Re: Another FTP access denied (530) problem

yyghp · ‎12-03-2003

Another FTP access denied (530) problem:
I'm an SA using HP-UX 11.11, recently I meet a strange problem with FTP access.
A user(oracle) tried to connect server via FTP but failed:

530 User oracle access denied...
Login failed.

I used root to check my config file at /etc, but I can't find /etc/ftpd/ftpaccess or /etc/shells.
Then I tried to create a new user(user01) and it can ftp to the server, no error at all. (of course, i also tried 'root', and no problem)

So, where i should look into to solve this problem ?
Thanks a lot !

Jeff Schussele · ‎12-03-2003

Make sure that there are no entries in /var/adm/inetd.sec to deny the host or subnet from which this user is aceessing the system.
And if this system has tcp_wrappers installed that there are no entries in /etc/hosts.deny to prevent this access.

Also what shell does this user have defined in it's /etc/passwd entry?

HTH,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!

yyghp · ‎12-03-2003

I checked the system but there is no '/var/adm/inetd.sec' and '/etc/hosts.deny',
because I installed everything by default.
(I tried to use a new user to ftp the server, it works fine)
And here's the line I cut from /etc/passwd for 'oracle'(the user can't ftp):

oracle:*:102:102:Oracle Owner:/home/oracle:/bin/ksh
(this is: ksh)

Thanks!

DIPAK KUMAR ROY · ‎12-03-2003

Create (edit) the /etc/shells file and add /bin/ksh entry.

Thanks
Dipak

Jeff Schussele · ‎12-03-2003

Is this a Trusted system?
If not, then the fact that oracle user has no PW defined (not even null) could prevent the ftp connection.
Can the oracle user login?

Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!

Steven E. Protter · ‎12-03-2003

If your system is trusted and there have been too many bad oracle logins.

If your oracle id is locked, this will happen.

What about the ftpuser file, is it in there?

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Michael Schulte zur Sur · ‎12-03-2003

Hi,

is there a /etc/ftpd/ftpusers file?

greetings,

Michael

yyghp · ‎12-03-2003

RE: Dipak Kumar Roy

I created another user(user02) using /bin/ksh, and I can successfully ftp
the server by using this user(user02). And as I mentioned before that user01
used /bin/sh, and it's ok too. So, I don't think it should be the problem of
/etc/shells.

RE: Jeff Schussele

Yes, i think it's a trusted system, because there is /tcb folder.
yes, user 'oracle' can login via telnet, but it is denied via ftp :(

RE: Steven E Protter

there's no oracle logins when i tried ftp using user 'oracle'
and there's no oracle process running(I stopped all of them).

RE: Michael Schulte

# ll /etc/ftpd
total 0
dr-xr--r-- 2 bin bin 96 Nov 15 2000 ftp-exec
dr-xr--r-- 2 bin bin 96 Nov 15 2000 pids

That's all in /etc/ftpd, and those 2 folders are empty inside.
NO ftpusers

NOTE: there is one of my co-works who has access to this oracle user,
it's possible that he changed some files that under his control, so...

Any other idea about this problem ? Thanks!

Umapathy S · ‎12-03-2003

The likely cause for this error is either the shell in /etc/passwd or the ftpusers file. Whenever I encounter this error, the problem is there in the shell variable of /etc/passwd.

Any message in /var/adm/syslog/syslog.log.

HTH,
Umapathy

Arise Awake and Stop NOT till the goal is Reached!

Jeff Schussele · ‎12-03-2003

Have you checked the integrity of the passwd file?
run

ckpw

And check the output.
You could have a corrupted passwd file.

Rgds,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!

yyghp · ‎12-03-2003

Umapathy S:

I think you are right, here's the log from /var/adm/syslog/syslog.log:

Dec 3 15:12:14 ftpd[20057]: FTP LOGIN REFUSED (bad shell) FROM [], oracle
Dec 3 15:12:16 ftpd[20057]: FTP session closed

(I replaced those info in "< >" for security purpose.)

Jeff Schussele:

Yes, I think I need to check the integrity of the passwd file, but I
forget where I can find 'ckpw' :(
So, please tell me how to run this. Thanks!

yyghp · ‎12-03-2003

i think the command should be 'pwck', i will check it tomorrow when i am back to office.
thanks!

Elmar P. Kolkman · ‎12-03-2003

Another thing to check is the homedirectory of the user, oracle in this case. FTP reports bad shell in cases it has nothing to do with the shell at all.

So what you need to do is take a look at the entry of oracle in /etc/passwd and check that it has:
a) a passwd
b) a correct homedir. It should exist and be accessible by oracle. I'm not sure if it has to be owned by oracle.
c) a correct shell, or otherwise you need to add the shell to /etc/shells (create one to test, then add the default shells that can be found in "man shells")

If it still doesn't work, take a look in /etc/ftpd. The file ftpusers blocks users, perhaps oracle too.

Every problem has at least one solution. Only some solutions are harder to find.

yyghp · ‎12-04-2003

RE: Elmar P. Kolkman

Thanks.

Once again, here's the line for 'oracle' in /etc/passwd :

oracle:*:102:102:Oracle Owner:/home/oracle:/bin/ksh

/home/oracle exists, and I can telnet the server using 'oracle' and
also use this account to successfully install Oracle 9i, but just
cannot FTP :(

I run 'pwck' this morning, it showed another 2 user(not 'oracle')
"Login directory not found", but I don't think the ftp problem raised
because of this.

And
drwxr-xr-x 6 oracle oinstall 8192 Dec 4 07:56 /home/oracle
shows the user(oracle) home is owned by 'oracle', and all files and folder
under /home/oracle are all owned by by 'oracle' and 'oinstall'.

And as I mentioned above, I have setup another account using the same shell
(ksh) and successfully connected to the server via FTP, and i think if
something wrong with the shell of user 'oracle', there must be a problem
when I use it, but I have installed Oracle 9i without problem.

As I said above, there is NO ftpusers file under /etc/ftpd, NO /etc/shells,
because it's a new system with HP-UX 11.11B.

Thanks!

T G Manikandan · ‎12-04-2003

Do you have a file called .netrc in the $HOME dir of the user.

If present rename it.

T G Manikandan · ‎12-04-2003

Also check ftpusers file under /etc/

As the syslog shows bad shell.
Try logging into oracle user and check the login shell whether it the ksh as defined in /etc/passwd

Fabio Ettore · ‎12-04-2003

Hi,

just change in /etc/passwd file /bin/ksh of oracle user to /usr/bin/ksh.

Just a thought...

Best regards,
Ettore

WISH? IMPROVEMENT!

yyghp · ‎12-04-2003

RE: T G Manikandan

1. The following is all files under /home/oracle

-rwxrwxrwx 1 oracle oinstall 0 Nov 30 15:15 .ICEauthority
-rwxr-xr-x 1 oracle oinstall 74 Nov 30 14:48 .TTauthority
-rwxr-xr-x 1 oracle oinstall 98 Nov 30 14:48 .Xauthority
-r-------- 1 oracle oinstall 832 Nov 30 11:54 .cshrc
drwxr-xr-x 11 oracle oinstall 8192 Dec 2 09:49 .dt
-rwxr-xr-x 1 oracle oinstall 5451 Nov 30 11:54 .dtprofile
-r-------- 1 oracle oinstall 347 Nov 30 11:54 .exrc
-r-------- 1 oracle oinstall 334 Nov 30 11:54 .login
drwx------ 5 oracle oinstall 8192 Dec 3 14:55 .netscape
-rwxrw-rw- 1 oracle oinstall 1132 Dec 3 14:37 .profile
-rw------- 1 oracle oinstall 2344 Dec 4 08:50 .sh_history
drwx------ 5 oracle oinstall 96 Nov 30 11:54 .sw
-rw------- 1 oracle oinstall 1521324 Nov 30 11:54 core
-rwx------ 1 oracle oinstall 628 Dec 3 16:01 dd
drwx------ 2 oracle oinstall 96 Dec 3 14:53 nsmail
-rw------- 1 oracle oinstall 760 Nov 30 11:54 oratab
-rw------- 1 oracle oinstall 340 Nov 30 11:54 redoit
-rw------- 1 oracle oinstall 8010 Nov 30 11:54 sqlnet.log

NO file named .netrc

And I also tried to rename the file '.profile' to 'abc.profile', and tried
to ftp again, same problem :(

2. And here's the output under '/etc'

# ll -aR ftp*
total 16
dr-xr--r-- 4 bin bin 96 Nov 15 2000 .
dr-xr-xr-x 30 bin bin 8192 Dec 3 12:56 ..
dr-xr--r-- 2 bin bin 96 Nov 15 2000 ftp-exec
dr-xr--r-- 2 bin bin 96 Nov 15 2000 pids

ftpd/ftp-exec:
total 0
dr-xr--r-- 2 bin bin 96 Nov 15 2000 .
dr-xr--r-- 4 bin bin 96 Nov 15 2000 ..

ftpd/pids:
total 0
dr-xr--r-- 2 bin bin 96 Nov 15 2000 .
dr-xr--r-- 4 bin bin 96 Nov 15 2000 ..

So, NO ftpusers file.

3.
$whoami
oracle
$echo $SHELL
/bin/ksh

So, it shows as it defined in /etc/passwd:
oracle:*:102:102:Oracle Owner:/home/oracle:/bin/ksh

Any idea ? Thanks!

RAC_1 · ‎12-04-2003

Tray changing shell from /bin/ksh to /usr/bin/ksh.
(Make sure you have /usr/bin/ksh in /etc/shells, and perms on /etc/shells are OK)

Also telnet with oracler user and say logname

Post the results.

There is no substitute to HARDWORK

Elmar P. Kolkman · ‎12-04-2003

The user you created to check with, was it created with /bin/ksh as login shell or /usr/bin/ksh ???

According to the manpage of getusershell(3C) /bin/ksh is not in the default list of shells, while /usr/bin/ksh is. This could very well be the cause of the problem.

Every problem has at least one solution. Only some solutions are harder to find.

yyghp · ‎12-04-2003

RE Ettore Rossi:

WOOOOOOOOOOOOOOOOOOOOOOOOOOOOOW, you are so COOOOOOOOOOOOOOOOOOOOOOL !
I add you 10 points !!!

Yes, after I change '/bin/ksh' to '/usr/bin/ksh' in /etc/passwd, it works!
I can FTP using 'oracle' now !
And those users I created for testing(user01,user02,those i mentioned
above) are all using '/usr/bin/ksh', I haven't noticed that before !!!

And I tried to compared those 2 ksh files:
# ll /bin/ksh
-r-xr-xr-x 2 bin bin 159744 Nov 29 2002 /bin/ksh
# ll /usr/bin/ksh
-r-xr-xr-x 2 bin bin 159744 Nov 29 2002 /usr/bin/ksh

I wonder whether the file '/bin/ksh' is corrupted or not, but if it's corrupted,
why can i still use it to telnet the server with user 'oracle', and everything
seems fine ? And there's NO error in syslog.log file after I telnet! Strange !

Any idea on this ?

Here, thanks a lot for every one helps on this case !
I greatly appreciate all your efforts!!!

Elmar P. Kolkman · ‎12-04-2003

The cause of your problem is explained in my previous post: ftpd uses getusershells to determine valid shells. /bin/ksh is not by default in the list the function returns.

Every problem has at least one solution. Only some solutions are harder to find.

yyghp · ‎12-04-2003

Thanks RAC and Elmar too!
Yes, the problem is from the /bin/ksh. I got it from Ettore Rossi.

And Elmar, do you know what's the difference of those 2 shell files?
Thanks!

Fabio Ettore · ‎12-04-2003

Very good!
Reason of that is that Elmar said.
If /etc/shells doens't exist on system then it uses /usr/bin/ksh if user shell is ksh, otherwise /usr/bin/csh if user shell is csh.
Anyway you could create /etc/shells and insert /bin/ksh (just a test too ;-). Then you will see that ftp will work fine with /bin/ksh in /etc/passwd too.

Best regards,
Ettore

WISH? IMPROVEMENT!

yyghp · ‎12-04-2003

i see, finally, i know how it works, cool !
thanks!

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Another FTP access denied (530) problem

Another FTP access denied (530) problem