will try reproduce this issue in centos 7 and say you something, sorry for delay, I know is too old bug, but may help somebody
I will try reproduce this issue in centos 7 and say you something, sorry for delay, I know is too old bug, but may help somebody
Re: ProFtpD Bug unknown configuration directive 'VRootEngine'
Missing module in centos7
Solve ti with
If user cant login to FTP in centos 7 es a know bug you can fixed by adding nologin shell
You may need modify /etc/passwd if you add some user who cant login
As you say "ba" user not have a shell before adding shells you can see /usr/sbin/nologin
Actually fixed but good to know.
Solve ti with
Code: Select all
sed -i "s/VRootEngine/#VRootEngine/g" /etc/proftpd.conf
Code: Select all
service proftpd restart
Code: Select all
echo /usr/sbin/nologin >> /etc/shells
You may need modify /etc/passwd if you add some user who cant login
Code: Select all
ba:x:1005:1005:[email protected]:/home/ba:
ba1:x:1006:1006:[email protected]:/home/ba1:/usr/sbin/nologin
Actually fixed but good to know.