Titel: ProFTPD + MySQL Authentifizierung + Privs Beitrag von: /dev/hda (Gast) am 20. März 2004, 21:22:36 Hallo,
ich habe einen ProFTPD 1.2.9 auf einem RedHat Fedora (Yarrow1 - Vanilla Kernel 2.6.4 Eigenkompilieriung) am Laufen - oder auch nicht. Das Problem ist Folgendes: Die Benutzerauthentifizierung ueber PAM verlaeuft korrekt, ich habe beim Login alle Rechte, die auch der User auf der Maschine hat. Das Problem kommt bei der Benutzeridentifizierung mit Hilfe von MySQL. Sobald ich die PAM-Authentifizierung in der .conf explizit ausschließe wird zwar korrekt über die Daten aus der Tabelle angemeldet, jedoch wird irgendwie der Benutzer oder vielmehr seine UID nicht richtig uebernommmen - jedenfalls geht er bei Operationen im Homeverzeichnis des angemeldetetn Benutzers mit World-Rechten ran und hat so natuerlich keinerlei Schreibrechte. Hier die proftpd.conf: ServerName "ProFTPD xion.lx" ServerType standalone DefaultServer on Port 21 Umask 022 MaxInstances 30 User daniel Group server DefaultRoot ~ <Directory /> AllowOverwrite on </Directory> <Anonymous /srv/anonymousftp> AnonRequirePassword off User aftp Group aftp UserAlias anonymous aftp MaxClients 10 DisplayLogin /prog/proftpd/var/login.msg DisplayFirstChdir /prog/proftpd/var/firstchdir.msg <Limit WRITE> AllowAll </Limit> </Anonymous> AccessDenyMsg "xion: Zugang verweigert." AccessGrantMsg "xion: Zugang gewaehrt fuer %u." DisplayLogin /prog/proftpd/var/login.msg PidFile /prog/proftpd/var/xion.pid RequireValidShell off RootLogin off #AuthOrder mod_sql.c mod_sql_mysql.c AuthPAM off #SQL Sektion SQLAuthTypes Crypt Plaintext Empty SQLAuthenticate users* SQLConnectInfo proftpd@localhost:3306 daniel qfcutaey SQLUserInfo users userid passwd uid gid homedir shell SQLNegativeCache off SQLAuthenticate on SQLLogFile /prog/proftpd/var/sql.log ServerIdent on "Willkommen auf xion.lx FTP-Service" SystemLog /prog/proftpd/var/xion.log Der SQL-Log zeigt etwas Interessantes: Mar 20 21:09:47 mod_sql/4.10[1453]: backend module 'mod_sql_mysql/4.04' Mar 20 21:09:47 mod_sql/4.10[1453]: backend api 'mod_sql_api_v1' Mar 20 21:09:47 mod_sql/4.10[1453]: >>> sql_getconf Mar 20 21:09:47 mod_sql/4.10[1453]: entering mysql cmd_defineconnection Mar 20 21:09:47 mod_sql/4.10[1453]: name: 'default' Mar 20 21:09:47 mod_sql/4.10[1453]: user: 'daniel' Mar 20 21:09:47 mod_sql/4.10[1453]: host: 'localhost' Mar 20 21:09:47 mod_sql/4.10[1453]: db: 'proftpd' Mar 20 21:09:47 mod_sql/4.10[1453]: port: '3306' Mar 20 21:09:47 mod_sql/4.10[1453]: ttl: '0' Mar 20 21:09:47 mod_sql/4.10[1453]: exiting mysql cmd_defineconnection Mar 20 21:09:47 mod_sql/4.10[1453]: entering mysql cmd_open Mar 20 21:09:47 mod_sql/4.10[1453]: connection 'default' opened Mar 20 21:09:47 mod_sql/4.10[1453]: connection 'default' count is now 1 Mar 20 21:09:47 mod_sql/4.10[1453]: exiting mysql cmd_open Mar 20 21:09:47 mod_sql/4.10[1453]: backend successfully connected. Mar 20 21:09:47 mod_sql/4.10[1453]: mod_sql status : on Mar 20 21:09:47 mod_sql/4.10[1453]: negative_cache : off Mr 20 21:09:47 mod_sql/4.10[1453]: backend module 'mod_sql_mysql/4.04' Mar 20 21:09:47 mod_sql/4.10[1453]: backend api 'mod_sql_api_v1' Mar 20 21:09:47 mod_sql/4.10[1453]: >>> sql_getconf Mar 20 21:09:47 mod_sql/4.10[1453]: entering mysql cmd_defineconnection Mar 20 21:09:47 mod_sql/4.10[1453]: name: 'default' Mar 20 21:09:47 mod_sql/4.10[1453]: user: 'daniel' Mar 20 21:09:47 mod_sql/4.10[1453]: host: 'localhost' Mar 20 21:09:47 mod_sql/4.10[1453]: db: 'proftpd' Mar 20 21:09:47 mod_sql/4.10[1453]: port: '3306' Mar 20 21:09:47 mod_sql/4.10[1453]: ttl: '0' Mar 20 21:09:47 mod_sql/4.10[1453]: exiting mysql cmd_defineconnection Mar 20 21:09:47 mod_sql/4.10[1453]: entering mysql cmd_open Mar 20 21:09:47 mod_sql/4.10[1453]: connection 'default' opened Mar 20 21:09:47 mod_sql/4.10[1453]: connection 'default' count is now 1 Mar 20 21:09:47 mod_sql/4.10[1453]: exiting mysql cmd_open Mar 20 21:09:47 mod_sql/4.10[1453]: backend successfully connected. Mar 20 21:09:47 mod_sql/4.10[1453]: mod_sql status : on Mar 20 21:09:47 mod_sql/4.10[1453]: negative_cache : off Mar 20 21:09:47 mod_sql/4.10[1453]: authenticate : users* Mar 20 21:09:47 mod_sql/4.10[1453]: usertable : users Mar 20 21:09:47 mod_sql/4.10[1453]: userid field : userid Mar 20 21:09:47 mod_sql/4.10[1453]: password field : passwd Mar 20 21:09:47 mod_sql/4.10[1453]: uid field : uid Mar 20 21:09:47 mod_sql/4.10[1453]: gid field : gid Mar 20 21:09:47 mod_sql/4.10[1453]: homedir field : homedir Mar 20 21:09:47 mod_sql/4.10[1453]: shell field : shell Mar 20 21:09:47 mod_sql/4.10[1453]: homedirondemand : false Mar 20 21:09:47 mod_sql/4.10[1453]: SQLMinUserUID : 999 Mar 20 21:09:47 mod_sql/4.10[1453]: SQLMinUserGID : 999 Mar 20 21:09:47 mod_sql/4.10[1453]: <<< sql_getconf Mar 20 21:09:47 mod_sql/4.10[1453]: >>> cmd_getpwnam Mar 20 21:09:47 mod_sql/4.10[1453]: entering mysql cmd_escapestring Mar 20 21:09:47 mod_sql/4.10[1453]: exiting mysql cmd_escapestring Mar 20 21:09:47 mod_sql/4.10[1453]: cache miss for user 'daniel' Mar 20 21:09:47 mod_sql/4.10[1453]: : entering mysql cmd_select Mar 20 21:09:47 mod_sql/4.10[1453]: entering mysql cmd_open Mar 20 21:09:47 mod_sql/4.10[1453]: connection 'default' count is now 2 Mar 20 21:09:47 mod_sql/4.10[1453]: exiting mysql cmd_open @ ar 20 21:09:47 mod_sql/4.10[1453]: authenticate : users* Mar 20 21:09:47 mod_sql/4.10[1453]: usertable : users Mar 20 21:09:47 mod_sql/4.10[1453]: userid field : userid Mar 20 21:09:47 mod_sql/4.10[1453]: password field : passwd Mar 20 21:09:47 mod_sql/4.10[1453]: uid field : uid Mar 20 21:09:47 mod_sql/4.10[1453]: gid field : gid Mar 20 21:09:47 mod_sql/4.10[1453]: homedir field : homedir Mar 20 21:09:47 mod_sql/4.10[1453]: shell field : shell Mar 20 21:09:47 mod_sql/4.10[1453]: homedirondemand : false Mar 20 21:09:47 mod_sql/4.10[1453]: SQLMinUserUID : 999 Mar 20 21:09:47 mod_sql/4.10[1453]: SQLMinUserGID : 999 Mar 20 21:09:47 mod_sql/4.10[1453]: <<< sql_getconf Mar 20 21:09:47 mod_sql/4.10[1453]: >>> cmd_getpwnam Mar 20 21:09:47 mod_sql/4.10[1453]: entering mysql cmd_escapestring Mar 20 21:09:47 mod_sql/4.10[1453]: exiting mysql cmd_escapestring Mar 20 21:09:47 mod_sql/4.10[1453]: cache miss for user 'daniel' Mar 20 21:09:47 mod_sql/4.10[1453]: : entering mysql cmd_select Mar 20 21:09:47 mod_sql/4.10[1453]: entering mysql cmd_open Mar 20 21:09:47 mod_sql/4.10[1453]: connection 'default' count is now 2 Mar 20 21:09:47 mod_sql/4.10[1453]: exiting mysql cmd_open Mar 20 21:09:47 mod_sql/4.10[1453]: query "SELECT userid, passwd, uid, gid, homedir, shell FROM users WHERE (userid='daniel') LIMIT 1" Mar 20 21:09:47 mod_sql/4.10[1453]: entering mysql cmd_close Mar 20 21:09:47 mod_sql/4.10[1453]: connection 'default' count is now 1 Mar 20 21:09:47 mod_sql/4.10[1453]: exiting mysql cmd_close Mar 20 21:09:47 mod_sql/4.10[1453]: exiting mysql cmd_select Mar 20 21:09:47 mod_sql/4.10[1453]: cache miss for user 'daniel' Mar 20 21:09:47 mod_sql/4.10[1453]: user 'daniel' cached Mar 20 21:09:47 mod_sql/4.10[1453]: + pwd.pw_name : daniel Mar 20 21:09:47 mod_sql/4.10[1453]: + pwd.pw_uid : 65533 Mar 20 21:09:47 mod_sql/4.10[1453]: + pwd.pw_gid : 65533 Mar 20 21:09:47 mod_sql/4.10[1453]: + pwd.pw_dir : /srv/ Mar 20 21:09:47 mod_sql/4.10[1453]: + pwd.pw_shell : /bin/false Mar 20 21:09:47 mod_sql/4.10[1453]: <<< cmd_getpwnam Mar 20 21:09:47 mod_sql/4.10[1453]: >>> cmd_auth Mar 20 21:09:47 mod_sql/4.10[1453]: entering mysql cmd_escapestring Mar 20 21:09:47 mod_sql/4.10[1453]: exiting mysql cmd_escapestring Mar 20 21:09:47 mod_sql/4.10[1453]: cache hit for user 'daniel' Mar 20 21:09:47 mod_sql/4.10[1453]: >>> cmd_check Mar 20 21:09:47 mod_sql/4.10[1453]: checking auth_type Crypt Mar 20 21:09:47 mod_sql/4.10[1453]: checking auth_type Plaintext Mar 20 21:09:47 mod_sql/4.10[1453]: 'Plaintext' auth handler reports success Mar 20 21:09:47 mod_sql/4.10[1453]: cache hit for user 'daniel' Mar 20 21:09:47 mod_sql/4.10[1453]: <<< cmd_check Mar 20 21:09:47 mod_sql/4.10[1453]: <<< cmd_auth Mar 20 21:09:47 mod_sql/4.10[1453]: >>> cmd_getpwnam Mar 20 21:09:47 mod_sql/4.10[1453]: cache hit for user 'daniel' Mar 20 21:09:47 mod_sql/4.10[1453]: <<< cmd_getpwnam Mar 20 21:09:48 mod_sql/4.10[1453]: >>> cmd_uid2name Mar 20 21:09:48 mod_sql/4.10[1453]: cache miss for uid '501' Mar 20 21:09:48 mod_sql/4.10[1453]: : entering mysql cmd_select Mar 20 21:09:48 mod_sql/4.10[1453]: entering mysql cmd_open Mar 20 21:09:48 mod_sql/4.10[1453]: connection 'default' count is now 2 Mar 20 21:09:48 mod_sql/4.10[1453]: exiting mysql cmd_open Mar 20 21:09:48 mod_sql/4.10[1453]: query "SELECT userid, passwd, uid, gid, homedir, shell FROM users WHERE (uid = 501) LIMIT 1" Mar 20 21:09:48 mod_sql/4.10[1453]: entering mysql cmd_close Mar 20 21:09:48 mod_sql/4.10[1453]: connection 'default' count is now 1 Mar 20 21:09:48 mod_sql/4.10[1453]: exiting mysql cmd_close Mar 20 21:09:48 mod_sql/4.10[1453]: exiting mysql cmd_select Mar 20 21:09:48 mod_sql/4.10[1453]: cache hit for user 'daniel' Mar 20 21:09:48 mod_sql/4.10[1453]: <<< cmd_uid2name Mar 20 21:09:48 mod_sql/4.10[1453]: >>> cmd_uid2name Mar 20 21:09:48 mod_sql/4.10[1453]: cache miss for uid '501' Mar 20 21:09:48 mod_sql/4.10[1453]: : entering mysql cmd_select Mar 20 21:09:48 mod_sql/4.10[1453]: entering mysql cmd_open Mar 20 21:09:48 mod_sql/4.10[1453]: connection 'default' count is now 2 Mar 20 21:09:48 mod_sql/4.10[1453]: exiting mysql cmd_open Mar 20 21:09:48 mod_sql/4.10[1453]: query "SELECT userid, passwd, uid, gid, homedir, shell FROM users WHERE (uid = 501) LIMIT 1" Mar 20 21:09:48 mod_sql/4.10[1453]: entering mysql cmd_close Mar 20 21:09:48 mod_sql/4.10[1453]: connection 'default' count is now 1 Mar 20 21:09:48 mod_sql/4.10[1453]: exiting mysql cmd_close Mar 20 21:09:48 mod_sql/4.10[1453]: exiting mysql cmd_select Mar 20 21:09:48 mod_sql/4.10[1453]: cache hit for user 'daniel' Mar 20 21:09:48 mod_sql/4.10[1453]: <<< cmd_uid2name Mar 20 21:09:48 mod_sql/4.10[1453]: >>> cmd_uid2name Mar 20 21:09:48 mod_sql/4.10[1453]: cache miss for uid '503' Mar 20 21:09:48 mod_sql/4.10[1453]: : entering mysql cmd_select Mar 20 21:09:48 mod_sql/4.10[1453]: entering mysql cmd_open Mar 20 21:09:48 mod_sql/4.10[1453]: connection 'default' count is now 2 Mar 20 21:09:48 mod_sql/4.10[1453]: exiting mysql cmd_open Mar 20 21:09:48 mod_sql/4.10[1453]: query "SELECT userid, passwd, uid, gid, homedir, shell FROM users WHERE (uid = 503) LIMIT 1" Mar 20 21:09:48 mod_sql/4.10[1453]: entering mysql cmd_close Mar 20 21:09:48 mod_sql/4.10[1453]: connection 'default' count is now 1 Mar 20 21:09:48 mod_sql/4.10[1453]: exiting mysql cmd_close Mar 20 21:09:48 mod_sql/4.10[1453]: exiting mysql cmd_select Mar 20 21:09:48 mod_sql/4.10[1453]: cache miss for user 'aftp' Mar 20 21:09:48 mod_sql/4.10[1453]: user 'aftp' cached Mar 20 21:09:48 mod_sql/4.10[1453]: + pwd.pw_name : aftp Mar 20 21:09:48 mod_sql/4.10[1453]: + pwd.pw_uid : 65533 Mar 20 21:09:48 mod_sql/4.10[1453]: + pwd.pw_gid : 65533 Mar 20 21:09:48 mod_sql/4.10[1453]: + pwd.pw_dir : /srv/anonymousftp Mar 20 21:09:48 mod_sql/4.10[1453]: + pwd.pw_shell : /bin/bash Mar 20 21:09:48 mod_sql/4.10[1453]: <<< cmd_uid2name Mar 20 21:09:48 mod_sql/4.10[1453]: >>> cmd_uid2name Mar 20 21:09:48 mod_sql/4.10[1453]: cache miss for uid '501' Mar 20 21:09:48 mod_sql/4.10[1453]: : entering mysql cmd_select Mar 20 21:09:48 mod_sql/4.10[1453]: entering mysql cmd_open Mar 20 21:09:48 mod_sql/4.10[1453]: connection 'default' count is now 2 Mar 20 21:09:48 mod_sql/4.10[1453]: exiting mysql cmd_open Mar 20 21:09:48 mod_sql/4.10[1453]: query "SELECT userid, passwd, uid, gid, homedir, shell FROM users WHERE (uid = 501) LIMIT 1" Mar 20 21:09:48 mod_sql/4.10[1453]: entering mysql cmd_close Mar 20 21:09:48 mod_sql/4.10[1453]: connection 'default' count is now 1 Mar 20 21:09:48 mod_sql/4.10[1453]: exiting mysql cmd_close Mar 20 21:09:48 mod_sql/4.10[1453]: exiting mysql cmd_select Mar 20 21:09:48 mod_sql/4.10[1453]: cache hit for user 'daniel' Mar 20 21:09:48 mod_sql/4.10[1453]: <<< cmd_uid2name Wie man sehen kann kommt es irgendwie zu einem Fehler mit der UID (cache miss for UID 501) - er nimmt irgendwie falsche Werte an: Mar 20 21:09:47 mod_sql/4.10[1453]: + pwd.pw_name : daniel Mar 20 21:09:47 mod_sql/4.10[1453]: + pwd.pw_uid : 65533 Mar 20 21:09:47 mod_sql/4.10[1453]: + pwd.pw_gid : 65533 Mar 20 21:09:47 mod_sql/4.10[1453]: + pwd.pw_dir : /srv/ Mar 20 21:09:47 mod_sql/4.10[1453]: + pwd.pw_shell : /bin/false daniel ist der Benutzer, mit dem ich mich immer versuche anzumelden - eine einzige Anmeldung unter diesem Namen erzeugt diesen Teil der SQLLogFile. Auch den Benutzer aftp musste ich erstellen, damit der anonyme Login funktioniert - dort zeigt sich dasselbe Phaenomen. Die user-Tabelle sieht wie folgt aus: Code: mysql> SELECT * FROM users; +--------+-------------+------+------+-------------------+------------+ | userid | passwd | uid | gid | homedir | shell | +--------+-------------+------+------+-------------------+------------+ | daniel | ftp.xion.lx | 501 | 100 | /srv/ | /bin/false | | aftp | | 503 | 505 | /srv/anonymousftp | /bin/bash | +--------+-------------+------+------+-------------------+------------+ 2 rows in set (0.00 sec) Dazu die korresponierenden Zeilen aus der /etc/passwd: daniel:x:501:100::/home/daniel:/bin/bash aftp:x:503:505::/srv/anonymousftp/:/bin/false Wie man sieht stimmen die Benutzerdaten absolut überein, und das Verzeichnis /srv/ gehoert auch daniel im System - dasselbe bei anonymous und aftp, jemand ne Idee? Titel: Re: ProFTPD + MySQL Authentifizierung + Privs Beitrag von: stonki am 21. März 2004, 15:49:40 Hi,
zunächst einmal: SO MUSS EINE FEHLERBESCHREIBUNG AUSSEHEN ! :gott) Und nicht diese "StammelEnglischeBegriffeWillAberCoolSein" Problembeschreibungen... Zitat von: "/dev/hda (Gast)" Mar 20 21:09:47 mod_sql/4.10[1453]: + pwd.pw_uid : 65533 Mar 20 21:09:47 mod_sql/4.10[1453]: + pwd.pw_gid : 65533 Code: mysql> SELECT * FROM users; +--------+-------------+------+------+-------------------+------------+ | userid | passwd | uid | gid | homedir | shell | +--------+-------------+------+------+-------------------+------------+ | daniel | ftp.xion.lx | 501 | 100 | /srv/ | /bin/false | +--------+-------------+------+------+-------------------+------------+ Naja dran.. Sehr nahe dran... Schauen wir uns noch mal die Direktiven Liste an: http://www.proftpd.de/index.php?id=28&language=&directive_name=&module_id=13#172 daraus folgend: http://www.proftpd.de/index.php?id=28&language=&directive_name=&module_id=13#149 Da Deine gewählten Werte (501 und 100) unterhalb der Minimalen ID waren, wurde der ProFTPD Default Wert genommen. Also in dem Default Falle: 65533. Also setze diese Werte in Deiner Config und alles sollte klappen. Meine alte Beispiel Conf: http://www.proftpd.org/docs/configs/mysql_simple.conf cu stonki Titel: ProFTPD + MySQL Authentifizierung + Privs Beitrag von: /dev/hda (Gast) am 21. März 2004, 21:28:46 Oar danke! Is zwar logisch aber darauf waere ich bestimmt ne ganze Zeit lang nicht gekommen....
|