Difficult getting pure-ftpd to work under Cygwin on Windows 10, esp anonymous ftp

Difficult getting pure-ftpd to work under Cygwin on Windows 10, esp anonymous ftp

[David Oppenheim]

I have debugged various obstacles getting logins to pure-ftpd to work under
Cygwin on Windows 10 (Home edition 20H2 on this particular PC), especially
getting anonymous ftp to login successfully. My pure-ftpd is version 1.0.46-1
as downloaded by the Cygwin installer.

There are problems with how it looks up username/password, with it calling
seteuid(), and sometimes with pathnames for the user's home directory, and
the user's shell. This is particularly fraught if you try to use  
anonymous ftp.

My solution is a simple recipe, albeit limited but fine for personal
or small group use ... technical problem details after this recipe.
I hope this helps anyone else trying to get it to work !

--- recipe for setting up pure-ftpd on Cygwin

Set up pure-ftp passwd file first with pure-pw -f filename.passwd
then convert to puredb format with     pure-pw mkdb filename.pdb -f  
filename.passwd

Note that sometimes pure-pw and/or pure-ftpd imply a /etc prefix for  
the filename,
seems that's overridden if you use an absolute pathname.

Run pure-ftpd as you. From the ftp client login as you with the
puredb file password not the Windows password.

Your starting directory once logged in will be the homne directory as set up
in the puredb entry for your username ... probably /home/yourloginname
(as viewed from inside Cygwin).

--- end recipe

Re anonymous login ...

Internally pure-ftpd translates "anonymous" to "ftp"

Anonymous login is not checked in the -l puredb file, it does
a getpwnam() call, so "ftp" ** must ** be a user in Windows

Needs /home/ftp (pathname from inside Cygwin) and perhaps
~/home/ftp for user running pure-ftpd

For any ftp login, if the ftp username is not the same as the Windows
user running pure-ftpd, pure-ftpd fails on seteuid() ... see Windows
event logger (or Cygwin syslog if that's installed), the ftp client
sees "Unable to set up secure anonymous FTP"

This happens even if running pure-ftpd from Explorer by
"Run as Administrator"

So for anonymous login you have to run pure-ftpd as Windows user ftp

More generally, because of that seteuid issue, if you want to
ftp login as uuu then you need to run pure-ftpd as Windows user uuu ...
although having uuu in a pure-pw database permits the password to
be different from the Windows login password.

Nb: if you run pure-ftpd directly from Explorer (incl "Run as Administrator")
the place it looks for the home directory may be ./ or the Windows user's
home (C:\Users\uuu) and I have also seen failures setting user shell
because it's looking for e.g. /bin/bash somewhere else.

Re: Difficult getting pure-ftpd to work under Cygwin on Windows 10, esp anonymous ftp

[matthew patton]

have you tried applying the notable permissions from this to your 'ftp' windows user?https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment
    On Monday, June 28, 2021, 06:48:18 PM EDT, David Oppenheim <davido@optimation.com.au> wrote:  
 
 I have debugged various obstacles getting logins to pure-ftpd to work under
Cygwin on Windows 10 (Home edition 20H2 on this particular PC), especially
getting anonymous ftp to login successfully. My pure-ftpd is version 1.0.46-1
as downloaded by the Cygwin installer.

There are problems with how it looks up username/password, with it calling
seteuid(), and sometimes with pathnames for the user's home directory, and
the user's shell. This is particularly fraught if you try to use  
anonymous ftp.

My solution is a simple recipe, albeit limited but fine for personal
or small group use ... technical problem details after this recipe.
I hope this helps anyone else trying to get it to work !

--- recipe for setting up pure-ftpd on Cygwin

Set up pure-ftp passwd file first with pure-pw -f filename.passwd
then convert to puredb format with    pure-pw mkdb filename.pdb -f  
filename.passwd

Note that sometimes pure-pw and/or pure-ftpd imply a /etc prefix for  
the filename,
seems that's overridden if you use an absolute pathname.

Run pure-ftpd as you. From the ftp client login as you with the
puredb file password not the Windows password.

Your starting directory once logged in will be the homne directory as set up
in the puredb entry for your username ... probably /home/yourloginname
(as viewed from inside Cygwin).

--- end recipe

Re anonymous login ...

Internally pure-ftpd translates "anonymous" to "ftp"

Anonymous login is not checked in the -l puredb file, it does
a getpwnam() call, so "ftp" ** must ** be a user in Windows

Needs /home/ftp (pathname from inside Cygwin) and perhaps
~/home/ftp for user running pure-ftpd

For any ftp login, if the ftp username is not the same as the Windows
user running pure-ftpd, pure-ftpd fails on seteuid() ... see Windows
event logger (or Cygwin syslog if that's installed), the ftp client
sees "Unable to set up secure anonymous FTP"

This happens even if running pure-ftpd from Explorer by
"Run as Administrator"

So for anonymous login you have to run pure-ftpd as Windows user ftp

More generally, because of that seteuid issue, if you want to
ftp login as uuu then you need to run pure-ftpd as Windows user uuu ...
although having uuu in a pure-pw database permits the password to
be different from the Windows login password.

Nb: if you run pure-ftpd directly from Explorer (incl "Run as Administrator")
the place it looks for the home directory may be ./ or the Windows user's
home (C:\Users\uuu) and I have also seen failures setting user shell
because it's looking for e.g. /bin/bash somewhere else.



-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:    https://cygwin.com/ml/#unsubscribe-simple
  

Re: Difficult getting pure-ftpd to work under Cygwin on Windows 10, esp anonymous ftp

[David Oppenheim]

cygrunsrv is an EXCELLENT solution, thankyou.

So for those looking for a quick make-it-work, install pure-ftpd as a
service thus (from a bash you have started as "Run as Administrator") :

cygrunsrv --install pure-ftpd --path /usr/sbin/pure-ftpd --chdir /tmp
    --args "-l puredb:/full-path-to/pure-ftpd/pureftpd.pdb"

and then

cygrunsrv --start pure-ftpd

This solves the seteuid() limitation, so now the one server will work with
anonymous (but still needs "ftp" as a Windows user) and any other user in the
puredb passwd file.

````

Matthew, re the Windows privileges you suggest, sadly and according to  
Murphy's
law I did all this on my one and only Windows 10 Home Edition ... no  
group policy
editor :-(   I **could** try it on a Windows 10 Pro PC, or I could  
regedit I suppose,
but hey cygrunsrv works so thankyou.

Perhaps an ancillary issue is the cryptic way in some code paths pure-ftpd
gives the error "Unable to set up secure anonymous FTP", sometimes with, but
sometimes without, a syslog...  I needed to use gdb extensively to one by one
eliminate blockages and get anonymous to work.

Perhaps more importantly the recipe (cygrunsrv) would be great to have in
the man page of the Cygwin package, and certainly in the README.Windows
file of the source package.  I'll cross-post this to pure-ftpd.org

Thanks for your help !

----- Message from matthew patton <pattonme@yahoo.com> ---------
    Date: Tue, 29 Jun 2021 00:04:12 +0000 (UTC)
    From: matthew patton <pattonme@yahoo.com>
Subject: Re: Difficult getting pure-ftpd to work under Cygwin on  
Windows 10, esp anonymous ftp
      To: David Oppenheim <davido@optimation.com.au>


> and look at cygrunsrv --start <ftpd>
>     On Monday, June 28, 2021, 08:00:10 PM EDT, matthew patton  
> <pattonme@yahoo.com> wrote:
>
>  specifically
> SeAssignPrimaryTokenPrivilege
> SeCreateTokenPrivilege
> SeTcbPrivilege
> SeIncreaseQuotaPrivilege
> SeServiceLogonRight
>     On Monday, June 28, 2021, 07:58:41 PM EDT, matthew patton via  
> Cygwin <cygwin@cygwin.com> wrote:
>
>  have you tried applying the notable permissions from this to your  
> 'ftp' windows  
> user?https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment
>     On Monday, June 28, 2021, 06:48:18 PM EDT, David Oppenheim  
> <davido@optimation.com.au> wrote: 
>
>  I have debugged various obstacles getting logins to pure-ftpd to work under
> Cygwin on Windows 10 (Home edition 20H2 on this particular PC), especially
> getting anonymous ftp to login successfully. My pure-ftpd is version 1.0.46-1
> as downloaded by the Cygwin installer.
>
> There are problems with how it looks up username/password, with it calling
> seteuid(), and sometimes with pathnames for the user's home directory, and
> the user's shell. This is particularly fraught if you try to use 
> anonymous ftp.
>
> My solution is a simple recipe, albeit limited but fine for personal
> or small group use ... technical problem details after this recipe.
> I hope this helps anyone else trying to get it to work !
>
> --- recipe for setting up pure-ftpd on Cygwin
>
> Set up pure-ftp passwd file first with pure-pw -f filename.passwd
> then convert to puredb format with    pure-pw mkdb filename.pdb -f 
> filename.passwd
>
> Note that sometimes pure-pw and/or pure-ftpd imply a /etc prefix for 
> the filename,
> seems that's overridden if you use an absolute pathname.
>
> Run pure-ftpd as you. From the ftp client login as you with the
> puredb file password not the Windows password.
>
> Your starting directory once logged in will be the homne directory as set up
> in the puredb entry for your username ... probably /home/yourloginname
> (as viewed from inside Cygwin).
>
> --- end recipe
>
> Re anonymous login ...
>
> Internally pure-ftpd translates "anonymous" to "ftp"
>
> Anonymous login is not checked in the -l puredb file, it does
> a getpwnam() call, so "ftp" ** must ** be a user in Windows
>
> Needs /home/ftp (pathname from inside Cygwin) and perhaps
> ~/home/ftp for user running pure-ftpd
>
> For any ftp login, if the ftp username is not the same as the Windows
> user running pure-ftpd, pure-ftpd fails on seteuid() ... see Windows
> event logger (or Cygwin syslog if that's installed), the ftp client
> sees "Unable to set up secure anonymous FTP"
>
> This happens even if running pure-ftpd from Explorer by
> "Run as Administrator"
>
> So for anonymous login you have to run pure-ftpd as Windows user ftp
>
> More generally, because of that seteuid issue, if you want to
> ftp login as uuu then you need to run pure-ftpd as Windows user uuu ...
> although having uuu in a pure-pw database permits the password to
> be different from the Windows login password.
>
> Nb: if you run pure-ftpd directly from Explorer (incl "Run as Administrator")
> the place it looks for the home directory may be ./ or the Windows user's
> home (C:\Users\uuu) and I have also seen failures setting user shell
> because it's looking for e.g. /bin/bash somewhere else.
>
>
>
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:    https://cygwin.com/ml/#unsubscribe-simple
>  
>
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:    https://cygwin.com/ml/#unsubscribe-simple


----- End message from matthew patton <pattonme@yahoo.com> -----