Want more timely Centmin Mod News Updates?
Become a Member

Pure-FTPD Unable to connect with any vhost FTP user

Discussion in 'Other Centmin Mod Installed software' started by ShaneVG, Jul 4, 2024.

  1. ShaneVG

    ShaneVG New Member

    15
    1
    3
    Mar 2, 2022
    Ratings:
    +2
    Local Time:
    4:22 AM
    1.21.4
    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 140.00beta01
    • Nginx Version Installed: 1.27.0
    • PHP Version Installed: v8.1.29,
    • MariaDB MySQL Version Installed: 10.4.34-MariaDB MariaDB Server
    • When was last time updated Centmin Mod code base ? : 04/07/2024
    • Persistent Config:
    Code:
    DEVTOOLSETTEN='n'
    DEVTOOLSETELEVEN='y'
    SELFSIGNEDSSL_ECDSA='y'
    PHP_OVERWRITECONF='n'

    This week I performed a migration to a new server. Everything goes well, but it now appears that I cannot log in with any FTP user (automatically created via vhost), and I always get the following error in the log files:


    Code:
    Jul  4 15:12:07 220 pure-ftpd: (?@194.78.14.***) [INFO] New connection from 194.78.14.***
    Jul  4 15:12:07 220 pure-ftpd: (?@194.78.14.***) [INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES128-GCM-SHA256, 128 secret bits cipher
    Jul  4 15:12:07 220 pure-ftpd: (?@194.78.14.***) [WARNING] Can't login as [UCgp*****FDMN6q]: account disabled (uid < 1000)
    Jul  4 15:12:07 220 pure-ftpd: (?@194.78.14.***) [INFO] Logout.
    Unfortunately I couldn't find a solution online, can anyone help?
     
  2. eva2000

    eva2000 Administrator Staff Member

    53,506
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You ran into a bug introduced in 131.00stable and 140.00beta01 which changed the default nginx user uid/gid to 956 so <1000. Some commercial per user licensing software charge per user >1000 uid. But seems default pure-ftpd min UID that allows logging into is 1000 - hence your error and issue.

    I've updated 131.00stable and 140.00beta01 now with a fix so new installs use nginx with uid/gid = 1000 and you can apply the fix by running command = cmupdate and then run centmin.sh menu once and exit and it will auto apply the fix. You can verify the nginx uid/gid changed via command
    Code (Text):
    id nginx
    

    which will display
    Code (Text):
    id nginx
    uid=1000(nginx) gid=1000(nginx) groups=1000(nginx)
    
     
  3. ShaneVG

    ShaneVG New Member

    15
    1
    3
    Mar 2, 2022
    Ratings:
    +2
    Local Time:
    4:22 AM
    1.21.4
    Hi eva2000,

    Thanks for your reply! I have run this but still get the output below:

    Code:
    [13:09][root@tux.ictworkz.be centminmod]# cmupdate
    No local changes to save
    Already up-to-date.
    No local changes to save
    Already up-to-date.
    [13:10][root@tux.ictworkz.be centminmod]#
    [13:10][root@tux.ictworkz.be centminmod]# ./centmin.sh
    
    Failed to start rpcbind.service: Unit is masked.
    --------------------------------------------------------
         Centmin Mod Menu 130.00beta01 centminmod.com
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  MySQL User Database Management
    7).  Option Being Revised (TBA)
    8).  Option Being Revised (TBA)
    9).  Option Being Revised (TBA)
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: zstd,pigz,pbzip2,lbzip2
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Data Transfer (TBA)
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 24
    --------------------------------------------------------
    
     checking for YUM updates... please wait...
     no YUM updates available
    
    -------------------------------------------------------------
    * Current Nginx Version: 1.27.0 (270624-171728-centos7-kvm-f098366)
    * Latest Nginx Available: 1.27.0 (centminmod.com/nginxnews)
    -------------------------------------------------------------
    
    -------------------------------------------------------------
     Centmin Mod local code is up to date at /usr/local/src/centminmod
     no available updates at this time...
    -------------------------------------------------------------
    [13:10][root@tux.ictworkz.be centminmod]# id nginx
    uid=956(nginx) gid=956(nginx) groups=956(nginx)
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,506
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  5. ShaneVG

    ShaneVG New Member

    15
    1
    3
    Mar 2, 2022
    Ratings:
    +2
    Local Time:
    4:22 AM
    1.21.4
    Ooh my bad! I was looking on the wrong server for the version when creating this ticket.

    I updated to 140.00beta01 and ran your procedure again.

    Code:
    [13:37][root@tux.ictworkz.be centminmod]# id nginx
    uid=956(nginx) gid=956(nginx) groups=956(nginx)
    Do I have to update Nginx again myself? According to Centminmod I am using the latest version:

    * Current Nginx Version: 1.27.0 (270624-171728-centos7-kvm-f098366)
    * Latest Nginx Available: 1.27.0 (centminmod.com/nginxnews)


    Thank you in advance and my apologies for the misunderstanding.
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,506
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    run these commands
    Code (Text):
    cmupdate
    cmupdate update-beta
    cmdir
    centmin
    

    then exit the centmin menu and re-run
    Code (Text):
    id nginx


    Usually you do after switching branches but nginx 1.27.0 is latest version already so no
     
  7. ShaneVG

    ShaneVG New Member

    15
    1
    3
    Mar 2, 2022
    Ratings:
    +2
    Local Time:
    4:22 AM
    1.21.4
    Yes, I did that.
    Now again with the same result unfortunately:

    Code:
    [19:14][root@tux.ictworkz.be centminmod]# cmupdate
    No local changes to save
    Already up-to-date.
    No local changes to save
    Already up-to-date.
    [19:14][root@tux.ictworkz.be centminmod]# cmupdate update-beta
    No local changes to save
    Already up-to-date.
    Switching local code branch to 140.00beta01
    
    Cloning into 'centminmod'...
    remote: Enumerating objects: 850, done.
    remote: Counting objects: 100% (850/850), done.
    remote: Compressing objects: 100% (565/565), done.
    remote: Total 850 (delta 358), reused 587 (delta 262), pack-reused 0
    Receiving objects: 100% (850/850), 23.85 MiB | 21.28 MiB/s, done.
    Resolving deltas: 100% (358/358), done.
    
    Completed. Fresh /usr/local/src/centminmod code base in place
    To run centmin.sh again, you need to change into directory: /usr/local/src/centminmod
    cd /usr/local/src/centminmod
    
    [19:15][root@tux.ictworkz.be centminmod]# cmdir
    /usr/local/src/centminmod /usr/local/src/centminmod /usr/local/src/centminmod /usr/local/src/centminmod
    [19:15][root@tux.ictworkz.be centminmod]# centmin
    /usr/local/src/centminmod /usr/local/src/centminmod
    
    Failed to start rpcbind.service: Unit is masked.
    --------------------------------------------------------
         Centmin Mod Menu 140.00beta01 centminmod.com
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  MySQL User Database Management
    7).  Option Being Revised (TBA)
    8).  Option Being Revised (TBA)
    9).  Option Being Revised (TBA)
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: zstd,pigz,pbzip2,lbzip2
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Data Transfer (TBA)
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 24
    --------------------------------------------------------
    
     checking for YUM updates... please wait...
     no YUM updates available
    
    -------------------------------------------------------------
    * Current Nginx Version: 1.27.0 (270624-171728-centos7-kvm-f098366)
    * Latest Nginx Available: 1.27.0 (centminmod.com/nginxnews)
    -------------------------------------------------------------
    
    -------------------------------------------------------------
     Centmin Mod local code is up to date at /usr/local/src/centminmod
     no available updates at this time...
    -------------------------------------------------------------
    [19:15][root@tux.ictworkz.be centminmod]# id nginx
    uid=956(nginx) gid=956(nginx) groups=956(nginx)
    [19:16][root@tux.ictworkz.be centminmod]#
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,506
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Strange indeed. What output do you get if you run the underlying nginx uid/gid script manually on SSH command line
    Code (Text):
    bash -x /usr/local/src/centminmod/tools/switch_nginx_uid.sh
    

    This example output is where nginx uid/gid is already 1000
    Code (Text):
    bash -x /usr/local/src/centminmod/tools/switch_nginx_uid.sh
    + NGINX_UID=1000
    + NGINX_GID=1000
    + CURRENT_UID=956
    + CURRENT_GID=956
    + id_available 1000
    + getent passwd 1000
    + echo 'Error: UID/GID 1000 is already in use. Please choose a different UID/GID.'
    Error: UID/GID 1000 is already in use. Please choose a different UID/GID.
    + exit 1
    

    copy and paste your output and wrap in CODE/CODEB bbcore tags
     
  9. ShaneVG

    ShaneVG New Member

    15
    1
    3
    Mar 2, 2022
    Ratings:
    +2
    Local Time:
    4:22 AM
    1.21.4
    I get same output:

    Code (Text):
    [21:16][root@tux.ictworkz.be ~]# bash -x /usr/local/src/centminmod/tools/switch_nginx_uid.sh
    + NGINX_UID=1000
    + NGINX_GID=1000
    + CURRENT_UID=956
    + CURRENT_GID=956
    + id_available 1000
    + getent passwd 1000
    + echo 'Error: UID/GID 1000 is already in use. Please choose a different UID/GID.'
    Error: UID/GID 1000 is already in use. Please choose a different UID/GID.
    + exit 1


    But when i try FTP:

    Code (Text):
    Jul  5 21:23:08 220 pure-ftpd: (?@109.129.51.60) [INFO] New connection from 109.129.51.60
    Jul  5 21:23:08 220 pure-ftpd: (?@109.129.51.60) [INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES128-GCM-SHA256, 128 secret bits cipher
    Jul  5 21:23:08 220 pure-ftpd: (?@109.129.51.60) [WARNING] Can't login as [UCgpXJJfiFDMN6q]: account disabled (uid < 1000)
    Jul  5 21:23:10 220 pure-ftpd: (?@109.129.51.60) [INFO] Logout.
     
  10. eva2000

    eva2000 Administrator Staff Member

    53,506
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    try restarting pure-ftpd service
    Code (Text):
    systemctl restart pure-ftpd
    
     
  11. ShaneVG

    ShaneVG New Member

    15
    1
    3
    Mar 2, 2022
    Ratings:
    +2
    Local Time:
    4:22 AM
    1.21.4
    I recently restarted the entire server without any result, but now i have also restarted the
    pure-ftpd service with unfortunately the same result. I can't figure it out.

    Edit: now i see another extra error in pure-ftpd log:
    Code (Text):
    Jul  5 21:58:26 tux systemd: Can't open PID file /var/run/pure-ftpd.pid (yet?) after start: No such file or directory
    Jul  5 21:58:31 tux pure-ftpd: (?@109.129.51.60) [INFO] New connection from 109.129.51.60
    Jul  5 21:58:31 tux pure-ftpd: (?@109.129.51.60) [INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES128-GCM-SHA256, 128 secret bits cipher
    Jul  5 21:58:31 tux pure-ftpd: (?@109.129.51.60) [WARNING] Can't login as [UCgpXJJfiFDMN6q]: account disabled (uid < 1000)
    Jul  5 21:58:32 tux pure-ftpd: (?@109.129.51.60) [INFO] Logout.


    But that file exists:

    Code (Text):
    [22:03][root@tux.ictworkz.be ~]# tail -n 50 /var/run/pure-ftpd.pid
    2789


    Edit 2: Can't open PID.. is gone.. probably I was too fast after restarting the service, but unfortunately still the same error.
     
    Last edited: Jul 6, 2024
  12. eva2000

    eva2000 Administrator Staff Member

    53,506
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    what does output for below give
    Code (Text):
    id nginx
    

    is uid/gid = 1000 or = 956

    oh actually the bash -x out says uid = 1000 is already in use so it could be in use by a linux user other than nginx while still having nginx = 956

    what is output for
    Code (Text):
    id 1000
    

    if it returns a user other than nginx, edit /usr/local/src/centminmod/tools/switch_nginx_uid.sh and change
    Code (Text):
    NGINX_UID=1000
    NGINX_GID=1000

    to
    Code (Text):
    NGINX_UID=1003
    NGINX_GID=1003
    

    and re-run
    Code (Text):
    bash -x /usr/local/src/centminmod/tools/switch_nginx_uid.sh
     
  13. ShaneVG

    ShaneVG New Member

    15
    1
    3
    Mar 2, 2022
    Ratings:
    +2
    Local Time:
    4:22 AM
    1.21.4
    Code (Text):
    [22:10][root@tux.ictworkz.be ~]# id 1000
    uid=1000(svangeel) gid=1000(svangeel) groups=1000(svangeel)


    This is a user that I initially had to specify in the config wizard of the VPS setup.

    Code (Text):
    [22:12][root@tux.ictworkz.be ~]# bash -x /usr/local/src/centminmod/tools/switch_nginx_uid.sh
    + NGINX_UID=1003
    + NGINX_GID=1003
    + CURRENT_UID=956
    + CURRENT_GID=956
    + id_available 1003
    + getent passwd 1003
    + getent group 1003
    + service_exists nginx
    + systemctl list-units --type=service --all
    + grep -q nginx.service
    + echo 'Stopping nginx service...'
    Stopping nginx service...
    + systemctl stop nginx
    + user_exists nginx
    + id nginx
    ++ id -u nginx
    + OLD_NGINX_UID=956
    ++ id -g nginx
    + OLD_NGINX_GID=956
    + [[ 956 -eq 956 ]]
    + [[ 956 -eq 956 ]]
    + echo 'Changing UID and GID of nginx user to 1003...'
    Changing UID and GID of nginx user to 1003...
    + groupmod -g 1003 nginx
    + usermod -u 1003 -g 1003 nginx
    usermod: user nginx is currently used by process 3853
    + echo 'Updating ownership of files for nginx user...'
    Updating ownership of files for nginx user...
    + find / -user 956 '!' -path '/proc/*' -exec chown -h 1003:1003 '{}' ';'
    + find / -group 956 '!' -path '/proc/*' -exec chgrp -h 1003 '{}' ';'
    + chown -R 1003:1003 /home/nginx
    + service_exists nginx
    + systemctl list-units --type=service --all
    + grep -q nginx.service
    + echo 'Restarting nginx service...'
    Restarting nginx service...
    + systemctl start nginx
    + echo 'Verifying ownership of critical directories...'
    Verifying ownership of critical directories...
    + verify_ownership /home/nginx 1003 1003
    + local path=/home/nginx
    + local expected_uid=1003
    + local expected_gid=1003
    + local current_uid
    + local current_gid
    ++ stat -c %u /home/nginx
    + current_uid=1003
    ++ stat -c %g /home/nginx
    + current_gid=1003
    + [[ 1003 -eq 1003 ]]
    + [[ 1003 -eq 1003 ]]
    + echo 'Ownership of /home/nginx is correct: UID=1003, GID=1003'
    Ownership of /home/nginx is correct: UID=1003, GID=1003
    + echo
    
    + echo 'id nginx'
    id nginx
    + id nginx
    uid=956(nginx) gid=1003(nginx) groups=1003(nginx)
    [22:13][root@tux.ictworkz.be ~]# id nginx
    uid=956(nginx) gid=1003(nginx) groups=1003(nginx)
    [22:14][root@tux.ictworkz.be ~]# systemctl restart pure-ftpd


    Code (Text):
    Jul  5 22:16:43 tux pure-ftpd: (?@109.129.51.60) [INFO] New connection from 109.129.51.60
    Jul  5 22:16:43 tux pure-ftpd: (?@109.129.51.60) [INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES128-GCM-SHA256, 128 secret bits cipher
    Jul  5 22:16:44 tux pure-ftpd: (?@109.129.51.60) [WARNING] Can't login as [UCgpXJJfiFDMN6q]: account disabled (uid < 1000)
    Jul  5 22:16:44 tux pure-ftpd: (?@109.129.51.60) [INFO] Logout.
     
  14. eva2000

    eva2000 Administrator Staff Member

    53,506
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ah ha so yes, make the script manual changes for NGINX_UID and NGINX_GID from 1000 to 1002 or 1003 as desired and re-run script
    Code (Text):
    bash -x /usr/local/src/centminmod/tools/switch_nginx_uid.sh
    

    hmm might need to update the switch_nginx_uid.sh to account for web hosts or end users creating sudo users that might take up an uid
     
  15. ShaneVG

    ShaneVG New Member

    15
    1
    3
    Mar 2, 2022
    Ratings:
    +2
    Local Time:
    4:22 AM
    1.21.4
    Sorry, you lost me here, my English is not the best... how I understand it, should I replace '1000' with '1003' somewhere in the script? However, this value is no longer present as I have already changed NGINX_UID and NGINX_GID to '1003' in the script.

    Code (Text):
    ################################################################################
    # Desired UIDs and GIDs
    NGINX_UID=1003
    NGINX_GID=1003
    CURRENT_UID=956
    CURRENT_GID=956
    ################################################################################
     
  16. eva2000

    eva2000 Administrator Staff Member

    53,506
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    what is output for
    Code (Text):
    id nginx
     
  17. ShaneVG

    ShaneVG New Member

    15
    1
    3
    Mar 2, 2022
    Ratings:
    +2
    Local Time:
    4:22 AM
    1.21.4
    Code (Text):
    [22:57][root@tux.ictworkz.be ~]# id nginx
    uid=956(nginx) gid=1003(nginx) groups=1003(nginx)
     
  18. eva2000

    eva2000 Administrator Staff Member

    53,506
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Hmm you ended up partially updating gid but not uid.

    I updated /usr/local/src/centminmod/tools/switch_nginx_uid.sh to switch nginx uid/gid to 1068

    So run cmupdate to update script first
    Code (Text):
    cmupdate


    Edit /usr/local/src/centminmod/tools/switch_nginx_uid.sh variables to tell script to change uid/gid when uid = 956 and gid = 1003
    Code (Text):
    CURRENT_UID=956
    CURRENT_GID=1003
    

    Then run script
    Code (Text):
    bash -x /usr/local/src/centminmod/tools/switch_nginx_uid.sh

    It should change nginx, uid/gid to 1068
     
  19. ShaneVG

    ShaneVG New Member

    15
    1
    3
    Mar 2, 2022
    Ratings:
    +2
    Local Time:
    4:22 AM
    1.21.4
    Very strange, seems correct now. But pure-ftpd keeps giving the same error.

    Code (Text):
    [09:56][root@tux.ictworkz.be ~]# id nginx
    uid=1068(nginx) gid=1068(nginx) groups=1068(nginx)
    [09:56][root@tux.ictworkz.be ~]# systemctl restart pure-ftpd
    [09:57][root@tux.ictworkz.be ~]# grep pure-ftpd /var/log/messages | tail -4
    Jul  6 09:57:29 tux pure-ftpd: (?@109.129.51.60) [INFO] New connection from 109.129.51.60
    Jul  6 09:57:29 tux pure-ftpd: (?@109.129.51.60) [INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES128-GCM-SHA256, 128 secret bits cipher
    Jul  6 09:57:29 tux pure-ftpd: (?@109.129.51.60) [WARNING] Can't login as [UCgpXJJfiFDMN6q]: account disabled (uid < 1000)
    Jul  6 09:57:31 tux pure-ftpd: (?@109.129.51.60) [INFO] Logout.


    After a reboot the issue remains.
     
  20. eva2000

    eva2000 Administrator Staff Member

    53,506
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+