Bug 780724

Summary: Yast2-ftp-server with pure-ftpd installed: can't login with specified user, anonymous only; configuration problems
Product: [openSUSE] openSUSE 12.2 Reporter: denixx baykin <denixx.baykin>
Component: YaST2Assignee: Michal Filka <mfilka>
Status: RESOLVED DUPLICATE QA Contact: Jiri Srain <jsrain>
Severity: Normal    
Priority: P5 - None CC: alexandre, denixx.baykin, forgotten_eaqMy2E5O_, locilka
Version: Final   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE 12.2   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: y2logs6

Description denixx baykin 2012-09-17 09:45:46 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1

My setup:
launch by xinetd
chroot for all
anonymous dir: /home/srv/ftp/anonymous
max idle time: 15
max cli from one IP: 3
Max cli: 10
Speed: 0, 0
Authentication: When I set "both", save and then open FTP settings - it's set to "Authenticated users only", so there is set "Authenticated users only" now. And anonymous user works. And only anonymous user.
Expert settings: I just enable firewall port. Additionally I allowed port 21 for 0/0 in firewall user rules.

Reproducible: Always

Steps to Reproduce:
1. Install Yast2-ftp-server.
2. Run it. Install pure-ftpd.
3. Try to grant access to authenticated and anonymous users (both).
4. Try to login to ftp as user.
Actual Results:  
530 Login authentication failed
Comment 1 denixx baykin 2012-09-17 09:50:29 UTC 
Maybe I am doing something wrong.
I do not find useful info on opensuse wiki about that issue.

Xinetd config:
Server: /usr/sbin/pure-ftpd
server args: -A -c10 -C3 -z -D -fftp -H -I15 -lpam -L10000:8 -m4 -s -u40 -x -r -i -k99 -G -Z -Y0
Comment 2 denixx baykin 2012-09-17 10:44:16 UTC 
Additional info:
I created user "test" with password "123456". Added this user to group "ftp".
I disabled login to system for this user.

When i try to login, FileZilla Client says (it's Google translated):
"Status: Connecting to 10.43.10.162:21 ...
Status: Connection established, waiting for welcome message ...
Answer: 220-Welcome to Pure-FTPd.
Answer: 220-You are user number 1 of 10 allowed.
Answer: 220-Local time is now 13:34. Server port: 21.
Answer: 220-IPv6 connections are also welcome on this server.
Answer: 220 You will be disconnected after 15 minutes of inactivity.
Team: USER test
Reply: 331 User test OK. Password required
Team: PASS ******
Answer: 530 Login authentication failed
Error: Fatal Error
Error: Unable to connect to server"

When I enable login to system for user "test", FileZilla says (it's also translated):
"Status: Connecting to 10.43.10.162:21 ...
Status: Connection established, waiting for welcome message ...
Answer: 220-Welcome to Pure-FTPd.
Answer: 220-You are user number 1 of 10 allowed.
Answer: 220-Local time is now 13:40. Server port: 21.
Answer: 220-IPv6 connections are also welcome on this server.
Answer: 220 You will be disconnected after 15 minutes of inactivity.
Team: USER test
Reply: 331 User test OK. Password required
Team: PASS ******
Error: Connection closed by server
Error: Unable to connect to server"

When I set anonymous access:
"Status: Connecting to 10.43.10.162:21 ...
Status: Connection established, waiting for welcome message ...
Answer: 220-Welcome to Pure-FTPd.
Answer: 220-You are user number 1 of 10 allowed.
Answer: 220-Local time is now 13:42. Server port: 21.
Answer: 220-IPv6 connections are also welcome on this server.
Answer: 220 You will be disconnected after 15 minutes of inactivity.
Team: USER anonymous
Answer: 230 Anonymous user logged in
Team: OPTS UTF8 ON
Response: 200 OK, UTF-8 enabled
Status: Connected
Status: Retrieving directory listing ...
Team: PWD
Reply: 257 "/" is your current location
Status: Directory listing extracted"
Comment 3 denixx baykin 2012-09-17 11:01:06 UTC 
edit: "Team:" - it's a "Command:" ;)
Comment 4 denixx baykin 2012-09-17 13:03:20 UTC 
/var/log/messages

Sep 17 16:01:56 denixxwork pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Sep 17 16:01:56 denixxwork pure-ftpd: pam_loginuid(pure-ftpd:session): set_loginuid failed
Sep 17 16:01:56 denixxwork systemd-logind[571]: New session c71 of user test.
Sep 17 16:01:56 denixxwork systemd-logind[571]: Removed session c71.
Comment 5 denixx baykin 2012-09-17 13:07:42 UTC 
Sep 17 16:05:36 denixxwork pure-ftpd: (?@10.43.10.162) [INFO] New connection from 10.43.10.162
Sep 17 16:05:36 denixxwork pure-ftpd: pam_loginuid(pure-ftpd:session): set_loginuid failed
Sep 17 16:05:36 denixxwork systemd-logind[571]: New session c76 of user test.
Sep 17 16:05:36 denixxwork pure-ftpd: (?@10.43.10.162) [INFO] test is now logged in
Sep 17 16:05:36 denixxwork systemd-logind[571]: Removed session c76.
-=-=-
It looks like pam denied auth before it was granted.
Comment 6 Kun Kun Zhang 2012-09-19 10:12:25 UTC 
Hi,could you please help to provide y2logs according to the following URL?
http://en.opensuse.org/openSUSE:Bugreport_YaST
Comment 7 denixx baykin 2012-09-19 10:25:28 UTC 
Created attachment 506259 [details]
y2logs6
Comment 8 Alexandre Rogoski 2012-12-11 16:41:54 UTC 
Seems that pam_systemd.so (from common-session) is the culprit.
Comment 9 Lukas Ocilka 2013-01-11 14:08:29 UTC 
Thorsten, who could help with this, please (pam_systemd.so)?
Comment 10 Thorsten Kukuk 2013-01-11 14:18:33 UTC 
(In reply to comment #4)

> Sep 17 16:01:56 denixxwork pure-ftpd: pam_loginuid(pure-ftpd:session):
> set_loginuid failed

That's a duplicate, pam_loginuid does not have write permissions to /proc/self/loginuid.so.

Looks like a pure-ftpd dropping permission bug.
Please merge all this pure-ftpd/loginuid bugs to one, don't know how many we have already and how many different people are working on it.
Comment 11 Lukas Ocilka 2013-01-11 14:30:30 UTC 
This seems to be a duplicate.

*** This bug has been marked as a duplicate of bug 789833 ***