HPE Community
Operating System - HP-UX
1833553 Members
3370 Online
110061 Solutions
New Discussion

Guest FTP account not logging (chrooted)

 
Joe Gardner
New Member

‎08-10-2005 06:47 AM

‎08-10-2005 06:47 AM

Guest FTP account not logging (chrooted)

Folks,

I've searched here and do not see the same issue on anyone's post. I have setup a guest user through ftpaccess. I have logging turned on. Currently, I only allow the guest class.

The problem I am having is that, while the transfers are being logged okay into xferlog, the commands do not get logged into syslog for chrooted accounts. Works fine for real accounts when I allow them in. Anyone seen this before? I assume it has something to do with the chrooting, but am not sure.

For edification, below is my ftpaccess file currently:

#class all real,guest,anonymous *
class all guest *

limit all 10 Any /etc/msgs/msg.dead

readme README* login
readme README* cwd=*

message /welcome.msg login
message .message cwd=*

guestgroup sapsys
guestuser dsdr2ftp
compress yes all
tar yes all

log commands real,guest,anonymous
log transfers anonymous,real,guest inbound,outbound

shutdown /etc/shutmsg

#email user@hostname

Here is my inetd.conf ftp line:

ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l -a /etc/ftpd/ftpaccess

The account is as follows:

dsdr2ftp:x:13504:11500:FTP ID for ascential:/datafiles/DR2/DATASTAGE/./:/usr/bin/false

Again, the account works fine - chroot is good, ls and the needed libraries are there. I just cannot get the commands for the guest accounts logged to syslog for some reason.

Thanks in advance
0 Kudos
Reply
7 REPLIES 7
Ermin Borovac
Honored Contributor

‎08-10-2005 01:32 PM

‎08-10-2005 01:32 PM

Re: Guest FTP account not logging (chrooted)

That's strange, commands get logged for real but not chroot'ed accounts.

FTP commands should be logged into syslog with local5.info level so double check your syslog.conf to make sure this is not redirected elsewhere.

One other minor thing is that you don't need the name of ftpaccess file in inetd.conf.

ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l -a /etc/ftpd/ftpaccess

should be

ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l -a
0 Kudos
Reply
Borislav Perkov
Respected Contributor

‎08-10-2005 10:02 PM

‎08-10-2005 10:02 PM

Re: Guest FTP account not logging (chrooted)

Hi,

As you want to log command for all users you could comment log commands entry in ftpaccess file and you could change the ftpd entry in inetd.conf to:

ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l -a -L

Regards,
Borislav
0 Kudos
Reply
Borislav Perkov
Respected Contributor

‎08-10-2005 10:04 PM

‎08-10-2005 10:04 PM

Re: Guest FTP account not logging (chrooted)

Don't forget to run

inetd -c

command after.
0 Kudos
Reply
Joe Gardner
New Member

‎08-11-2005 12:02 AM

‎08-11-2005 12:02 AM

Re: Guest FTP account not logging (chrooted)

Thanks for the heads up on not needing the ftpaccess file called out specifically. I didn't think I had to, but some docs I read listed it specifically. May have been older.

Using the ftpd -l -a -L in inetd doesn't make any difference, because once ftpaccess comes into play those logging arguments are ignored. Commenting out logging in the ftpaccess file, combined with the above ftpd switches, just has the net affect of not logging anything. (I did try it, though.)
0 Kudos
Reply
Joe Gardner
New Member

‎08-11-2005 12:06 AM

‎08-11-2005 12:06 AM

Re: Guest FTP account not logging (chrooted)

Oh, and syslog.conf is as follows:

@(#)B11.23_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *

Remember, commands are logging fine for real accounts, just not chrooted guest accounts. I would think that would indicate that syslog is getting the log messages correctly. Unless the logging level changes when the guest account is logged in (that would seem odd).
0 Kudos
Reply
Ermin Borovac
Honored Contributor

‎08-11-2005 02:39 PM

‎08-11-2005 02:39 PM

Re: Guest FTP account not logging (chrooted)

Can you try to get system call trace from ftpd to see why it fails to write syslog messages?

When you connect to your server via ftp and login to chrooted account, there should be a ftpd process running. When you run lsof on the PID of ftpd you should see line with FIFO. That is syslog named pipe file (/dev/log).

ftpd 12847 root 3u FIFO 0x4218a3c8 0t0 2214

# ll /dev/log
prw-rw-rw- 1 root root 0 Aug 12 02:35 log

Now you can trace ftpd with tusc.

# tusc -fv -s write

Examine the output for writes to the file descriptor from lsof output above (FD 3 in my listing).

write(3, "< 1 7 5 > A u g 1 2 0 2 : 3 ".., 2048) ..... = 2048

Maybe that way you can get some clue as to why it's not logging ...
0 Kudos
Reply
Joe Gardner
New Member

‎08-12-2005 01:10 AM

‎08-12-2005 01:10 AM

Re: Guest FTP account not logging (chrooted)

Thanks...I'll try that as soon as I get a chance and let you know what I find.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.