After logout from proftpd server got it error in auth.log: Mar 31 09:17:46 TEST-SERVER2 proftpd: pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: Nie ma takiego pliku ani katalogu Reproducible: Always Steps to Reproduce: 1. User "DefaultRoot ~" in /etc/proftpd/proftpd.conf 2. login to server 3. logout from server Actual Results: After login got it information about chroot in auth.log: Mar 31 09:17:28 vhosts proftpd: pam_unix(ftp:session): session opened for user testftp by (uid=0) Mar 31 09:17:28 vhosts proftpd[13445]: testftpserver.testlan.pol (w3cache.testlan.pol[192.168.0.1]) - USER testftp: Login successful. Mar 31 09:17:28 vhosts proftpd[13445]: testftpserver.testlan.pol (w3cache.testlan.pol[192.168.0.1]) - Preparing to chroot to directory '/home/testftp' After logout from proftpd got it error in auth.log: Mar 31 09:17:46 vhosts proftpd: pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: Nie ma takiego pliku ani katalogu Mar 31 09:17:46 vhosts proftpd: pam_unix(ftp:session): session closed for user testftp Mar 31 09:17:46 vhosts proftpd[13445]: testftpserver.testlan.pol (w3cache.testlan.pol[192.168.0.1]) - FTP session closed. Expected Results: No error. [ebuild R ] net-ftp/proftpd-1.3.1_rc2-r3 USE="acl ldap mysql ncurses nls pam ssl tcpd -authfile -clamav -hardened -ifsession -ipv6 -noauthunix -opensslcrypt -postgres -radius -rewrite (-selinux) -shaper -sitemisc -softquota -vroot -xinetd" 0 kB [ebuild R ] sys-libs/pam-0.99.9.0 USE="cracklib nls -audit (-selinux) -test -vim-syntax" 0 kB
Someone got it this same error?
(In reply to comment #1) > Someone got it this same error? > Yes. proftpd: pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory net-ftp/proftpd-1.3.1_rc2-r3 USE="ipv6 mysql ncurses nls pam ssl tcpd -acl -authfile -clamav -hardened -ifsession -ldap -noauthunix -opensslcrypt -postgres -radius -rewrite (-selinux) -shaper -sitemisc -softquota -vroot -xinetd" sys-libs/pam-0.99.9.0 USE="cracklib nls -audit (-selinux) -test -vim-syntax"
Same issue here .. Jun 9 22:13:45 arwen proftpd: pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: Datei oder Verzeichnis nicht gefunden linux 2.6.23-hardened-r7 SMP sys-libs/pam-0.99.9.0 USE="cracklib nls -audit (-selinux) -test -vim-syntax" net-ftp/proftpd-1.3.1_rc2-r3 USE="acl hardened mysql ncurses nls pam postgres ssl tcpd -authfile -clamav -ifsession -ipv6 -ldap -noauthunix -opensslcrypt -radius -rewrite (-selinux) -shaper -sitemisc -softquota -vroot -xinetd"
Moi aussi.
same error here, no posts/help in the forum
I have the same error. DefaultRoot will not work and no dirs are listet. I switch from proftpd-1.3.1_rc2-r3 to ~ - Version 1.3.1 - and it works now!
someone message on 1.3.2_rc2-r2 # egrep -v '^#|^$' /etc/proftpd/proftpd.conf ServerName "FTP server" ServerType standalone DefaultServer on RequireValidShell off Port 21 Umask 022 MaxInstances 10 User nobody Group nogroup DefaultRoot ~ AllowOverwrite on <Limit SITE_CHMOD> DenyAll </Limit> TimeoutLogin 12000 TimeoutIdle 60000 TimeoutNoTransfer 9000 TimeoutStalled 36000 AllowOverwrite on
Do you still have the problem with 1.3.2_rc2-r2 and/or 1.3.2? From comment #6 it looks like so, but waiting for confirmation before closing this bug
vhosts log # emerge -pv proftpd These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] net-ftp/proftpd-1.3.2_rc2-r2 USE="acl ldap mysql ncurses nls pam ssl tcpd -authfile -ban -case -clamav -deflate -hardened -ifsession -ipv6 -noauthunix -opensslcrypt -postgres -radius -rewrite (-selinux) -shaper -sitemisc -softquota -vroot -xinetd" 0 kB Feb 18 16:29:10 TEST proftpd: pam_unix(ftp:session): session opened for user taken by (uid=0) Feb 18 16:29:10 TEST proftpd[20411]: TEST.xxx.pl (xxx.pl[10.0.0.11]) - USER taken: Login successful. Feb 18 16:29:44 TEST proftpd: pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: Nie ma takiego pliku ani katalogu Feb 18 16:29:44 TEST proftpd: pam_unix(ftp:session): session closed for user taken Feb 18 16:29:44 TEST proftpd[20411]: TEST.xxx.pl (xxx.pl[10.0.0.11]) - FTP session closed. All the time this same error.
http://forums.proftpd.org/smf/index.php/topic,3459.msg10120.html#msg10120 https://bugzilla.redhat.com/show_bug.cgi?id=477120 Apparently, you cannot easily chroot your user while using pam (i.e enabling both DefaultRoot and AuthPAM), so this can probably only fixed in configuration. CC-ing pam herd to see if something in pam ftp file may cause this, fedora fixed it by commenting "session include system-auth" line, but does not this make pam useless?
Hmm, this is interesting. Basically, it's going to chroot _before_ completing the PAM chain, which is quite strange, usually you do it the other way around: you complete the pam chain, chroot, then drop privs. I'm not sure what the rest of the pam.d file looks like, but commenting out the session will just use the PAM authentication chains to check the password. This would be okay if it wasn't that we use the session chain for protection, too. For instance setting the system hard and soft limits, or enabling/disabling selinux features. So I'd say that it's _not_ the case to comment it out, rather we should do it one of two ways: a) check if proftpd can be fixed to make it run pam -> chroot -> drop; b) check if pam_chroot can replace the proftpd chroot feature, in which case it would just need to be documented like that. Marek could you try that one? I'm not having enough free time lately to try this out, so I'll add it to my TODO list, it'll speed things up if you can check pam_chroot out :)
Many PAM modules assume they can access their respective config files when the session ends (i.e. when the FTP session ends). This means that completing the entire PAM chain before doing the chroot won't work. It works just fine for PAM modules which only do session-init work, and do nothing at session-end. It's very hard to work with libraries which assume locations of files AND to use chroot(2) at the same time; chroot(2) breaks all those assumptions hardcoded into libraries. FWIW, the ProFTPD Bugzilla entry for this issue is: http://bugs.proftpd.org/show_bug.cgi?id=1100 The RH bug on this worked around the problem by not configuring the PAM module which wanted to open its config file at session-end time. The only advice I've been able to give to users who absolutely must have their session-end PAM modules work AND use chroot-like capabilities is to tell them to use the mod_vroot module for proftpd.
I lean to "work as intended" case.