Mail Archives: cygwin/2021/06/29/02:36:15

David Oppenheim <davido AT optimation DOT com DOT au> · Tue, 29 Jun 2021 16:35:19 +1000

cygrunsrv is an EXCELLENT solution, thankyou.

So for those looking for a quick make-it-work, install pure-ftpd as a
service thus (from a bash you have started as "Run as Administrator") :

cygrunsrv --install pure-ftpd --path /usr/sbin/pure-ftpd --chdir /tmp
    --args "-l puredb:/full-path-to/pure-ftpd/pureftpd.pdb"

and then

cygrunsrv --start pure-ftpd

This solves the seteuid() limitation, so now the one server will work with
anonymous (but still needs "ftp" as a Windows user) and any other user in the
puredb passwd file.

````

Matthew, re the Windows privileges you suggest, sadly and according to  
Murphy's
law I did all this on my one and only Windows 10 Home Edition ... no  
group policy
editor :-(   I **could** try it on a Windows 10 Pro PC, or I could  
regedit I suppose,
but hey cygrunsrv works so thankyou.

Perhaps an ancillary issue is the cryptic way in some code paths pure-ftpd
gives the error "Unable to set up secure anonymous FTP", sometimes with, but
sometimes without, a syslog...  I needed to use gdb extensively to one by one
eliminate blockages and get anonymous to work.

Perhaps more importantly the recipe (cygrunsrv) would be great to have in
the man page of the Cygwin package, and certainly in the README.Windows
file of the source package.  I'll cross-post this to pure-ftpd.org

Thanks for your help !

----- Message from matthew patton <pattonme AT yahoo DOT com> ---------
    Date: Tue, 29 Jun 2021 00:04:12 +0000 (UTC)
    From: matthew patton <pattonme AT yahoo DOT com>
Subject: Re: Difficult getting pure-ftpd to work under Cygwin on  
Windows 10, esp anonymous ftp
      To: David Oppenheim <davido AT optimation DOT com DOT au>

> and look at cygrunsrv --start <ftpd>
>     On Monday, June 28, 2021, 08:00:10 PM EDT, matthew patton  
> <pattonme AT yahoo DOT com> wrote:
>
>  specifically
> SeAssignPrimaryTokenPrivilege
> SeCreateTokenPrivilege
> SeTcbPrivilege
> SeIncreaseQuotaPrivilege
> SeServiceLogonRight
>     On Monday, June 28, 2021, 07:58:41 PM EDT, matthew patton via  
> Cygwin <cygwin AT cygwin DOT com> wrote:
>
>  have you tried applying the notable permissions from this to your  
> 'ftp' windows  
> user?https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment
>     On Monday, June 28, 2021, 06:48:18 PM EDT, David Oppenheim  
> <davido AT optimation DOT com DOT au> wrote: 
>
>  I have debugged various obstacles getting logins to pure-ftpd to work under
> Cygwin on Windows 10 (Home edition 20H2 on this particular PC), especially
> getting anonymous ftp to login successfully. My pure-ftpd is version 1.0.46-1
> as downloaded by the Cygwin installer.
>
> There are problems with how it looks up username/password, with it calling
> seteuid(), and sometimes with pathnames for the user's home directory, and
> the user's shell. This is particularly fraught if you try to use 
> anonymous ftp.
>
> My solution is a simple recipe, albeit limited but fine for personal
> or small group use ... technical problem details after this recipe.
> I hope this helps anyone else trying to get it to work !
>
> --- recipe for setting up pure-ftpd on Cygwin
>
> Set up pure-ftp passwd file first with pure-pw -f filename.passwd
> then convert to puredb format with    pure-pw mkdb filename.pdb -f 
> filename.passwd
>
> Note that sometimes pure-pw and/or pure-ftpd imply a /etc prefix for 
> the filename,
> seems that's overridden if you use an absolute pathname.
>
> Run pure-ftpd as you. From the ftp client login as you with the
> puredb file password not the Windows password.
>
> Your starting directory once logged in will be the homne directory as set up
> in the puredb entry for your username ... probably /home/yourloginname
> (as viewed from inside Cygwin).
>
> --- end recipe
>
> Re anonymous login ...
>
> Internally pure-ftpd translates "anonymous" to "ftp"
>
> Anonymous login is not checked in the -l puredb file, it does
> a getpwnam() call, so "ftp" ** must ** be a user in Windows
>
> Needs /home/ftp (pathname from inside Cygwin) and perhaps
> ~/home/ftp for user running pure-ftpd
>
> For any ftp login, if the ftp username is not the same as the Windows
> user running pure-ftpd, pure-ftpd fails on seteuid() ... see Windows
> event logger (or Cygwin syslog if that's installed), the ftp client
> sees "Unable to set up secure anonymous FTP"
>
> This happens even if running pure-ftpd from Explorer by
> "Run as Administrator"
>
> So for anonymous login you have to run pure-ftpd as Windows user ftp
>
> More generally, because of that seteuid issue, if you want to
> ftp login as uuu then you need to run pure-ftpd as Windows user uuu ...
> although having uuu in a pure-pw database permits the password to
> be different from the Windows login password.
>
> Nb: if you run pure-ftpd directly from Explorer (incl "Run as Administrator")
> the place it looks for the home directory may be ./ or the Windows user's
> home (C:\Users\uuu) and I have also seen failures setting user shell
> because it's looking for e.g. /bin/bash somewhere else.
>
>
>
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:    https://cygwin.com/ml/#unsubscribe-simple
>  
>
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:    https://cygwin.com/ml/#unsubscribe-simple

----- End message from matthew patton <pattonme AT yahoo DOT com> -----

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.1 sourceware.org 0E06C388A409
Authentication-Results:	sourceware.org; dmarc=none (p=none dis=none)
	header.from=optimation.com.au
Authentication-Results:	sourceware.org;
	spf=pass smtp.mailfrom=optimation.com.au
X-Sender-Id:	netregistryptyltd\|x-authuser\|davido AT optimation DOT com DOT au
X-Sender-Id:	netregistryptyltd\|x-authuser\|davido AT optimation DOT com DOT au
X-MC-Relay:	Neutral
X-MailChannels-SenderId:	netregistryptyltd\|x-authuser\|davido AT optimation DOT com DOT au
X-MailChannels-Auth-Id:	netregistryptyltd
X-Lyrical-Drop:	1d80d52303ec1f15_1624948526834_979944183
X-MC-Loop-Signature:	1624948526834:926031915
X-MC-Ingress-Time:	1624948526833
Date:	Tue, 29 Jun 2021 16:35:19 +1000
Message-ID:	<20210629163519.Horde.O3Vak6UcOouDuGUHhEVU5Ko@optimation.com.au>
From:	David Oppenheim <davido AT optimation DOT com DOT au>
To:	matthew patton <pattonme AT yahoo DOT com>, cygwin AT cygwin DOT com
Subject:	Re: Difficult getting pure-ftpd to work under Cygwin on Windows 10,
	esp anonymous ftp
References:	<20210629084746 DOT Horde DOT EOaX4JftYZgseWRQhFJQPhx AT optimation DOT com DOT au>
	<1714177064 DOT 2738894 DOT 1624924661209 AT mail DOT yahoo DOT com>
	<1598452124 DOT 530169 DOT 1624924810774 AT mail DOT yahoo DOT com>
	<518840083 DOT 2736043 DOT 1624925052846 AT mail DOT yahoo DOT com>
In-Reply-To:	<518840083.2736043.1624925052846@mail.yahoo.com>
User-Agent:	Horde Application Framework 5
MIME-Version:	1.0
X-AuthUser:	davido AT optimation DOT com DOT au
X-Spam-Status:	No, score=1.6 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
	RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,
	RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS,
	TXREP autolearn=no autolearn_force=no version=3.4.2
X-Spam-Level:	*
X-Spam-Checker-Version:	SpamAssassin 3.4.2 (2018-09-13) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 15T6aE02022159

webmaster	delorie software privacy
Copyright � 2019 by DJ Delorie	Updated Jul 2019