public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed
From: David Oppenheim <davido@optimation.com.au>
To: matthew patton <pattonme@yahoo.com>, cygwin@cygwin.com
Subject: Re: Difficult getting pure-ftpd to work under Cygwin on Windows 10, esp anonymous ftp
Date: Tue, 29 Jun 2021 16:35:19 +1000	[thread overview]
Message-ID: <20210629163519.Horde.O3Vak6UcOouDuGUHhEVU5Ko@optimation.com.au> (raw)
In-Reply-To: <518840083.2736043.1624925052846@mail.yahoo.com>

cygrunsrv is an EXCELLENT solution, thankyou.

So for those looking for a quick make-it-work, install pure-ftpd as a
service thus (from a bash you have started as "Run as Administrator") :

cygrunsrv --install pure-ftpd --path /usr/sbin/pure-ftpd --chdir /tmp
    --args "-l puredb:/full-path-to/pure-ftpd/pureftpd.pdb"

and then

cygrunsrv --start pure-ftpd

This solves the seteuid() limitation, so now the one server will work with
anonymous (but still needs "ftp" as a Windows user) and any other user in the
puredb passwd file.

````

Matthew, re the Windows privileges you suggest, sadly and according to  
Murphy's
law I did all this on my one and only Windows 10 Home Edition ... no  
group policy
editor :-(   I **could** try it on a Windows 10 Pro PC, or I could  
regedit I suppose,
but hey cygrunsrv works so thankyou.

Perhaps an ancillary issue is the cryptic way in some code paths pure-ftpd
gives the error "Unable to set up secure anonymous FTP", sometimes with, but
sometimes without, a syslog...  I needed to use gdb extensively to one by one
eliminate blockages and get anonymous to work.

Perhaps more importantly the recipe (cygrunsrv) would be great to have in
the man page of the Cygwin package, and certainly in the README.Windows
file of the source package.  I'll cross-post this to pure-ftpd.org

Thanks for your help !

----- Message from matthew patton <pattonme@yahoo.com> ---------
    Date: Tue, 29 Jun 2021 00:04:12 +0000 (UTC)
    From: matthew patton <pattonme@yahoo.com>
Subject: Re: Difficult getting pure-ftpd to work under Cygwin on  
Windows 10, esp anonymous ftp
      To: David Oppenheim <davido@optimation.com.au>


> and look at cygrunsrv --start <ftpd>
>     On Monday, June 28, 2021, 08:00:10 PM EDT, matthew patton  
> <pattonme@yahoo.com> wrote:
>
>  specifically
> SeAssignPrimaryTokenPrivilege
> SeCreateTokenPrivilege
> SeTcbPrivilege
> SeIncreaseQuotaPrivilege
> SeServiceLogonRight
>     On Monday, June 28, 2021, 07:58:41 PM EDT, matthew patton via  
> Cygwin <cygwin@cygwin.com> wrote:
>
>  have you tried applying the notable permissions from this to your  
> 'ftp' windows  
> user?https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment
>     On Monday, June 28, 2021, 06:48:18 PM EDT, David Oppenheim  
> <davido@optimation.com.au> wrote: 
>
>  I have debugged various obstacles getting logins to pure-ftpd to work under
> Cygwin on Windows 10 (Home edition 20H2 on this particular PC), especially
> getting anonymous ftp to login successfully. My pure-ftpd is version 1.0.46-1
> as downloaded by the Cygwin installer.
>
> There are problems with how it looks up username/password, with it calling
> seteuid(), and sometimes with pathnames for the user's home directory, and
> the user's shell. This is particularly fraught if you try to use 
> anonymous ftp.
>
> My solution is a simple recipe, albeit limited but fine for personal
> or small group use ... technical problem details after this recipe.
> I hope this helps anyone else trying to get it to work !
>
> --- recipe for setting up pure-ftpd on Cygwin
>
> Set up pure-ftp passwd file first with pure-pw -f filename.passwd
> then convert to puredb format with    pure-pw mkdb filename.pdb -f 
> filename.passwd
>
> Note that sometimes pure-pw and/or pure-ftpd imply a /etc prefix for 
> the filename,
> seems that's overridden if you use an absolute pathname.
>
> Run pure-ftpd as you. From the ftp client login as you with the
> puredb file password not the Windows password.
>
> Your starting directory once logged in will be the homne directory as set up
> in the puredb entry for your username ... probably /home/yourloginname
> (as viewed from inside Cygwin).
>
> --- end recipe
>
> Re anonymous login ...
>
> Internally pure-ftpd translates "anonymous" to "ftp"
>
> Anonymous login is not checked in the -l puredb file, it does
> a getpwnam() call, so "ftp" ** must ** be a user in Windows
>
> Needs /home/ftp (pathname from inside Cygwin) and perhaps
> ~/home/ftp for user running pure-ftpd
>
> For any ftp login, if the ftp username is not the same as the Windows
> user running pure-ftpd, pure-ftpd fails on seteuid() ... see Windows
> event logger (or Cygwin syslog if that's installed), the ftp client
> sees "Unable to set up secure anonymous FTP"
>
> This happens even if running pure-ftpd from Explorer by
> "Run as Administrator"
>
> So for anonymous login you have to run pure-ftpd as Windows user ftp
>
> More generally, because of that seteuid issue, if you want to
> ftp login as uuu then you need to run pure-ftpd as Windows user uuu ...
> although having uuu in a pure-pw database permits the password to
> be different from the Windows login password.
>
> Nb: if you run pure-ftpd directly from Explorer (incl "Run as Administrator")
> the place it looks for the home directory may be ./ or the Windows user's
> home (C:\Users\uuu) and I have also seen failures setting user shell
> because it's looking for e.g. /bin/bash somewhere else.
>
>
>
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:    https://cygwin.com/ml/#unsubscribe-simple
>  
>
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:    https://cygwin.com/ml/#unsubscribe-simple


----- End message from matthew patton <pattonme@yahoo.com> -----




      parent reply	other threads:[~2021-06-29  6:35 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-28 22:47 David Oppenheim
2021-06-28 23:57 ` matthew patton
     [not found]   ` <1598452124.530169.1624924810774@mail.yahoo.com>
     [not found]     ` <518840083.2736043.1624925052846@mail.yahoo.com>
2021-06-29  6:35       ` David Oppenheim [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210629163519.Horde.O3Vak6UcOouDuGUHhEVU5Ko@optimation.com.au \
    --to=davido@optimation.com.au \
    --cc=cygwin@cygwin.com \
    --cc=pattonme@yahoo.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).