I have a weird problem with PROFTPD

Just started noticing this. when i ftp into my server, with the username 'node' it lets me in just fine. i can upload, delete files, all taht just fine.

Aug 10 00:23:15 test proftpd[20858]: test.mydomain.com (209.216.149.249[209.216.149.249]) - FTP session opened.
Aug 10 00:23:15 test ftp(pam_unix)[20858]: session opened for user node by (uid=0)

SOON as i log out / disconnect / close my ftp client. /var/log/messages shows this:
Aug 10 00:23:22 test proftpd[20858]: test.mydomain.com (209.216.149.249[209.216.149.249]) - FTP session closed.
Aug 10 00:23:22 test PAM-env[20858]: Unable to open config file: No such file or directory

So what im saying is, i can login fine, no errors in /var/log/messages. but soon as i disconnect, in /var/log/messages it prints out
Aug 10 00:23:22 test PAM-env[20858]: Unable to open config file: No such file or directory

Does anyone know what config file its talking about, or what im doing wrong? id like to fix this issue.

BTW, its proftpd 1.2.5
i did tail -f /var/log/messages - then i logged in and out from a seperate window, that is how i caught this problem

Any ideas?

By the way, I compiled proftpd from source so my proftpd.conf is /usr/local/etc/proftpd.conf

i konw that it knows where the proftpd.conf is....

becuase i can change the ServerName in proftpd.conf, then restart proftpd, and it will show the change

e.g. if i change the servername to bob's server in proftpd.conf then do killall -9 proftpd;proftpd then ftp localhost

it does show
220 ProFTPD 1.2.5 Server (bob's server) [test.mydomain.com]

so i know that the proftpd.conf is there, and that proftpd reads it.

it has to be some other config (atleast i think so)

Well of course it knows where the conf is, or it probley wouldn't start! : PP

I'd like to know what is causing this myself..

*bump*

this only happens on two of my servers
the rest are fine....

on the first server
Aug 9 00:14:36 life PAM-env[15325]: Unable to open config file: No such file or directory
Aug 9 00:14:38 life PAM-env[15322]: Unable to open config file: No such file or directory
Aug 9 10:54:37 life PAM-env[17048]: Unable to open config file: No such file or directory
Aug 9 11:06:27 life PAM-env[17068]: Unable to open config file: No such file or directory
Aug 9 11:08:08 life PAM-env[17079]: Unable to open config file: No such file or directory

etc
lot more, i just didnt want to paste it all
same thing for the other server

Check or print out the config here(in a txt attatchment), its been a while since I used pro, but you might of set the domain up to use an external file for the domain config.

Nah dude, no domains or anything like that were setup

Check it out:

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "bob's server"
ServerType standalone
DefaultServer on

# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nobody

# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>

DefaultRoot ~
AllowRetrieveRestart on
AllowStoreRestart on

You could try running proftpd in debug mode. I don't know where you put the binary, but if you do the following:

proftpd -h

you'll get a list of qualifiers that you can use. One of which -d lets you set the debugging level. Another useful one is -t which tests your configuration file.

I think the answer may lie here:

Aug 9 00:14:36 life PAM-env[15325]: Unable to open config file: No such file or directory

Are you using PAM authentication? If not, recompile Proftpd without PAM and try it again. If you are, this seems to be a PAM-specific problem, not a proftpd-specific problem. Make sure your PAM files are all in place.

I could be wrong. I don't use PAM.

I think alexander hit the nail on the head. That's a PAM error. The configuration file in question is probably the pam-env configuration file. Usually at /etc/security/pam_env.conf. The problem may be that you have the wrong permissions on pam_env.conf. If you have any daemons running as users other than root, which I should hope you do, and they use pam for authentication, you'll want that configuration file to be world readable (but not world writeable).

thanks everyone, i really appreciate you guys taking the to post some ideas and what not

here is an update:

when i originally installed the ftpd, i did ./configure;make;make install

when you do ./configure automatically pam is already enabled, or gets enabled. so no need to specificy it

proftpd runs as nobody. i changed nobody's shell from /sbin/nologin to /bin/bash

then i did su nobody

life:/home/dev/proftpd-1.2.5# su nobody
life:/home/dev/proftpd-1.2.5$ cd
life:/$ w
3:50pm up 6:02, 1 user, load average: 0.19, 0.20, 0.08
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 209.216.159.155 3:27pm 0.00s 2.90s 0.00s w
life:/$ more /etc/security/pam_env.conf
# $Date: 2000/06/20 22:11:35 $
# $Author: agmorgan $
# $Id: pam_env.conf-example,v 1.1.1.1 2000/06/20 22:11:35 agmorgan Exp $
#
# This is the configuration file for pam_env, a PAM module to load in
# a configurable list of environment variables for a

thats just the first bits of the config file
so as you can see
nobody can see / read that file...

and yes, i did change nobody's shell back to /sbin/nologin
nobody panic :)

anyway
i tried doing this (even though this is how it was originally setup, i just figured id do it again maybe it will fix it):
killall -9 proftpd
went in the proftpd 1.2.5 src dir
did ./configure --enable-pam
make
make install
ran proftpd again

tail -f /var/log/messages

then logged in the server with an ftp client
still got the same unable to open config file error

so then i did

killall -9 proftpd
./configure --enable-pam=no
make
make install
proftpd

then tail -f /var/log/messages

then logged in the server with an ftp client
and no more errors....
Just this:

Aug 10 15:45:29 test proftpd[8826]: test.mydomain.com (209.216.159.155[209.216.159.155]) - FTP session opened.
Aug 10 15:45:34 test proftpd[8826]: test.mydomain.com (209.216.159.155[209.216.159.155]) - FTP session closed.
Aug 10 15:45:37 test proftpd[8827]: test.mydomain.com (209.216.159.155[209.216.159.155]) - FTP session opened.
Aug 10 15:45:41 test proftpd[8827]: test.mydomain.com (209.216.159.155[209.216.159.155]) - FTP session closed.

so i guess ill live with this, unless anyone can come up with anythign else

I think you didn't have a PAM config file installed for proftpd... I believe one is included with it.

There is a "README.PAM" in the proftpd-1.2.5 dir.

:(

Well, according to README.PAM
i'm suppose to include this into my /etc/pam.d/ftp

Linux:
To use PAM with ProFTPD, you must edit /etc/pam.d/ftp and add the
following lines for RedHat installations:

#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_pwdb.so shadow nullok
account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so


So when i opened /etc/pam.d/ftp here is what was ALREADY in there.....

#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_shells.so
account required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth

So i did killall -9 proftpd, went in the proftpd dir, did ./configure --enable-pam;make;make install
Then, i opened up the /etc/pam.d/ftp
and i modified it, to look like this:

#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_pwdb.so shadow nullok
account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_shells.so
account required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth

basically, if you look closely, i just slided in the things it wanted me to

you know?

Well anyway
then i did
proftpd
tail -f /var/log/messages

I FTP'ed in, and here is what happend!

Aug 11 03:47:51 test proftpd[6493]: test.mydomain.com - ProFTPD 1.2.5 (built Sat Aug 10 15:49:11 EDT 2002) standalone mode STARTUP
Aug 11 03:47:53 test proftpd[6495]: test.mydomain.com (209.216.159.155[209.216.159.155]) - FTP session opened.
Aug 11 03:47:53 test PAM_pwdb[6495]: (ftp) session opened for user node by (uid=0)
Aug 11 03:47:53 test ftp(pam_unix)[6495]: session opened for user node by (uid=0)
Aug 11 03:47:58 test proftpd[6495]: test.mydomain.com (209.216.159.155[209.216.159.155]) - FTP session closed.
Aug 11 03:47:58 test PAM-env[6495]: Unable to open config file: No such file or directory

:(

but hey.. i just tried this
i did rm -f /etc/pam.d/ftp
then i put ONLY what the readme.pam said

so this time, i didnt slide anything in

# cat ftp
#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_pwdb.so shadow nullok
account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so

restarted proftpd and it worked

Aug 11 03:49:53 test proftpd[6506]: test.mydomain.com (209.216.159.155[209.216.159.155]) - FTP session opened.
Aug 11 03:49:54 test PAM_pwdb[6506]: (ftp) session opened for user node by (uid=0)
Aug 11 03:49:57 test proftpd[6506]: test.mydomain.com (209.216.159.155[209.216.159.155]) - FTP session closed.
Aug 11 03:49:57 test PAM_pwdb[6506]: (ftp) session closed for user node

thanks guys!

Great!

I like happy endings! :D