vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Issues related to applications and software problems

vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Postby Mitchel » 2012/03/01 17:07:39

Hello Centos peoples! =)

I got 2 problems.

If i trying to connect to my ftp server, he can't find the vsftpd server.
If i turn the iptables off he can connect.

This is on my conf:
Code: Select all

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

#ssh
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
#vsftpd
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT


COMMIT

What is wrong with it? (ssh does work)

Now, my second problem:
Code: Select all
Antwoord:   220 (vsFTPd 2.2.2)
Commando:   USER wesley
Antwoord:   331 Please specify the password.
Commando:   PASS *********
Antwoord:   500 OOPS: cannot change directory:/home/ftp/wesley
Fout:   Fatale fout
Fout:   Kan niet verbinden met server


Just to try the rights:
drwxrwxrwx. 2 wesley ftp-users 4096 Mar 1 15:25 wesley

I dont know what the rights should be??

Code: Select all
[root@centos ~]# getsebool -a | grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> on
ftpd_connect_db --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off


If you need more info, plz ask it =)
I hope you can help me.


Regards Mitchel
Mitchel
 
Posts: 11
Joined: 2012/01/28 22:40:42

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Postby TrevorH » 2012/03/01 18:13:36

You have removed the rule from your iptables that did "-j RH-Firewall-1-INPUT" which jumped to that chain of rules. This means that the rules in the RH-Firewall-1-INPUT chain are no longer being used so you either need to reinstate the default jump rule or insert your rules in the INPUT chain instead. The rules you have at present in the RH-Firewall-1-INPUT are now orphaned and you should either remove them or reinstate the jump from the INPUT chain.

For the vsftpd error, you need to look in the logs /var/log/vsftpd.log, /var/log/messages and/or /var/log/secure for clues.
User avatar
TrevorH
Forum Moderator
 
Posts: 9167
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Postby Mitchel » 2012/03/03 23:24:39

TrevorH wrote:
You have removed the rule from your iptables that did "-j RH-Firewall-1-INPUT" which jumped to that chain of rules. This means that the rules in the RH-Firewall-1-INPUT chain are no longer being used so you either need to reinstate the default jump rule or insert your rules in the INPUT chain instead. The rules you have at present in the RH-Firewall-1-INPUT are now orphaned and you should either remove them or reinstate the jump from the INPUT chain.

For the vsftpd error, you need to look in the logs /var/log/vsftpd.log, /var/log/messages and/or /var/log/secure for clues.



/var/log/vsftpd.log
Code: Select all
empty



/var/log/messages
Code: Select all
nothing happens if I trying to login



/var/log/secure
Code: Select all
no problems




What to do now? o.O
Mitchel
 
Posts: 11
Joined: 2012/01/28 22:40:42

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Postby pschaff » 2012/03/04 05:20:56

Have you fixed the firewall rule set?
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Postby Mitchel » 2012/03/04 12:25:58

pschaff wrote:
Have you fixed the firewall rule set?



yes i did.

This is the result:
Code: Select all
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT
Mitchel
 
Posts: 11
Joined: 2012/01/28 22:40:42

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Postby TrevorH » 2012/03/04 13:25:27

Great, so you now have port 21 open. Did you also load the ip_conntrack_ftp module with modprobe? Since you don't also have port 20 open (which is also needed for ftp) you will need to do this - especially if you need to use passive ftp.
User avatar
TrevorH
Forum Moderator
 
Posts: 9167
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Postby Mitchel » 2012/03/04 13:34:10

TrevorH wrote:
Great, so you now have port 21 open. Did you also load the ip_conntrack_ftp module with modprobe? Since you don't also have port 20 open (which is also needed for ftp) you will need to do this - especially if you need to use passive ftp.


No i diddn't load ip_conntrack_ftp with modle modprobe.
After i fixed the iptables the vsftpd works verry wel, so is it really necessary?

Now I still get the next error:
Code: Select all
Antwoord:   220 (vsFTPd 2.2.2)
Commando:   USER wesley
Antwoord:   331 Please specify the password.
Commando:   PASS *********
Antwoord:   500 OOPS: cannot change directory:/home/ftp/wesley
Fout:   Fatale fout
Fout:   Kan niet verbinden met server
Mitchel
 
Posts: 11
Joined: 2012/01/28 22:40:42

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Postby TrevorH » 2012/03/04 13:51:49

In my experience with ftp, yes, ip_conntrack_ftp is essential! That doesn't mean that you might not be able to make it work without but those are the two things that I've used to make it work and missing one of them breaks it - 1) open port 21 and 2) modprobe ip_conntrack_ftp.

However, I do not guarantee that this will fix your current problem as that looks more like a permissions problem. To fix that you'll need to find errors in your log files so I suggest that you go back to those now and see if there's anything logged.
User avatar
TrevorH
Forum Moderator
 
Posts: 9167
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Postby Mitchel » 2012/03/04 14:38:42

TrevorH wrote:
In my experience with ftp, yes, ip_conntrack_ftp is essential! That doesn't mean that you might not be able to make it work without but those are the two things that I've used to make it work and missing one of them breaks it - 1) open port 21 and 2) modprobe ip_conntrack_ftp.

However, I do not guarantee that this will fix your current problem as that looks more like a permissions problem. To fix that you'll need to find errors in your log files so I suggest that you go back to those now and see if there's anything logged.


Logs does not say anything helpfully :(
Mitchel
 
Posts: 11
Joined: 2012/01/28 22:40:42

Re: vsftpd 500 OOPS: cannot change directory:/home/ftp/%user%

Postby TrevorH » 2012/03/04 17:05:18

Look harder or possibly try to find a way to increase the log level. Whatever is going wrong will be logging somewhere.
User avatar
TrevorH
Forum Moderator
 
Posts: 9167
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Next

Return to CentOS 6 - Software Support

Who is online

Users browsing this forum: No registered users and 11 guests