Hi Luc,
I don't get your setup, as per proftpd conf you are running FTP service
on TCP 21 port while you are trying to connect with filezilla on port 2021.
If you are using some port forwarding over SSH or things like that you
have to keep in mind that FTP has two connection, the control connection over
port 21 and the data connection over a random TCP port negociated by the contol
session (in the range 30000 40000 as per your configuration) so you need to
forward port 21 and all this port range to make it work properly. If you are
not using any port forwarding technique, then you should point your filezilla
to localhost:21
Proftpd needs to bind to ports <1024 and thus needs root (or the binary
needs the CAP_NET_BIND_SERVICE capability set) but as soon as the bind is done,
Proftpd drops root previliges. Proftpd needs also root in order to manage
logging. So no worry about Proftpd needing root. If you insist you can make it
bind on a high port and ensure that log/run directory is writable by the runnig
user and it should start correctly.
For database auth access, that's weird, but on an the old Proftpd
(proftpd-1.3.3g on Centos 6) we are running (to do sFTP for instance and not
FTP) I have this little comment at the end of the conf file:
# weird behaviour, but SQL auth works only in DEBUG !
#
http://www.linuxquestions.org/questions/linux-software-2/proftpd-works-only-in-debug-mode-4175516815/
# no more time to investigate further
SyslogLevel DEBUG
Maybe you should give it a try.
Youssef Ghorbal
Institut Pasteur
-------------------------------
> On 30 Apr 2020, at 17:45, Luc Cornet <luc.cor...@uliege.be> wrote:
>
> Hi,
>
> I am struggling with the FTP connection on our local instance.
>
> I start ProFTPd for SHA1 like this:
>
> $ service proftpd start #the conf file is below
>
> Notes: I had to do that as root, not possible as the non-root galaxy user
> ROOT PRIVS: unable to seteuid(): Operation not permitted
> -> is it possible to run proftpd as non-root?
>
> The server run, but I am not able to connect with FTP -FileZilla
> (localhost:2021)
>
> Log: Statut : Résolution de l'adresse de localhost
> Statut : Connexion à [::1]:2021...
> Statut : Échec de la tentative de connexion avec
> "ECONNREFUSED - Connexion refusée par le serveur", essai de l'adresse
> suivante.
> Statut : Connexion à 127.0.0.1:2021...
> Statut : Échec de la tentative de connexion avec
> "ECONNREFUSED - Connexion refusée par le serveur".
> Erreur : Impossible d'établir une connexion au serveur
> Statut : Attente avant nouvel essai...
>
> Notes: The local instance doesn't have a proxy, I access it with ssh. (ssh
> -C -L 8081:localhost:8081 durandal).
>
>
> Any ideas? Is it linked to the firewall?
>
> Thanks,
> Luc
>
>
> #proftpd.conf
> $cat /etc/proftpd.conf
>
> # Basics, some site-specific
> ServerName "Public Galaxy FTP"
> ServerType standalone
> DefaultServer on
> Port 21
> Umask 077
> SyslogFacility DAEMON
> SyslogLevel debug
> MaxInstances 30
> # This User & Group should be set to the actual user and group name which
> matche the UID & GID you will specify later in the SQLNamedQuery.
> User nobody
> Group nobody
> DisplayConnect /etc/opt/local/proftpd_welcome.txt
>
> # Passive port range for the firewall
> PassivePorts 30000 40000
>
> # Cause every FTP user to be "jailed" (chrooted) into their home directory
> DefaultRoot ~
>
> # Automatically create home directory if it doesn't exist
> CreateHome on dirmode 700
>
> # Allow users to overwrite their files
> AllowOverwrite on
>
> # Allow users to resume interrupted uploads
> AllowStoreRestart on
>
> # Bar use of SITE CHMOD
> <Limit SITE_CHMOD>
> DenyAll
> </Limit>
>
> # Bar use of RETR (download) since this is not a public file drop
> <Limit RETR>
> DenyAll
> </Limit>
>
> # Do not authenticate against real (system) users
> AuthPAM off
>
> # General database support (http://www.proftpd.org/docs/contrib/mod_sql.html)
> #SQL module
> LoadModule mod_sql.c
>
> # Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables
> # (contrib/mod_sql_passwd.html)
> LoadModule mod_sql_passwd.c
>
> # Postgresql support (requires proftpd-postgresql package)
> # (http://www.proftpd.org/docs/contrib/mod_sql.html)
> LoadModule mod_sql_postgres.c
>
> # set Authentication order
> AuthOrder mod_sql.c
>
> # Set this if Galaxy user UID and/or GID are less than 999
> SQLMinID 400
>
> # Common SQL authentication options
> SQLEngine on
> SQLPasswordEngine on
> SQLBackend postgres
> SQLConnectInfo postgres@localhost:5432 galaxyftp <dbpassword>
> SQLAuthenticate users
>
> ##
> # Set up mod_sql/mod_sql_password - Galaxy passwords are stored as
> hex-encoded SHA1
> SQLAuthTypes SHA1
> SQLPasswordEncoding hex
>
> # An empty directory in case chroot fails
> #SQLDefaultHomedir /var/opt/local/proftpd
>
> # Define a custom query for lookup that returns a passwd-like entry. Replace
> 512s with the UID and GID of the user running the Galaxy server
> SQLUserInfo custom:/LookupGalaxyUser
> SQLNamedQuery LookupGalaxyUser SELECT
> "email,password,512,512,'/home/nate/galaxy_dist/database/ftp/%U','/bin/bash'
> FROM galaxy_user WHERE email='%U'"
>
> ------------
> Luc Cornet, PhD
> Bio-informatician
> Mycology and Aerobiology
> Sciensano
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client. To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
> %(web_page_url)s
>
> To search Galaxy mailing lists use the unified search at:
> http://galaxyproject.org/search/
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
%(web_page_url)s
To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/
