6

The process I have used for installing vsftpd since 12.04 no longer works. I get the error stop: Unknown instance when restarting the service. I believe this means the configuration is wrong, but I cannot track down the issue. I'm having this problem on a virtual server.

Additionally, running sudo vsftpd results in 500 OOPS: munmap as noted by @Beltran.

  1. Acquire root privileges

    sudo -s

  2. Install vsftpd and libpam-pwdfile

    apt-get install vsftpd libpam-pwdfile

  3. Edit vsftpd.conf

    mv /etc/vsftpd.conf /etc/vsftpd.conf.bak
vim /etc/vsftpd.conf

    Copy and paste the following lines.

    allow_writeable_chroot=YES
anonymous_enable=NO
chroot_list_enable=YES
chroot_local_user=YES
guest_enable=YES
guest_username=vsftpd
hide_ids=YES
listen=YES
local_enable=YES
local_umask=022
local_root=/var/clients/$USER
nopriv_user=vsftpd
pasv_address=127.0.0.1
pasv_enable=YES
pasv_min_port=65000
pasv_max_port=65100
port_enable=YES
user_sub_token=$USER
seccomp_sandbox=NO
virtual_use_local_privs=YES
write_enable=YES

  4. Register virtual admin

    apt-get install apache2-utils
mkdir /etc/vsftpd
htpasswd -cd /etc/vsftpd/ftpd.passwd admin
vim /etc/vsftpd.chroot_list

    Add 1 line for the admin user

    admin

  5. Configure PAM

    mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak
vim /etc/pam.d/vsftpd

    Copy and paste these 2 lines.

    auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so

  6. Create a local user without shell access

    useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd

  7. Create root directory and give local user proper access.

    mkdir /var/clients
chmod -R 755 /var/clients
chown -R vsftpd:nogroup /var/clients

  8. Register jailed virtual users (initially, I skip this step)

    htpasswd -d /etc/vsftpd/ftpd.passwd {user_name}
mkdir /var/clients/{user_name}

  9. Restart service

    service vsftpd restart
Elder Geek
  • 36,023
  • 25
  • 98
  • 183
roydukkey
  • 131
  • 1
  • 1
  • 10

5 Answers5

3

Ubuntu 14.04 uses user sessions which was absent in 12.04, so service is looking at the user session, not the system session, and your user isn't running vstfpd(root is). So, you will need to specify --system when you use service to start, stop or check the status of a service.

vsftpd is a soft-link to upstart, so you won't be able to run it as an unprivileged user, you will need to be root to start or stop or check the status of such a process.

Doing an ls -l on /etc/init.d/vsftpd reveals:

lrwxrwxrwx 1 root root 21 May 16  2013 /etc/init.d/vsftpd -> /lib/init/upstart-job*

which is similar to cron, resolvconf and a few more, which are all upstart jobs and need to be root to be started or stopped.

Upstart is an event-based replacement for the /sbin/init daemon which handles starting of tasks and services during boot, stopping them during shutdown and supervising them while the system is running.

These services are usually started on boot. See here for more on upstart:

Refer man page of upstart if you want even more!

So, long story short, to start, stop, check status, you need to be root. You can do that as follows:

sudo service vsftpd {start|stop|status|restart}

and enter your password or use:

service vsftpd {start|stop|status|restart} --system
Community
  • 1
jobin
  • 27,708
  • That's all true. I've been starting the service from root. Also, the permissions on /etc/init.d/vsftpd are as you suggest. – roydukkey Apr 25 '14 at 18:54
  • @roydukkey: So what exactly are you looking for? – jobin Apr 25 '14 at 19:04
  • A reason why the same exact configuration doesn't work on Ubuntu 14.04, but does on 12.04-13.10. – roydukkey Apr 25 '14 at 19:14
  • @roydukkey: Are you sure you don't need to use sudo even on 13.04? I doubt that. – jobin Apr 25 '14 at 20:18
  • @roydukkey: Edited my answer why the change in 14.04 and also added steps to avoid being root for this purpose. Hope this helps and is what you were looking for. – jobin Apr 25 '14 at 20:24
  • Before beginning my vsftpd configuration I do acquire root. I guess I figured this was intuitive enough that I didn't include it in my instructions, but I guess I should add it. – roydukkey Apr 25 '14 at 23:04
  • I found this in a log at /var/log/upstart/vsftpd.log.1.gz: /etc/vsftpd.conf: listen disabled - service will not start; vsftpd stop/pre-start, process 1880. What can you make of that? – roydukkey Apr 28 '14 at 15:25
  • @roydukkey: You have set listen=YES in your /etc/vsftpd.conf, can you double check that if it is really set to YES and what is the output of ps aux | grep vsftpd? – jobin Apr 28 '14 at 15:27
  • listen is set to YES. – roydukkey Apr 28 '14 at 15:32
  • What do you get when you do sudo service vsftpd start? – jobin Apr 28 '14 at 15:33
  • ps aux | grep vsftpd outputs ubuntu 9669 0.0 0.0 10464 916 pts/0 S+ 15:32 0:00 grep --color=auto vsftpd(red) – roydukkey Apr 28 '14 at 15:33
  • sudo service vsftpd start results in vsftpd start/pre-start, process 9689 – roydukkey Apr 28 '14 at 15:34
  • 1
    I might have the same problem http://askubuntu.com/questions/457248/vsftpd-not-working – Niklas Rosencrantz Apr 28 '14 at 22:14
  • horse shit, ls -l on my machine reveals "no such file or directory" – r3wt Dec 26 '14 at 22:08
  • @r3wt: ls -l shouldn't return anything if there are no files in the directory. Please verify what command you are executing and weather the output is what you have posted. – jobin Dec 27 '14 at 04:46
  • @io8in i ctrl + c && ctrl + v exactly what you typed – r3wt Dec 28 '14 at 05:50
3

Enable trusty-proposed in your software sources and re-install vsftpd. I'm checking if this passes muster.

If you don't wish to enable proposed in your sources vsftpd source and builds are available on this page. https://launchpad.net/ubuntu/trusty/+source/vsftpd/3.0.2-1ubuntu2.14.04.1

Elder Geek
  • 36,023
  • 25
  • 98
  • 183
  • I don't really want to do this for the entire server as it will be production. Is there a way to just update vsftpd from trust-proposed? – roydukkey May 01 '14 at 14:51
  • @roydukkey, you can enable it, apt-get update then apt-get install vsftpd it will update only vsftpd and its required dependencies (it will ask for confirmation, check change list). Then disable it. – user.dz Jun 13 '14 at 18:37
2

If you're receiving this issue on an AWS EC2 instance, you should try creating the instance with HVM virtualization instead of the Paravirtual.

If you still desire a paravirtual instance, there no telling when the bug will be fixed as it is a bug in the Xen kernal, which is used to run virtualization for AWS.

Here is the bug thread addressing this issue in more detail: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1313450

roydukkey
  • 131
  • 1
  • 1
  • 10
1

Still new to Ubuntu. Had it working on Ubuntu 12.4 with no hassles but on Ubuntu 14.04, this is what i did:

in the /etc/vsftpd.conf file add these 2 lines:

allow_writeable_chroot = YES
seccomp_sandbox = NO

Change the value of pam_service_name to ftp.

Hope this helps someone

2707974
  • 10,553
  • 6
  • 33
  • 45
isecure
  • 11
0

This worked for me on Ubuntu 14.04. Ifthe user is jailed within /var/www/html/kofi_site directory then simply run:

sudo chmod ugo-w /var/www/html/kofi_site

Luís de Sousa
  • 13,227
  • 26
  • 81
  • 128
nastycrow
  • 11
  • This worked for me, any reason for the downvote? – nastycrow May 26 '14 at 23:10
  • I would guess it was downvoted because it didn't address the problem the OP was having. If the question had been "What do I do if the user is jailed within the /var/www/html/kofi_site directory?" I would assume you would have gotten better results. – Elder Geek Jun 13 '14 at 18:34