recent update messed with vsftpd?

General support questions
Post Reply
Mystic
Posts: 14
Joined: 2016/04/24 01:59:26

recent update messed with vsftpd?

Post by Mystic » 2018/12/09 18:14:49

Anybody else notice an issue after the most recent yum update? A bunch of my ftp accounts would no longer log into my server.

It took me awhile to figure it out, but apparently there is some update that made vsftp pay more attention to the default shell in the user file and would just return with "LOGIN FAIL" for ftp connections without any additional info.

I had several automated systems that were pushing files to my server just suddenly stop, get failed logins, then get banned by f2b. When I changed the default shell in the user file, this was fixed, but these accounts have been working for years prior. So some update must have changed something. Anybody have any ideas?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: recent update messed with vsftpd?

Post by TrevorH » 2018/12/09 18:28:30

It's documented in the release notes.

https://wiki.centos.org/Manuals/Release ... 02e68c983d
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Mystic
Posts: 14
Joined: 2016/04/24 01:59:26

Re: recent update messed with vsftpd?

Post by Mystic » 2018/12/09 18:32:25

aha! That's what caused my issue:

Redhat have removed /sbin/nologin from /etc/shells in a 7.6 update and this will stop vsftpd from working in the default configuration supplied. Either remove pam_shell.so from /etc/pam.d/vsftpd or add /sbin/nologin back into /etc/shells. Other packages that depend on /sbin/nologin may also be affected by this change.

Any idea why this was done? It seems like a rather trivial change that could cause a lot of problems.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: recent update messed with vsftpd?

Post by TrevorH » 2018/12/09 21:13:59

The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Mystic
Posts: 14
Joined: 2016/04/24 01:59:26

Re: recent update messed with vsftpd?

Post by Mystic » 2018/12/09 22:40:07

Interesting but I think this was a poor choice. Red Hat choose to put a band-aid on a problem that is ultimately the sysadmin's incompetence by not turning off accounts properly.

Post Reply