gunterr
Goto Top

Mehrere FTP Benutzer sollen sich mit einem Benutzernamen anmelden?

Hallo Zusammen,

vermutlich durch die Hitze oder einen anderen ungünstigen Zustand komme ich gerade bei meinem kleinen Problem nicht weiter.

Linux 11.2 mit vsftpd Server

Dort ist ein User angelegt "Berta" mit einem Kennwort, jetzt bekommen mehrere Kunden diese Benutzerkennung um sich was runter zuladen. Jedoch läßt der FTP zur Zeit immer nur EINE Verbindung zu. Es sollen sich aber mehrere User gleichzeitig anmelden können.
In den Leistungseinstellungen von VSFTPD ist eingetragen:
Maximale Leerlaufzeit = 15 min
Maximale Klienten pro IP = 5
Max. Klienten = 5

Was mache ich falsch?

Über einen heißen Rat wäre ich dankbar und schicke dann 2-3 Grad Wärme als Danke schön face-smile
Gruß
Gunter

Content-Key: 146536

Url: https://administrator.de/contentid/146536

Ausgedruckt am: 29.03.2024 um 01:03 Uhr

Mitglied: Dani
Dani 08.07.2010 um 17:23:06 Uhr
Goto Top
Hi Gunter,
poste uns doch mal die komplette Konfigurationdatei. Die findest du unter "/etc/VSFTPD.conf".


Grüße,
Dani
Mitglied: aqui
aqui 08.07.2010 um 17:25:54 Uhr
Goto Top
Mitglied: GunterR
GunterR 08.07.2010 um 17:39:49 Uhr
Goto Top
Hi Dani,

vielen Dank schon mal, hier ist die CONF:
#Example config file /etc/vsftpd.conf
#The default compiled in settings are fairly paranoid. This sample file
#loosens things up a bit, to make the ftp daemon more usable.
#Please see vsftpd.conf.5 for all compiled in defaults.
#If you do not change anything here you will have a minimum setup for an
#anonymus FTP server.
#READ THIS: This example file is NOT an exhaustive list of vsftpd options.
#Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's 
#capabilities.
#General Settings
#Uncomment this to enable any form of FTP write command.
#write_enable=YES
#Activate directory messages - messages given to remote users when they
#go into a certain directory.
dirmessage_enable=YES
#It is recommended that you define on your system a unique user which the
#ftp server can use as a totally isolated and unprivileged user.
nopriv_user=ftpsecure
#You may fully customise the login banner string:
#ftpd_banner="Welcome to FOOBAR FTP service." 
#You may activate the "-R" option to the builtin ls. This is disabled by 
#default to avoid remote users being able to cause excessive I/O on large
#sites. However, some broken FTP clients such as "ncftp" and "mirror" assume 
#the presence of the "-R" option, so there is a strong case for enabling it. 
#ls_recurse_enable=YES
#You may specify a file of disallowed anonymous e-mail addresses. Apparently
#useful for combatting certain DoS attacks.
#deny_email_enable=YES
#(default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#If  enabled,  all  user  and  group  information in
#directory listings will be displayed as "ftp". 
#hide_ids=YES
#Local FTP user Settings
#Uncomment this to allow local users to log in.
#local_enable=YES
#Default umask for local users is 077. You may wish to change this to 022,
#if your users expect that (022 is used by most other ftpd's) 
#local_umask=022
#Uncomment to put local users in a chroot() jail in their home directory
#after login.
#chroot_local_user=YES
#You may specify an explicit list of local users to chroot() to their home
#directory. If chroot_local_user is YES, then this list becomes a list of
#users to NOT chroot().
#chroot_list_enable=YES
#(default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#The maximum data transfer rate permitted, in bytes per second, for
#local authenticated users. The default is 0 (unlimited).
#local_max_rate=7200
#Anonymus FTP user Settings
#Allow anonymous FTP?
anonymous_enable=NO
#Anonymous users will only be allowed to download files which are
#world readable.
anon_world_readable_only=YES
#Uncomment this to allow the anonymous FTP user to upload files. This only
#has an effect if the above global write enable is activated. Also, you will
#obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#Default umask for anonymus users is 077. You may wish to change this to 022,
#if your users expect that (022 is used by most other ftpd's) 
#anon_umask=022
#Uncomment this if you want the anonymous FTP user to be able to create
#new directories.
#anon_mkdir_write_enable=YES
#Uncomment this to enable anonymus FTP users to perform other write operations
#like deletion and renaming.
#anon_other_write_enable=YES
#If you want, you can arrange for uploaded anonymous files to be owned by
#a different user. Note! Using "root" for uploaded files is not 
#recommended!
#chown_uploads=YES
#chown_username=whoever
#The maximum data transfer rate permitted, in bytes per second, for anonymous
#authenticated users. The default is 0 (unlimited).
#anon_max_rate=7200
#Log Settings
#Log to the syslog daemon instead of using an logfile.
syslog_enable=YES
#Uncomment this to log all FTP requests and responses.
#log_ftp_protocol=YES
#Activate logging of uploads/downloads.
#xferlog_enable=YES
#You may override where the log file goes if you like. The default is shown
#below.
#vsftpd_log_file=/var/log/vsftpd.log
#If you want, you can have your log file in standard ftpd xferlog format.
#Note: This disables the normal logging unless you enable dual_log_enable below. 
#xferlog_std_format=YES
#You may override where the log file goes if you like. The default is shown
#below.
#xferlog_file=/var/log/xferlog
#Enable this to have booth logfiles. Standard xferlog and vsftpd's own style log. 
#dual_log_enable=YES
#Uncomment this to enable session status information in the system process listing.
#setproctitle_enable=YES
#Transfer Settings
#Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#You may change the default value for timing out an idle session.
#idle_session_timeout=600
#You may change the default value for timing out a data connection.
#data_connection_timeout=120
#Enable this and the server will recognise asynchronous ABOR requests. Not
#recommended for security (the code is non-trivial). Not enabling it,
#however, may confuse older FTP clients.
#async_abor_enable=YES
#By default the server will pretend to allow ASCII mode but in fact ignore
#the request. Turn on the below options to have the server actually do ASCII
#mangling on files when in ASCII mode.
#Beware that turning on ascii_download_enable enables malicious remote parties
#to consume your I/O resources, by issuing the command "SIZE /big/file" in 
#ASCII mode.
#These ASCII options are split into upload and download because you may wish
#to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
#without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
#on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#Set to NO if you want to disallow the  PASV  method of obtaining a data
#connection.
#pasv_enable=NO
#PAM setting. Do NOT change this unless you know what you do!
pam_service_name=vsftpd
#Set listen=YES if you want vsftpd to run standalone
listen=YES
#Set to ssl_enable=YES if you want to enable SSL
ssl_enable=NO
#Limit passive ports to this range to assis firewalling
pasv_min_port=1024
pasv_max_port=1024
anon_mkdir_write_enable=NO
anon_upload_enable=NO
chroot_local_user=YES
ftpd_banner=iBrams FTP-Service
idle_session_timeout=900
local_enable=YES
log_ftp_protocol=YES
max_clients=12
max_per_ip=5
pasv_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
write_enable=YES
anon_root=/srv/ftp

Gruß
Gunter
Mitglied: 60730
60730 08.07.2010 um 17:56:13 Uhr
Goto Top
moin,

auf diversen Gründen solltest du das mit dem Berta User nicht machen.

Nimm Berta1-10 und verteile die auf die x Uxer.

Alles andere macht keinen Sinn und sorgt nur für Probleme.

btw: les dir mal deine conf durch...
#chroot_local_user=YES
das (und einiges andere auch) würde ich "scharf" schalten!

Gruß
Mitglied: Dani
Dani 08.07.2010 um 18:15:07 Uhr
Goto Top
Hi Gunter,
ich habe es mal grad in unserem Labor getestet. Mit folgender Konfiguration funktioniert bei mir ein Multi-Login mit dem Benutzer "test":
debian5:~# cat /etc/vsftpd.conf
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's  
# capabilities.
#
#
# Run standalone?  vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=no
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
#write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)  
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not  
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd  
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by  
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume  
# the presence of the "-R" option, so there is a strong case for enabling it.  
#ls_recurse_enable=YES
#
#
# Debian customization
#
# Some of vsftpd's settings don't fit the Debian filesystem layout by  
# default.  These settings are more Debian-friendly.
#
# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
Allerdings war mein OS Debian Lenny 5.0 x86. Sollte aber keinen Unterschied machen. Einfach meine Konfiguration kopieren abe vorher eine Kopie deiner Bisherigen erstellen!

Jedoch läßt der FTP zur Zeit immer nur EINE Verbindung zu. Es sollen sich aber mehrere User gleichzeitig anmelden können.
Wie hast du das herausgefunden? Sprich aus dem LAN ODER WAN?


Grüße,
Dani
Mitglied: GunterR
GunterR 08.07.2010 um 18:17:24 Uhr
Goto Top
@Timo

Das mit dem Berta verstehe ich absolut, nur leider wird es mir so vorgegeben.

Und das mit #chroot_local_user=YES ist temporär.

Danke dir aber für den Hinweis.

Gruß
gunter
Mitglied: GunterR
GunterR 08.07.2010 um 18:20:50 Uhr
Goto Top
Hi Dani,

Allerdings war mein OS Debian Lenny 5.0 x86. Sollte aber keinen Unterschied machen. Einfach meine Konfiguration kopieren abe
vorher eine Kopie deiner Bisherigen erstellen!

vielen Dank für deine Mühe, ich werde es etwas später gleich probieren und natürlich auch berichten.



> Jedoch läßt der FTP zur Zeit immer nur EINE Verbindung zu. Es sollen sich aber mehrere User gleichzeitig anmelden
können.
Wie hast du das herausgefunden? Sprich aus dem LAN ODER WAN?


1. die User haben es berichtet
2. habe ich es dann ausprobiert über WLAN, LAN im Office sowie aus dem Rechenzentrum gleichzeitig.

Gruß und Danke
Gunter