Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
21338
Views
63
Helpful
11
Replies

Prime 3.1 FTP Server Directory Listing Denied

Go to solution
rick505d3
Level 1
Level 1

‎05-11-2016 05:27 PM

Hi,

The behaviour of native FTP server in Prime Infrastructure 3.1 is changed where it no longer allows "Delete" or even "LIST" command. These commands worked in the old 2.2 version. On upgrading it to 3.0 and finally 3.1, the commands no longer work.

PRIME/admin# show ver

Cisco Application Deployment Engine OS Release: 3.1
ADE-OS Build Version: 3.1.0.001
ADE-OS System Architecture: x86_64

Copyright (c) 2009-2016 by Cisco Systems, Inc.
All rights reserved.
Hostname: PRIME

Version information of installed applications
---------------------------------------------

Cisco Prime Infrastructure
********************************************************
Version : 3.1.0
Build : 3.1.0.0.132





PRIME/admin# ncs password ftpuser ftp-user password 
Updating FTP password
Saving FTP account password in credential store
Synching FTP account passwd to database store - location-ftp-user
Synching FTP account password to system store
Completed FTP password update
PRIME/admin#





!!!! FileZilla FTP Client Status
    !!!! Directory listing fails
    09:16:25	Status:	Disconnected from server
    09:16:25	Status:	Connecting to 10.1.2.102:21...
    09:16:25	Status:	Connection established, waiting for welcome message...
    09:16:25	Status:	Insecure server, it does not support FTP over TLS.
    09:16:25	Status:	Logged in
    09:16:25	Status:	Retrieving directory listing...
    09:16:25	Command:	PWD
    09:16:25	Response:	257 "/"
    09:16:25	Command:	TYPE I
    09:16:25	Response:	200 Switching to Binary mode.
    09:16:25	Command:	PASV
    09:16:25	Response:	227 Entering Passive Mode (10,1,2,102,39,40).
    09:16:25	Command:	LIST
    09:16:25	Response:	550 Permission denied.
    09:16:25	Error:	Failed to retrieve directory listing

    !!!! Upload to CPI successful
    09:40:33	Status:	Starting upload of C:\ftproot\prime\testfile
    09:40:33	Status:	Retrieving directory listing of "/"...
    09:40:36	Status:	File transfer successful, transferred 14,900,689 bytes in 1 second

    !!!! The file can be seen in Prime "dir disk:/ftp"

Thanks, 

Rick.

7 people had this problem
Labels:
2 Accepted Solutions

Accepted Solutions

Go to solution
olivier.nicolas
Level 1
Level 1

‎05-27-2016 05:43 AM

Prime Infrastructure 3.1 is configured to filter commands.

/etc/vsftpd/vsftpd.conf or /etc/vsftpd/vsftpd6.conf

#prime custom settings
ftpd_banner=Prime FTP service
dirlist_enable=NO
chroot_local_user=YES
anonymous_enable=NO
tcp_wrappers=YES
pasv_enable=YES
pasv_min_port=10022
pasv_max_port=10041
file_open_mode=0660
cmds_denied=DELE,RMD,LIST
userlist_enable=YES
userlist_deny=NO
listen=YES
listen_ipv6=NO
max_per_ip=3
max_clients=20

View solution in original post

Go to solution
rick505d3
Level 1
Level 1
In response to anweb

‎06-02-2016 01:17 AM

Hi Anweb,

Use "sudo" to get root privileges. Here is what I did.

PRIME/admin# shell

ade # sudo vi /etc/vsftpd/vsftpd.conf

    dirlist_enable=YES

    cmds_denied=RMD

ade # sudo service vsftpd restart

Regards,

Rick.

View solution in original post

11 Replies 11

Go to solution
olivier.nicolas
Level 1
Level 1

‎05-27-2016 05:43 AM

Prime Infrastructure 3.1 is configured to filter commands.

/etc/vsftpd/vsftpd.conf or /etc/vsftpd/vsftpd6.conf

#prime custom settings
ftpd_banner=Prime FTP service
dirlist_enable=NO
chroot_local_user=YES
anonymous_enable=NO
tcp_wrappers=YES
pasv_enable=YES
pasv_min_port=10022
pasv_max_port=10041
file_open_mode=0660
cmds_denied=DELE,RMD,LIST
userlist_enable=YES
userlist_deny=NO
listen=YES
listen_ipv6=NO
max_per_ip=3
max_clients=20

Go to solution
rick505d3
Level 1
Level 1
In response to olivier.nicolas

‎05-27-2016 05:33 PM

Thanks Olivier,

Troubleshooting through the issue at that time, I found the same and simply allowed the required access as I needed these ftp commands. Restarted the vsftpd deamon and all good then. Not sure why Cisco changed the behaviour, and there does not seem to be any docu on this change.

Regards, 

Rick. 

0 Helpful

Go to solution
daniel.litwin
Level 1
Level 1
In response to rick505d3

‎06-03-2016 06:40 AM

I had a TAC case open a few days ago for Prime and the TAC engineer had me do a 

shell

<password>

sudo -s

to switch into root mode.

FYI

0 Helpful

Go to solution
anweb
Level 1
Level 1
In response to olivier.nicolas

‎06-02-2016 01:04 AM

As this files are owned by user root ... and only changeable through root

ade # ls -la
total 36
drwxr-xr-x.  2 root root 4096 May 12 14:13 .
drwxr-xr-x. 76 root root 4096 Jun  2 03:32 ..
-rw-------.  1 root root  125 Mar 10 17:04 ftpusers
-rw-r--r--.  1 root root  291 May 12 14:13 user_list
-rw-------.  1 root root 4924 May 12 14:13 vsftpd.conf
-rw-r--r--.  1 root root 4923 May 12 14:13 vsftpd6.conf
-rwxr--r--.  1 root root  338 Mar 10 17:04 vsftpd_conf_migrate.sh

how did you get root access ?

i didn't find any way to log in as root on cli ..

Go to solution
rick505d3
Level 1
Level 1
In response to anweb

‎06-02-2016 01:17 AM

Hi Anweb,

Use "sudo" to get root privileges. Here is what I did.

PRIME/admin# shell

ade # sudo vi /etc/vsftpd/vsftpd.conf

    dirlist_enable=YES

    cmds_denied=RMD

ade # sudo service vsftpd restart

Regards,

Rick.

Go to solution
anweb
Level 1
Level 1
In response to rick505d3

‎06-02-2016 04:30 AM

Hi Rick,

Thanks, works fine now !

Regards

Andy

0 Helpful

Go to solution
eng.eslamany
Level 1
Level 1
In response to rick505d3

‎01-25-2017 10:44 PM

Hi Rick,

Please how can i got out from sudo after paste these commands

dirlist_enable=YES

cmds_denied=RMD

i got stucked

0 Helpful

Go to solution
rick505d3
Level 1
Level 1
In response to eng.eslamany

‎01-26-2017 12:08 AM

When finished editing, Press "Esc" button to go out of editing mode, Type :wq to save and quit the editor.

Regards, 

Rick.

0 Helpful

Go to solution
jasonpktjasonpkt
Level 1
Level 1
In response to rick505d3

‎03-20-2017 07:14 PM

Hi,

I've tried type "wq" after I pressed "ESC" button it didn't exit from the editor and it didn't go back to "ade #" as expected. Is this another bug? Now I have another same file with the ending .swp file. If I hit enter it goes back into the original file (with the 2 options mentioned not changed)

How do I save the file and exit from here onward?

I ssh into Prime remotely, could that be the cause?

How do I delete the .swp file? or I can leave it there?

warning I received when I login the second time

E325: ATTENTION
Found a swap file by the name "/etc/vsftpd/.vsftpd.conf.swp"
          owned by: root   dated: Tue Mar 21 01:46:54 2017
         file name: /etc/vsftpd/vsftpd.conf
          modified: YES
         user name: root   host name: GBCDCPI01
        process ID: 9953
While opening file "/etc/vsftpd/vsftpd.conf"
             dated: Mon Feb  6 08:02:39 2017

(1) Another program may be editing the same file.  If this is the case,
    be careful not to end up with two different instances of the same
    file when making changes.  Quit, or continue with caution.
(2) An edit session for this file crashed.
    If this is the case, use ":recover" or "vim -r /etc/vsftpd/vsftpd.conf"
    to recover the changes (see ":help recovery").
    If you did this already, delete the swap file "/etc/vsftpd/.vsftpd.conf.swp"
    to avoid this message.

0 Helpful

Go to solution
daniel.litwin
Level 1
Level 1

‎05-27-2016 06:59 AM

I also experienced this issue.  Had a call open with TAC to be able to get a file off the box.  I am surprised nothing in the documentation mentions this.

0 Helpful

Go to solution
ruizvilladiego
Level 1
Level 1

‎12-13-2018 06:51 AM

Thanks! It help me a lot to solve an issue! Have a nice day
0 Helpful
Customers Also Viewed These Support Documents
Top