- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2016 05:27 PM
Hi,
The behaviour of native FTP server in Prime Infrastructure 3.1 is changed where it no longer allows "Delete" or even "LIST" command. These commands worked in the old 2.2 version. On upgrading it to 3.0 and finally 3.1, the commands no longer work.
PRIME/admin# show ver Cisco Application Deployment Engine OS Release: 3.1 ADE-OS Build Version: 3.1.0.001 ADE-OS System Architecture: x86_64 Copyright (c) 2009-2016 by Cisco Systems, Inc. All rights reserved. Hostname: PRIME Version information of installed applications --------------------------------------------- Cisco Prime Infrastructure ******************************************************** Version : 3.1.0 Build : 3.1.0.0.132 PRIME/admin# ncs password ftpuser ftp-user passwordUpdating FTP password Saving FTP account password in credential store Synching FTP account passwd to database store - location-ftp-user Synching FTP account password to system store Completed FTP password update PRIME/admin# !!!! FileZilla FTP Client Status !!!! Directory listing fails 09:16:25 Status: Disconnected from server 09:16:25 Status: Connecting to 10.1.2.102:21... 09:16:25 Status: Connection established, waiting for welcome message... 09:16:25 Status: Insecure server, it does not support FTP over TLS. 09:16:25 Status: Logged in 09:16:25 Status: Retrieving directory listing... 09:16:25 Command: PWD 09:16:25 Response: 257 "/" 09:16:25 Command: TYPE I 09:16:25 Response: 200 Switching to Binary mode. 09:16:25 Command: PASV 09:16:25 Response: 227 Entering Passive Mode (10,1,2,102,39,40). 09:16:25 Command: LIST 09:16:25 Response: 550 Permission denied. 09:16:25 Error: Failed to retrieve directory listing !!!! Upload to CPI successful 09:40:33 Status: Starting upload of C:\ftproot\prime\testfile 09:40:33 Status: Retrieving directory listing of "/"... 09:40:36 Status: File transfer successful, transferred 14,900,689 bytes in 1 second
!!!! The file can be seen in Prime "dir disk:/ftp"
Thanks,
Rick.
Solved! Go to Solution.
- Labels:
-
Network Management
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2016 05:43 AM
Prime Infrastructure 3.1 is configured to filter commands.
/etc/vsftpd/vsftpd.conf or /etc/vsftpd/vsftpd6.conf
#prime custom settings
ftpd_banner=Prime FTP service
dirlist_enable=NO
chroot_local_user=YES
anonymous_enable=NO
tcp_wrappers=YES
pasv_enable=YES
pasv_min_port=10022
pasv_max_port=10041
file_open_mode=0660
cmds_denied=DELE,RMD,LIST
userlist_enable=YES
userlist_deny=NO
listen=YES
listen_ipv6=NO
max_per_ip=3
max_clients=20
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2016 01:17 AM
Hi Anweb,
Use "sudo" to get root privileges. Here is what I did.
PRIME/admin# shell
ade # sudo vi /etc/vsftpd/vsftpd.conf
dirlist_enable=YES
cmds_denied=RMD
ade # sudo service vsftpd restart
Regards,
Rick.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2016 05:43 AM
Prime Infrastructure 3.1 is configured to filter commands.
/etc/vsftpd/vsftpd.conf or /etc/vsftpd/vsftpd6.conf
#prime custom settings
ftpd_banner=Prime FTP service
dirlist_enable=NO
chroot_local_user=YES
anonymous_enable=NO
tcp_wrappers=YES
pasv_enable=YES
pasv_min_port=10022
pasv_max_port=10041
file_open_mode=0660
cmds_denied=DELE,RMD,LIST
userlist_enable=YES
userlist_deny=NO
listen=YES
listen_ipv6=NO
max_per_ip=3
max_clients=20
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2016 05:33 PM
Thanks Olivier,
Troubleshooting through the issue at that time, I found the same and simply allowed the required access as I needed these ftp commands. Restarted the vsftpd deamon and all good then. Not sure why Cisco changed the behaviour, and there does not seem to be any docu on this change.
Regards,
Rick.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2016 06:40 AM
I had a TAC case open a few days ago for Prime and the TAC engineer had me do a
shell
<password>
sudo -s
to switch into root mode.
FYI
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2016 01:04 AM
As this files are owned by user root ... and only changeable through root
ade # ls -la
total 36
drwxr-xr-x. 2 root root 4096 May 12 14:13 .
drwxr-xr-x. 76 root root 4096 Jun 2 03:32 ..
-rw-------. 1 root root 125 Mar 10 17:04 ftpusers
-rw-r--r--. 1 root root 291 May 12 14:13 user_list
-rw-------. 1 root root 4924 May 12 14:13 vsftpd.conf
-rw-r--r--. 1 root root 4923 May 12 14:13 vsftpd6.conf
-rwxr--r--. 1 root root 338 Mar 10 17:04 vsftpd_conf_migrate.sh
how did you get root access ?
i didn't find any way to log in as root on cli ..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2016 01:17 AM
Hi Anweb,
Use "sudo" to get root privileges. Here is what I did.
PRIME/admin# shell
ade # sudo vi /etc/vsftpd/vsftpd.conf
dirlist_enable=YES
cmds_denied=RMD
ade # sudo service vsftpd restart
Regards,
Rick.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2016 04:30 AM
Hi Rick,
Thanks, works fine now !
Regards
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2017 10:44 PM
Hi Rick,
Please how can i got out from sudo after paste these commands
dirlist_enable=YES
cmds_denied=RMD
i got stucked
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2017 12:08 AM
When finished editing, Press "Esc" button to go out of editing mode, Type :wq to save and quit the editor.
Regards,
Rick.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2017 07:14 PM
Hi,
I've tried type "wq" after I pressed "ESC" button it didn't exit from the editor and it didn't go back to "ade #" as expected. Is this another bug? Now I have another same file with the ending .swp file. If I hit enter it goes back into the original file (with the 2 options mentioned not changed)
How do I save the file and exit from here onward?
I ssh into Prime remotely, could that be the cause?
How do I delete the .swp file? or I can leave it there?
warning I received when I login the second time
E325: ATTENTION
Found a swap file by the name "/etc/vsftpd/.vsftpd.conf.swp"
owned by: root dated: Tue Mar 21 01:46:54 2017
file name: /etc/vsftpd/vsftpd.conf
modified: YES
user name: root host name: GBCDCPI01
process ID: 9953
While opening file "/etc/vsftpd/vsftpd.conf"
dated: Mon Feb 6 08:02:39 2017
(1) Another program may be editing the same file. If this is the case,
be careful not to end up with two different instances of the same
file when making changes. Quit, or continue with caution.
(2) An edit session for this file crashed.
If this is the case, use ":recover" or "vim -r /etc/vsftpd/vsftpd.conf"
to recover the changes (see ":help recovery").
If you did this already, delete the swap file "/etc/vsftpd/.vsftpd.conf.swp"
to avoid this message.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2016 06:59 AM
I also experienced this issue. Had a call open with TAC to be able to get a file off the box. I am surprised nothing in the documentation mentions this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2018 06:51 AM
