vsftpd issues
vsftpd issues
Created a new user and when I login it says "226 Transfer done (but failed to open directory)." When I run ls -l in this directory it shows this new user has full rights including its group (drwxrwx). Is there something else I should be doing?
Re: vsftpd issues
Hi
Welcome to CentOS.
I suspect it has to do with SELinux. Disable selinux and test again:
[code]setenfoce 0[/code]
Here is a guide relating to SELinux
[url=http://wiki.centos.org/HowTos/SELinux#head-430e52f7f8a7b41ad5fc42a2f95d3e495d13d348]CentOS SELinux HowTo[/url]
Here is someone else experiencing similar problems on Fedora:
http://forums.fedoraforum.org/archive/index.php/t-119321.html
Welcome to CentOS.
I suspect it has to do with SELinux. Disable selinux and test again:
[code]setenfoce 0[/code]
Here is a guide relating to SELinux
[url=http://wiki.centos.org/HowTos/SELinux#head-430e52f7f8a7b41ad5fc42a2f95d3e495d13d348]CentOS SELinux HowTo[/url]
Here is someone else experiencing similar problems on Fedora:
http://forums.fedoraforum.org/archive/index.php/t-119321.html
-
pschaff
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
vsftpd issues
That is[code]setenforce 0[/code]and rather than disabling SELinux it puts it in permissive mode, as can be seen by [b]getenforce[/b] or [b]sestatus[/b]. That is the preferred method of debugging SELinux issues.
How was the new user created, and what does [code]ls -lZd /home/<username>[/code]show?
An example:
[code]# ls -lZd /home/prs
drwx------. prs prs unconfined_u:object_r:user_home_dir_t:s0 /home/prs
[/code]
Note that the permissions should by default be drwx (or 700) and not drwxrwx or (770).
For FTP access it may be necessary to set SELinux booleans with:
[code]setsebool -P ftp_home_dir 1[/code]
and possibly also
[code]setsebool -P allow_ftpd_full_access 1[/code]
That should be shown by running [code]# cat /var/log/messages | audit2allow -w[/code]after the failed login attempt. If [b]audit2allow[/b] is not found then [code]yum install policycoreutils[/code]
How was the new user created, and what does [code]ls -lZd /home/<username>[/code]show?
An example:
[code]# ls -lZd /home/prs
drwx------. prs prs unconfined_u:object_r:user_home_dir_t:s0 /home/prs
[/code]
Note that the permissions should by default be drwx (or 700) and not drwxrwx or (770).
For FTP access it may be necessary to set SELinux booleans with:
[code]setsebool -P ftp_home_dir 1[/code]
and possibly also
[code]setsebool -P allow_ftpd_full_access 1[/code]
That should be shown by running [code]# cat /var/log/messages | audit2allow -w[/code]after the failed login attempt. If [b]audit2allow[/b] is not found then [code]yum install policycoreutils[/code]
-
ericson007
- Posts: 48
- Joined: 2012/04/01 09:07:48
Re: vsftpd issues
As per above, however, not sure why you want to set SELinux to permissive and do all those boolean changes. Setting permissive mode will allow the data through and just log it. Change the settings as instructed if SELinux is left in enforcing mode. I would also recommend to rather keep everything in the pub directories and not fiddle around with access to home directories.
Change your SElinux contexts instead of disabling using chcon.
Change your SElinux contexts instead of disabling using chcon.
Re: vsftpd issues
Disabling SELinux solved my issues, thanks.
-
pschaff
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: vsftpd issues
Disabling SELinux should not be considered a solution. You need to fix the SELinux issues and enable it. See the The Wiki [url=http://wiki.centos.org/?action=fullsearch&context=180&value=selinux&titlesearch=Titles]SELinux articles[/url] and the results of a forum search for [url=https://www.centos.org/search.php?query=selinux+ftp&mid=30&action=showall&andor=AND]selinux ftp[/url].
-
ankushkool
- Posts: 3
- Joined: 2009/03/03 10:23:48
Re: vsftpd issues
I am facing the same issue when trying to ftp into CentOS 6.5 from Windows 10 cmd. It works fine if I use a application like WinSCP. I tried all suggestions listed above including disabling SELINUX, still not working. Would really appreciate if someone can help. Thanks in advance.