Today, I built FTP, I used to create a Linux user can not login, echo results are:
Oops:cannot Change Directory:/home/linux
Check the next reason, originally is SELinux configuration problem, SELinux block vsftp user access to the home directory
Here's how to fix it:
If SELinux is enabled, the following error occurs when a local user accesses the server via ftp:
Oops:cannot Change Directory:/home/user
Login failed.
You can also see the following information in the system log:
[Root@web ~]# Tail/var/log/messages
SEP 5 08:30:59 Web Setroubleshoot:selinux is preventing the FTP daemon from reading users home directories (./home). For complete SELinux messages. Run Sealert-l 81cf3268-4d97-449a-9949-3a08ceef49b6
As described in, run
[Root@web ~]# sealert-l 81cf3268-4d97-449a-9949-3a08ceef49b6
Summary:
SELinux is preventing the FTP daemon from reading users home directories (./home).
Detailed Description:
SELinux has denied the FTP daemon access to users home directories (./home). Someone is attempting to login via your FTP daemon to a user account. If you have Setup FTP to allow anonymous FTP, this could signal a intrusion attempt.
Allowing Access:
If you are want FTP to allow users access to their home directories your need to turn on the Ftp_home_dir boolean: "Setsebool- P ftp_home_dir=1 "
The following command'll allow this access:
Setsebool-p ftp_home_dir=1
Follow the description, and execute the command:
[Root@web ~]# setsebool-p ftp_home_dir=1
The local user can then log on to the server with FTP.
=================================================================================
Here is SELinux--Setsebool's common settings
===ftp===
If you are want to share files anonymously
Chcon-r-T Public_content_t/var/ftp
If you are want to setup a directory where you can upload files
Chcon-t public_content_rw_t/var/ftp/incoming
You are must also turn on the Boolean allow_ftpd_anon_write
Setsebool-p allow_ftpd_anon_write=1
If you are are setting up this machine as a FTPD server and wish to allow users to access their home directorories
Setsebool-p Ftp_home_dir 1
If you are want to run ftpd as a daemon
Setsebool-p Ftpd_is_daemon 1
Can disable SELinux protection for the ftpd daemon
Setsebool-p Ftpd_disable_trans 1
===httpd===
If you are want a particular domain to write to the public_content_rw_t domain
Setsebool-p allow_httpd_anon_write=1
Or
Setsebool-p allow_httpd_sys_script_anon_write=1
HTTPD can be the setup to allow CGI scripts to be executed
Setsebool-p httpd_enable_cgi 1
If you are want to allow access to users home directories
Setsebool-p Httpd_enable_homedirs 1
Chcon-r-T httpd_sys_content_t ~user/public_html
HTTPD is allowed access to the controling terminal
Setsebool-p Httpd_tty_comm 1
such that one httpd service can not interfere with another
Setsebool-p httpd_unified 0
Loadable modules run under the same context as httpd
Setsebool-p httpd_builtin_scripting 0
HTTPD scripts are allowed to connect out to the network
Setsebool-p Httpd_can_network_connect 1
You can disable suEXEC transition
Setsebool-p Httpd_suexec_disable_trans 1
Can disable SELinux protection for the httpd daemon by executing
Setsebool-p Httpd_disable_trans 1
Service httpd Restart
===named===
If you are want to have named update the master zone files
Setsebool-p Named_write_master_zones 1
Can disable SELinux protection for the named daemon by executing
Setsebool-p Named_disable_trans 1
Service named restart
===nfs===
If you want to the setup this machine to share NFS partitions read only
Setsebool-p Nfs_export_all_ro 1
If you are want to share files Read/write
Setsebool-p NFS_EXPORT_ALL_RW 1
If you are want to use a sqlremote NFS server for the "Home directories on" This machine
Setsebool-p Use_nfs_home_dirs 1
===samba===
If you are want to share files other than home Directorie
Chcon-t samba_share_t/directory
If you are want to share the files with multiple domains
Setsebool-p allow_smbd_anon_write=1
If you are are setting up this machine as a Samba server and wish to share the home directories
Setsebool-p Samba_enable_home_dirs 1
If you have want to use a remote Samba server for the "Home directories on" This machine
Setsebool-p Use_samba_home_dirs 1
Can disable SELinux protection for the samba daemon by executing
Setsebool-p Smbd_disable_trans 1
Service SMB Restart
===rsync===
If you are want to share files using the rsync daemon
Chcon-t public_content_t/directories
If you are want to share the files with multiple domains
Setsebool-p allow_rsync_anon_write=1
Can disable SELinux protection for the rsync daemon by executing
Setsebool-p Rsync_disable_trans 1
===kerberos===
Allow your system to work properly in a Kerberos environment
Setsebool-p Allow_kerberos 1
If you are running Kerberos daemons kadmind or KRB5KDC
Setsebool-p Krb5kdc_disable_trans 1
Service KRB5KDC Restart
Setsebool-p Kadmind_disable_trans 1
Service Kadmind Restart
===nis===
Allow your system to work properly in a NIS environment
Setsebool-p Allow_ypbind 1