proftpd: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.

R

rbweb

New Member
Hallo Liebe Serversupportgemeinde,

habe bald keine Haare mehr auf dem Kopf.

Mein Root-Server:

CentOS 5.5 mit Plesk 9.3 inkl. psa-proftpd 1.3.1

spuckt folgende Fehlermeldung in meine /var/log/secure

Code: 
Jan  6 13:02:48 srv02 proftpd: Deprecated pam_stack module called from service "proftpd"
Jan  6 13:02:48 srv02 last message repeated 2 times
Jan  6 13:02:48 srv02 proftpd: pam_unix(proftpd:session): session opened for user ftp1 by (uid=0)
Jan  6 13:02:48 srv02 proftpd: Deprecated pam_stack module called from service "proftpd"
Jan  6 13:02:48 srv02 proftpd[14355]: srv02.xxxx.net (xx.22.xx.163[xx.22.xx.163]) - USER ftp1: Login successful. 
Jan  6 13:02:48 srv02 proftpd[14355]: srv02.xxxx.net (xx.22.xx.163[xx.22.xx.163]) - Preparing to chroot to directory '/var/www/vhosts/xxxxx.de/web_users/ftp1' 
Jan  6 13:02:48 srv02 proftpd: Deprecated pam_stack module called from service "proftpd"
Jan  6 13:02:48 srv02 proftpd: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
Jan  6 13:02:48 srv02 proftpd: Deprecated pam_stack module called from service "proftpd"
Jan  6 13:02:48 srv02 proftpd: pam_succeed_if(proftpd:session): error retrieving information about user 0
Jan  6 13:02:48 srv02 proftpd: pam_unix(proftpd:session): session closed for user ftp1
Jan  6 13:02:48 srv02 proftpd[14355]: srv02.xxxx.net (xx.22.xx.163[xx.22.xx.163]) - FTP session closed. 
Jan  6 13:02:49 srv02 proftpd: Deprecated pam_stack module called from service "proftpd"

/etc/security/pam_env.conf ist vorhanden mit 644

Hier ein Auszug aus der Datei

Code: 
# $Date: 2005/08/16 12:27:42 $
# $Author: kukuk $
# $Id: pam_env.conf,v 1.1 2005/08/16 12:27:42 kukuk Exp $
#
# This is the configuration file for pam_env, a PAM module to load in 
# a configurable list of environment variables for a 
# 
# The original idea for this came from Andrew G. Morgan ...
#<quote>
#   Mmm. Perhaps you might like to write a pam_env module that reads a
#   default environment from a file? I can see that as REALLY
#   useful... Note it would be an "auth" module that returns PAM_IGNORE
#   for the auth part and sets the environment returning PAM_SUCCESS in
#   the setcred function...
#</quote>
#
# What I wanted was the REMOTEHOST variable set, purely for selfish
# reasons, and AGM didn't want it added to the SimpleApps login
# program (which is where I added the patch). So, my first concern is
# that variable, from there there are numerous others that might/would
# be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER .....
#
# Of course, these are a different kind of variable than REMOTEHOST in
# that they are things that are likely to be configured by
# administrators rather than set by logging in, how to treat them both
# in the same config file?
#
# Here is my idea: 
#
# Each line starts with the variable name, there are then two possible
# options for each variable DEFAULT and OVERRIDE. 
# DEFAULT allows and administrator to set the value of the
# variable  to some default value, if none is supplied then the empty
# string is assumed. The OVERRIDE option tells pam_env that it should
# enter in its value (overriding the default value) if there is one
# to use. OVERRIDE is not used, "" is assumed and no override will be
# done. 
#
# VARIABLE   [DEFAULT=[value]]  [OVERRIDE=[value]]
#
# (Possibly non-existent) environment variables may be used in values
# using the ${string} syntax and (possibly non-existent) PAM_ITEMs may
# be used in values using the @{string} syntax. Both the $ and @
# characters can be backslash escaped to be used as literal values
# values can be delimited with "", escaped " not supported.
# Note that many environment variables that you would like to use
# may not be set by the time the module is called.
# For example, HOME is used below several times, but 
# many PAM applications don't make it available by the time you need it.
#
#
# First, some special variables
#
# Set the REMOTEHOST variable for any hosts that are remote, default
# to "localhost" rather than not being set at all
#REMOTEHOST	DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
#
# Set the DISPLAY variable if it seems reasonable 
#DISPLAY		DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
#
#
#  Now some simple variables
#
#PAGER		DEFAULT=less
#MANPAGER	DEFAULT=less
#LESS		DEFAULT="M q e h15 z23 b80"
#NNTPSERVER	DEFAULT=localhost
#PATH		DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
#:/usr/bin:/usr/local/bin/X11:/usr/bin/X11
#
# silly examples of escaped variables, just to show how they work.
#
#DOLLAR		DEFAULT=\$
#DOLLARDOLLAR	DEFAULT=	OVERRIDE=\$${DOLLAR}
#DOLLARPLUS	DEFAULT=\${REMOTEHOST}${REMOTEHOST}
#ATSIGN		DEFAULT=""	OVERRIDE=\@

Und ein Auszug aus meiner /etc/pam.d/proftpd

Code: 
#%PAM-1.0
auth       required	pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       required	pam_stack.so service=system-auth
auth       required	pam_shells.so
account    required	pam_stack.so service=system-auth
session    required	pam_stack.so service=system-auth

Habe hier schon alle möglichen Lösungsvorschläge ausprobiert, jedoch hat keiner eine Abhilfe gebracht.

Ich gehe mal davon aus das jemand das gleiche Problem schon einmal vor Augen hatte, da es ja allgemein bekannt ist wenn ich googleator anwerfe.

Vieleicht kann mir hier einer einen Lösungsvorschlag machen.

Vielen Dank im voraus.

MFG
rbweb
 
Die Lösung von Parallels:

Sehr geehrter Herr xxx,

wir haben folgende Nachricht vom Parallels Support erhalten:

> For stopping these messages just comment out this line:
>
> session required pam_stack.so service=system-auth
>
> in file /etc/pam.d/proftpd
>
> 'Session' management group type means that subsequent module is
> associated with doing things that need to be done for the user
> before/after they can be given service. Such things include the
> logging of information concerning the opening/closing of some data exchange with a user, mounting directories, etc.
>
> So this line:
>
> session required pam_stack.so service=system-auth
>
> passes session management to pam_stack module. From manual page for pam_stack:
>
>
> ======
>
> In a nutshell, pam_stack lets you "call", from inside of the stack for
> a particular service, the stack defined for any another service. The
> intention is to allow multiple services to "include" a system-wide
> setup, so that when that setup needs to be changed, it need only be changed in one place.
>
>
> ======
>
> In short, this line in /etc/pam.d/proftpd is equivalent to 4 lines
> from
> /etc/pam.d/system-auth:
>
> session optional pam_keyinit.so revoke session required pam_limits.so
> session [success=1 default=ignore] pam_succeed_if.so service in crond
> quiet use_uid session required pam_unix.so
>
> You can find description of these pam modules in 'The Linux-PAM System
> Administrators'
> Guide'http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html
> /Linux-PAM_SAG.html.

Sie können die Meldungen wie beschrieben ausschalten, sofern Sie dies wünschen.
 
You must log in or register to reply here.
Back
Top