vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Issues related to applications and software problems
Mitchel
Posts: 11
Joined: 2012/01/28 22:40:42

vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Post by Mitchel » 2012/03/01 17:07:39

Hello Centos peoples! =)

I got 2 problems.

If i trying to connect to my ftp server, he can't find the vsftpd server.
If i turn the iptables off he can connect.

This is on my conf:
[code]

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

#ssh
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
#vsftpd
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT


COMMIT
[/code]
What is wrong with it? (ssh does work)

Now, my second problem:
[code]
Antwoord: 220 (vsFTPd 2.2.2)
Commando: USER wesley
Antwoord: 331 Please specify the password.
Commando: PASS *********
Antwoord: 500 OOPS: cannot change directory:/home/ftp/wesley
Fout: Fatale fout
Fout: Kan niet verbinden met server
[/code]

Just to try the rights:
drwxrwxrwx. 2 wesley ftp-users 4096 Mar 1 15:25 wesley

I dont know what the rights should be??

[code][root@centos ~]# getsebool -a | grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> on
ftpd_connect_db --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
[/code]

If you need more info, plz ask it =)
I hope you can help me.


Regards Mitchel

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Post by TrevorH » 2012/03/01 18:13:36

You have removed the rule from your iptables that did "-j RH-Firewall-1-INPUT" which jumped to that chain of rules. This means that the rules in the RH-Firewall-1-INPUT chain are no longer being used so you either need to reinstate the default jump rule or insert your rules in the INPUT chain instead. The rules you have at present in the RH-Firewall-1-INPUT are now orphaned and you should either remove them or reinstate the jump from the INPUT chain.

For the vsftpd error, you need to look in the logs /var/log/vsftpd.log, /var/log/messages and/or /var/log/secure for clues.

Mitchel
Posts: 11
Joined: 2012/01/28 22:40:42

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Post by Mitchel » 2012/03/03 23:24:39

[quote]
TrevorH wrote:
You have removed the rule from your iptables that did "-j RH-Firewall-1-INPUT" which jumped to that chain of rules. This means that the rules in the RH-Firewall-1-INPUT chain are no longer being used so you either need to reinstate the default jump rule or insert your rules in the INPUT chain instead. The rules you have at present in the RH-Firewall-1-INPUT are now orphaned and you should either remove them or reinstate the jump from the INPUT chain.

For the vsftpd error, you need to look in the logs /var/log/vsftpd.log, /var/log/messages and/or /var/log/secure for clues.
[/quote]


/var/log/vsftpd.log
[code]empty[/code]


/var/log/messages
[code]
nothing happens if I trying to login
[/code]


/var/log/secure
[code]no problems[/code]



What to do now? o.O

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Post by pschaff » 2012/03/04 05:20:56

Have you fixed the firewall rule set?

Mitchel
Posts: 11
Joined: 2012/01/28 22:40:42

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Post by Mitchel » 2012/03/04 12:25:58

[quote]
pschaff wrote:
Have you fixed the firewall rule set?[/quote]


yes i did.

This is the result:
[code]
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT
[/code]

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Post by TrevorH » 2012/03/04 13:25:27

Great, so you now have port 21 open. Did you also load the ip_conntrack_ftp module with modprobe? Since you don't also have port 20 open (which is also needed for ftp) you will need to do this - especially if you need to use passive ftp.

Mitchel
Posts: 11
Joined: 2012/01/28 22:40:42

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Post by Mitchel » 2012/03/04 13:34:10

[quote]
TrevorH wrote:
Great, so you now have port 21 open. Did you also load the ip_conntrack_ftp module with modprobe? Since you don't also have port 20 open (which is also needed for ftp) you will need to do this - especially if you need to use passive ftp.[/quote]

No i diddn't load ip_conntrack_ftp with modle modprobe.
After i fixed the iptables the vsftpd works verry wel, so is it really necessary?

Now I still get the next error:
[code]Antwoord: 220 (vsFTPd 2.2.2)
Commando: USER wesley
Antwoord: 331 Please specify the password.
Commando: PASS *********
Antwoord: 500 OOPS: cannot change directory:/home/ftp/wesley
Fout: Fatale fout
Fout: Kan niet verbinden met server[/code]

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Post by TrevorH » 2012/03/04 13:51:49

In my experience with ftp, yes, ip_conntrack_ftp is essential! That doesn't mean that you might not be able to make it work without but those are the two things that I've used to make it work and missing one of them breaks it - 1) open port 21 and 2) modprobe ip_conntrack_ftp.

However, I do not guarantee that this will fix your current problem as that looks more like a permissions problem. To fix that you'll need to find errors in your log files so I suggest that you go back to those now and see if there's anything logged.

Mitchel
Posts: 11
Joined: 2012/01/28 22:40:42

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Post by Mitchel » 2012/03/04 14:38:42

[quote]
TrevorH wrote:
In my experience with ftp, yes, ip_conntrack_ftp is essential! That doesn't mean that you might not be able to make it work without but those are the two things that I've used to make it work and missing one of them breaks it - 1) open port 21 and 2) modprobe ip_conntrack_ftp.

However, I do not guarantee that this will fix your current problem as that looks more like a permissions problem. To fix that you'll need to find errors in your log files so I suggest that you go back to those now and see if there's anything logged.[/quote]

Logs does not say anything helpfully :(

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Post by TrevorH » 2012/03/04 17:05:18

Look harder or possibly try to find a way to increase the log level. Whatever is going wrong will be logging somewhere.

Post Reply