Someone got it this same error?

(In reply to comment #1)
> Someone got it this same error?
> 

Yes.

proftpd: pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory

net-ftp/proftpd-1.3.1_rc2-r3  USE="ipv6 mysql ncurses nls pam ssl tcpd -acl -authfile -clamav -hardened -ifsession -ldap -noauthunix -opensslcrypt -postgres -radius -rewrite (-selinux) -shaper -sitemisc -softquota -vroot -xinetd"

sys-libs/pam-0.99.9.0  USE="cracklib nls -audit (-selinux) -test -vim-syntax"

Same issue here ..

Jun  9 22:13:45 arwen proftpd: pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: Datei oder Verzeichnis nicht gefunden

linux 2.6.23-hardened-r7 SMP

sys-libs/pam-0.99.9.0  USE="cracklib nls -audit (-selinux) -test -vim-syntax" 

net-ftp/proftpd-1.3.1_rc2-r3  USE="acl hardened mysql ncurses nls pam postgres ssl tcpd -authfile -clamav -ifsession -ipv6 -ldap -noauthunix -opensslcrypt -radius -rewrite (-selinux) -shaper -sitemisc -softquota -vroot -xinetd"

Moi aussi.

same error here, no posts/help in the forum

I have the same error. DefaultRoot will not work and no dirs are listet.
I switch from proftpd-1.3.1_rc2-r3 to ~ - Version 1.3.1 - and it works now!

someone message on 1.3.2_rc2-r2

# egrep -v '^#|^$' /etc/proftpd/proftpd.conf
ServerName                      "FTP server"
ServerType                      standalone
DefaultServer                   on
RequireValidShell               off
Port                            21
Umask                           022
MaxInstances                    10
User                            nobody
Group                           nogroup
DefaultRoot ~
AllowOverwrite          on
<Limit SITE_CHMOD>
  DenyAll
</Limit>
TimeoutLogin 12000
TimeoutIdle 60000
TimeoutNoTransfer 9000
TimeoutStalled 36000
AllowOverwrite on

Comment 8 Bernard Cafarelli 2009-02-18 13:04:32 UTC

Do you still have the problem with 1.3.2_rc2-r2 and/or 1.3.2? From comment #6 it looks like so, but waiting for confirmation before closing this bug

vhosts log # emerge -pv proftpd
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild   R   ] net-ftp/proftpd-1.3.2_rc2-r2  USE="acl ldap mysql ncurses nls pam ssl tcpd -authfile -ban -case -clamav -deflate -hardened -ifsession -ipv6 -noauthunix -opensslcrypt -postgres -radius -rewrite (-selinux) -shaper -sitemisc -softquota -vroot -xinetd" 0 kB

Feb 18 16:29:10 TEST proftpd: pam_unix(ftp:session): session opened for user taken by (uid=0)
Feb 18 16:29:10 TEST proftpd[20411]: TEST.xxx.pl (xxx.pl[10.0.0.11]) - USER taken: Login successful.
Feb 18 16:29:44 TEST proftpd: pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: Nie ma takiego pliku ani katalogu
Feb 18 16:29:44 TEST proftpd: pam_unix(ftp:session): session closed for user taken
Feb 18 16:29:44 TEST proftpd[20411]: TEST.xxx.pl (xxx.pl[10.0.0.11]) - FTP session closed.

All the time this same error.

Comment 10 Bernard Cafarelli 2009-02-23 12:31:22 UTC

http://forums.proftpd.org/smf/index.php/topic,3459.msg10120.html#msg10120
https://bugzilla.redhat.com/show_bug.cgi?id=477120

Apparently, you cannot easily chroot your user while using pam (i.e enabling both DefaultRoot and AuthPAM), so this can probably only fixed in configuration.

CC-ing pam herd to see if something in pam ftp file may cause this, fedora fixed it by commenting "session    include      system-auth" line, but does not this make pam useless?

Comment 11 Diego Elio Pettenò (RETIRED) 2009-02-23 12:40:38 UTC

Hmm, this is interesting. Basically, it's going to chroot _before_ completing the PAM chain, which is quite strange, usually you do it the other way around: you complete the pam chain, chroot, then drop privs.

I'm not sure what the rest of the pam.d file looks like, but commenting out the session will just use the PAM authentication chains to check the password. This would be okay if it wasn't that we use the session chain for protection, too. For instance setting the system hard and soft limits, or enabling/disabling selinux features.

So I'd say that it's _not_ the case to comment it out, rather we should do it one of two ways:

a) check if proftpd can be fixed to make it run pam -> chroot -> drop;
b) check if pam_chroot can replace the proftpd chroot feature, in which case it would just need to be documented like that.

Marek could you try that one? I'm not having enough free time lately to try this out, so I'll add it to my TODO list, it'll speed things up if you can check pam_chroot out :)

Many PAM modules assume they can access their respective config files when the session ends (i.e. when the FTP session ends).  This means that completing the entire PAM chain before doing the chroot won't work.  It works just fine for PAM modules which only do session-init work, and do nothing at session-end.  It's very hard to work with libraries which assume locations of files AND to use chroot(2) at the same time; chroot(2) breaks all those assumptions hardcoded into libraries.

FWIW, the ProFTPD Bugzilla entry for this issue is:

  http://bugs.proftpd.org/show_bug.cgi?id=1100

The RH bug on this worked around the problem by not configuring the PAM module which wanted to open its config file at session-end time.

The only advice I've been able to give to users who absolutely must have their session-end PAM modules work AND use chroot-like capabilities is to tell them to use the mod_vroot module for proftpd.

Comment 13 Sergei Trofimovich (RETIRED) 2016-04-12 22:34:45 UTC

I lean to "work as intended" case.