FTP Local instance: ECONNREFUSED
Hi, I am struggling with the FTP connection on our local instance. I start ProFTPd for SHA1 like this: $ service proftpd start #the conf file is below Notes: I had to do that as root, not possible as the non-root galaxy user ROOT PRIVS: unable to seteuid(): Operation not permitted -> is it possible to run proftpd as non-root? The server run, but I am not able to connect with FTP -FileZilla (localhost:2021) Log: Statut : Résolution de l'adresse de localhost Statut : Connexion à [::1]:2021... Statut : Échec de la tentative de connexion avec "ECONNREFUSED - Connexion refusée par le serveur", essai de l'adresse suivante. Statut : Connexion à 127.0.0.1:2021... Statut : Échec de la tentative de connexion avec "ECONNREFUSED - Connexion refusée par le serveur". Erreur : Impossible d'établir une connexion au serveur Statut : Attente avant nouvel essai... Notes: The local instance doesn't have a proxy, I access it with ssh. (ssh -C -L 8081:localhost:8081 durandal). Any ideas? Is it linked to the firewall? Thanks, Luc #proftpd.conf $cat /etc/proftpd.conf # Basics, some site-specific ServerName "Public Galaxy FTP" ServerType standalone DefaultServer on Port 21 Umask 077 SyslogFacility DAEMON SyslogLevel debug MaxInstances 30 # This User & Group should be set to the actual user and group name which matche the UID & GID you will specify later in the SQLNamedQuery. User nobody Group nobody DisplayConnect /etc/opt/local/proftpd_welcome.txt # Passive port range for the firewall PassivePorts 30000 40000 # Cause every FTP user to be "jailed" (chrooted) into their home directory DefaultRoot ~ # Automatically create home directory if it doesn't exist CreateHome on dirmode 700 # Allow users to overwrite their files AllowOverwrite on # Allow users to resume interrupted uploads AllowStoreRestart on # Bar use of SITE CHMOD <Limit SITE_CHMOD> DenyAll </Limit> # Bar use of RETR (download) since this is not a public file drop <Limit RETR> DenyAll </Limit> # Do not authenticate against real (system) users AuthPAM off # General database support (http://www.proftpd.org/docs/contrib/mod_sql.html) #SQL module LoadModule mod_sql.c # Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables # (contrib/mod_sql_passwd.html) LoadModule mod_sql_passwd.c # Postgresql support (requires proftpd-postgresql package) # (http://www.proftpd.org/docs/contrib/mod_sql.html) LoadModule mod_sql_postgres.c # set Authentication order AuthOrder mod_sql.c # Set this if Galaxy user UID and/or GID are less than 999 SQLMinID 400 # Common SQL authentication options SQLEngine on SQLPasswordEngine on SQLBackend postgres SQLConnectInfo postgres@localhost:5432 galaxyftp <dbpassword> SQLAuthenticate users ## # Set up mod_sql/mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1 SQLAuthTypes SHA1 SQLPasswordEncoding hex # An empty directory in case chroot fails #SQLDefaultHomedir /var/opt/local/proftpd # Define a custom query for lookup that returns a passwd-like entry. Replace 512s with the UID and GID of the user running the Galaxy server SQLUserInfo custom:/LookupGalaxyUser SQLNamedQuery LookupGalaxyUser SELECT "email,password,512,512,'/home/nate/galaxy_dist/database/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" ------------ Luc Cornet, PhD Bio-informatician Mycology and Aerobiology Sciensano
Hi Luc, I don't get your setup, as per proftpd conf you are running FTP service on TCP 21 port while you are trying to connect with filezilla on port 2021. If you are using some port forwarding over SSH or things like that you have to keep in mind that FTP has two connection, the control connection over port 21 and the data connection over a random TCP port negociated by the contol session (in the range 30000 40000 as per your configuration) so you need to forward port 21 and all this port range to make it work properly. If you are not using any port forwarding technique, then you should point your filezilla to localhost:21 Proftpd needs to bind to ports <1024 and thus needs root (or the binary needs the CAP_NET_BIND_SERVICE capability set) but as soon as the bind is done, Proftpd drops root previliges. Proftpd needs also root in order to manage logging. So no worry about Proftpd needing root. If you insist you can make it bind on a high port and ensure that log/run directory is writable by the runnig user and it should start correctly. For database auth access, that's weird, but on an the old Proftpd (proftpd-1.3.3g on Centos 6) we are running (to do sFTP for instance and not FTP) I have this little comment at the end of the conf file: # weird behaviour, but SQL auth works only in DEBUG ! # http://www.linuxquestions.org/questions/linux-software-2/proftpd-works-only-... # no more time to investigate further SyslogLevel DEBUG Maybe you should give it a try. Youssef Ghorbal Institut Pasteur -------------------------------
On 30 Apr 2020, at 17:45, Luc Cornet <luc.cornet@uliege.be> wrote:
Hi,
I am struggling with the FTP connection on our local instance.
I start ProFTPd for SHA1 like this:
$ service proftpd start #the conf file is below
Notes: I had to do that as root, not possible as the non-root galaxy user ROOT PRIVS: unable to seteuid(): Operation not permitted -> is it possible to run proftpd as non-root?
The server run, but I am not able to connect with FTP -FileZilla (localhost:2021)
Log: Statut : Résolution de l'adresse de localhost Statut : Connexion à [::1]:2021... Statut : Échec de la tentative de connexion avec "ECONNREFUSED - Connexion refusée par le serveur", essai de l'adresse suivante. Statut : Connexion à 127.0.0.1:2021... Statut : Échec de la tentative de connexion avec "ECONNREFUSED - Connexion refusée par le serveur". Erreur : Impossible d'établir une connexion au serveur Statut : Attente avant nouvel essai...
Notes: The local instance doesn't have a proxy, I access it with ssh. (ssh -C -L 8081:localhost:8081 durandal).
Any ideas? Is it linked to the firewall?
Thanks, Luc
#proftpd.conf $cat /etc/proftpd.conf
# Basics, some site-specific ServerName "Public Galaxy FTP" ServerType standalone DefaultServer on Port 21 Umask 077 SyslogFacility DAEMON SyslogLevel debug MaxInstances 30 # This User & Group should be set to the actual user and group name which matche the UID & GID you will specify later in the SQLNamedQuery. User nobody Group nobody DisplayConnect /etc/opt/local/proftpd_welcome.txt
# Passive port range for the firewall PassivePorts 30000 40000
# Cause every FTP user to be "jailed" (chrooted) into their home directory DefaultRoot ~
# Automatically create home directory if it doesn't exist CreateHome on dirmode 700
# Allow users to overwrite their files AllowOverwrite on
# Allow users to resume interrupted uploads AllowStoreRestart on
# Bar use of SITE CHMOD <Limit SITE_CHMOD> DenyAll </Limit>
# Bar use of RETR (download) since this is not a public file drop <Limit RETR> DenyAll </Limit>
# Do not authenticate against real (system) users AuthPAM off
# General database support (http://www.proftpd.org/docs/contrib/mod_sql.html) #SQL module LoadModule mod_sql.c
# Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables # (contrib/mod_sql_passwd.html) LoadModule mod_sql_passwd.c
# Postgresql support (requires proftpd-postgresql package) # (http://www.proftpd.org/docs/contrib/mod_sql.html) LoadModule mod_sql_postgres.c
# set Authentication order AuthOrder mod_sql.c
# Set this if Galaxy user UID and/or GID are less than 999 SQLMinID 400
# Common SQL authentication options SQLEngine on SQLPasswordEngine on SQLBackend postgres SQLConnectInfo postgres@localhost:5432 galaxyftp <dbpassword> SQLAuthenticate users
## # Set up mod_sql/mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1 SQLAuthTypes SHA1 SQLPasswordEncoding hex
# An empty directory in case chroot fails #SQLDefaultHomedir /var/opt/local/proftpd
# Define a custom query for lookup that returns a passwd-like entry. Replace 512s with the UID and GID of the user running the Galaxy server SQLUserInfo custom:/LookupGalaxyUser SQLNamedQuery LookupGalaxyUser SELECT "email,password,512,512,'/home/nate/galaxy_dist/database/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'"
------------ Luc Cornet, PhD Bio-informatician Mycology and Aerobiology Sciensano ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: %(web_page_url)s
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/
participants (2)
-
Luc Cornet -
Youssef GHORBAL