cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
18018
Views
60
Helpful
11
Replies

Prime 3.1 FTP Server Directory Listing Denied

rick505d3
Beginner
Beginner

Hi,

The behaviour of native FTP server in Prime Infrastructure 3.1 is changed where it no longer allows "Delete" or even "LIST" command. These commands worked in the old 2.2 version. On upgrading it to 3.0 and finally 3.1, the commands no longer work.

PRIME/admin# show ver

Cisco Application Deployment Engine OS Release: 3.1
ADE-OS Build Version: 3.1.0.001
ADE-OS System Architecture: x86_64

Copyright (c) 2009-2016 by Cisco Systems, Inc.
All rights reserved.
Hostname: PRIME

Version information of installed applications
---------------------------------------------

Cisco Prime Infrastructure
********************************************************
Version : 3.1.0
Build : 3.1.0.0.132





PRIME/admin# ncs password ftpuser ftp-user password 
Updating FTP password
Saving FTP account password in credential store
Synching FTP account passwd to database store - location-ftp-user
Synching FTP account password to system store
Completed FTP password update
PRIME/admin#





!!!! FileZilla FTP Client Status
    !!!! Directory listing fails
    09:16:25	Status:	Disconnected from server
    09:16:25	Status:	Connecting to 10.1.2.102:21...
    09:16:25	Status:	Connection established, waiting for welcome message...
    09:16:25	Status:	Insecure server, it does not support FTP over TLS.
    09:16:25	Status:	Logged in
    09:16:25	Status:	Retrieving directory listing...
    09:16:25	Command:	PWD
    09:16:25	Response:	257 "/"
    09:16:25	Command:	TYPE I
    09:16:25	Response:	200 Switching to Binary mode.
    09:16:25	Command:	PASV
    09:16:25	Response:	227 Entering Passive Mode (10,1,2,102,39,40).
    09:16:25	Command:	LIST
    09:16:25	Response:	550 Permission denied.
    09:16:25	Error:	Failed to retrieve directory listing

    !!!! Upload to CPI successful
    09:40:33	Status:	Starting upload of C:\ftproot\prime\testfile
    09:40:33	Status:	Retrieving directory listing of "/"...
    09:40:36	Status:	File transfer successful, transferred 14,900,689 bytes in 1 second

!!!! The file can be seen in Prime "dir disk:/ftp"

Thanks, 

Rick.

2 Accepted Solutions

Accepted Solutions

olivier.nicolas
Beginner
Beginner

Prime Infrastructure 3.1 is configured to filter commands.

/etc/vsftpd/vsftpd.conf or /etc/vsftpd/vsftpd6.conf

#prime custom settings
ftpd_banner=Prime FTP service
dirlist_enable=NO
chroot_local_user=YES
anonymous_enable=NO
tcp_wrappers=YES
pasv_enable=YES
pasv_min_port=10022
pasv_max_port=10041
file_open_mode=0660
cmds_denied=DELE,RMD,LIST
userlist_enable=YES
userlist_deny=NO
listen=YES
listen_ipv6=NO
max_per_ip=3
max_clients=20

View solution in original post

Hi Anweb,

Use "sudo" to get root privileges. Here is what I did.

PRIME/admin# shell

ade # sudo vi /etc/vsftpd/vsftpd.conf

    dirlist_enable=YES

    cmds_denied=RMD

ade # sudo service vsftpd restart

Regards,

Rick.

View solution in original post

11 Replies 11

olivier.nicolas
Beginner
Beginner

Prime Infrastructure 3.1 is configured to filter commands.

/etc/vsftpd/vsftpd.conf or /etc/vsftpd/vsftpd6.conf

#prime custom settings
ftpd_banner=Prime FTP service
dirlist_enable=NO
chroot_local_user=YES
anonymous_enable=NO
tcp_wrappers=YES
pasv_enable=YES
pasv_min_port=10022
pasv_max_port=10041
file_open_mode=0660
cmds_denied=DELE,RMD,LIST
userlist_enable=YES
userlist_deny=NO
listen=YES
listen_ipv6=NO
max_per_ip=3
max_clients=20

Thanks Olivier,

Troubleshooting through the issue at that time, I found the same and simply allowed the required access as I needed these ftp commands. Restarted the vsftpd deamon and all good then. Not sure why Cisco changed the behaviour, and there does not seem to be any docu on this change.

Regards, 

Rick. 

I had a TAC case open a few days ago for Prime and the TAC engineer had me do a 

shell

<password>

sudo -s

to switch into root mode.

FYI

As this files are owned by user root ... and only changeable through root

ade # ls -la
total 36
drwxr-xr-x.  2 root root 4096 May 12 14:13 .
drwxr-xr-x. 76 root root 4096 Jun  2 03:32 ..
-rw-------.  1 root root  125 Mar 10 17:04 ftpusers
-rw-r--r--.  1 root root  291 May 12 14:13 user_list
-rw-------.  1 root root 4924 May 12 14:13 vsftpd.conf
-rw-r--r--.  1 root root 4923 May 12 14:13 vsftpd6.conf
-rwxr--r--.  1 root root  338 Mar 10 17:04 vsftpd_conf_migrate.sh

how did you get root access ?

i didn't find any way to log in as root on cli ..

Hi Anweb,

Use "sudo" to get root privileges. Here is what I did.

PRIME/admin# shell

ade # sudo vi /etc/vsftpd/vsftpd.conf

    dirlist_enable=YES

    cmds_denied=RMD

ade # sudo service vsftpd restart

Regards,

Rick.

Hi Rick,

Thanks, works fine now !

Regards

Andy

Hi Rick,

Please how can i got out from sudo after paste these commands

dirlist_enable=YES

cmds_denied=RMD

i got stucked

When finished editing, Press "Esc" button to go out of editing mode, Type :wq to save and quit the editor.

Regards, 

Rick.

Hi,

I've tried type "wq" after I pressed "ESC" button it didn't exit from the editor and it didn't go back to "ade #" as expected. Is this another bug? Now I have another same file with the ending .swp file. If I hit enter it goes back into the original file (with the 2 options mentioned not changed)

How do I save the file and exit from here onward?

I ssh into Prime remotely, could that be the cause?

How do I delete the .swp file? or I can leave it there?

warning I received when I login the second time

E325: ATTENTION
Found a swap file by the name "/etc/vsftpd/.vsftpd.conf.swp"
          owned by: root   dated: Tue Mar 21 01:46:54 2017
         file name: /etc/vsftpd/vsftpd.conf
          modified: YES
         user name: root   host name: GBCDCPI01
        process ID: 9953
While opening file "/etc/vsftpd/vsftpd.conf"
             dated: Mon Feb  6 08:02:39 2017

(1) Another program may be editing the same file.  If this is the case,
    be careful not to end up with two different instances of the same
    file when making changes.  Quit, or continue with caution.
(2) An edit session for this file crashed.
    If this is the case, use ":recover" or "vim -r /etc/vsftpd/vsftpd.conf"
    to recover the changes (see ":help recovery").
    If you did this already, delete the swap file "/etc/vsftpd/.vsftpd.conf.swp"
    to avoid this message.

daniel.litwin
Beginner
Beginner

I also experienced this issue.  Had a call open with TAC to be able to get a file off the box.  I am surprised nothing in the documentation mentions this.

ruizvilladiego
Beginner
Beginner
Thanks! It help me a lot to solve an issue! Have a nice day
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers