Vsftp 530 Login Incorrect and OOPS:vsftpd:refusing to run with writable root error Resolution
530 Login Incorrect:
To restrict anonymous users in a file, make the following settings:
Anonymous_enable=no
userlist_enable=yes
userlist_deny=no
userlist_file=/etc/vsftpd.user_list
This way only users in User_list can access FTP.
But after the service vsftpd restart, use FTP localhost test, enter the correct username and password, but always show: 530 Login incorrect
Login Failed
Later found in the etc, there is a PAM.D folder, in the open vsftpd this file, found that the user in the previous restrictions, will be inside the corresponding limit note
To release:
#auth Required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
Solve the problem.
OOPS:vsftpd:refusing to run with writable anonymous root
If we have already started the VSFTPD server, the login test will appear similar to the following prompts:
OOPS:vsftpd:refusing to run with writable anonymous root
This indicates that the FTP user's root directory is not right and should be corrected;
[Root@localhost ~]# more/etc/passwd | grep FTP
Ftp:x:1000:1000:ftp User:/var/ftp:/sbin/nologin
We found that the FTP user's root directory in the/var/ftp, that is, the/VAR/FTP permissions are not caused by the permissions of this directory can not open all permissions, you run the chmod 777/var/ftp; if there is no FTP user this root directory, of course you have to build one; The following FTP user's root directory is not for all users, user groups, other user groups completely open;
[Root@localhost ~]# Ls-ld/var/ftp
DRWXRWXRWX 3 root root 4096 2005-03-23/var/ftp
To fix this error, you can use the following method:
[Root@localhost ~]# chown root:root/var/ftp
[Root@localhost ~]# chmod 755/var/ftp
Some brothers may say, that anonymous user's readable, can download, can upload how to do? This is also simple, under the/var/ftp to build a directory, permission is 777 on the line, and then change the vsftpd.conf on OK; nothing difficult;
VSFTPD for security reasons, is not allowed to FTP users root directory is completely unrestricted, you can read the VSFTPD document to understand, otherwise it can not be called the safest FTP server, right? "
Another attached VSFTP profile:
#About host Settings Connect_from_port_20=yes #记得在前一小节提到的主动式连线使用的FTP伺服器的埠号吗? This is Ftp-data's port number; listen_port=21 #vsftpd使用的命令通道之埠号, if you want to use an irregular port number, modify it in this set of items! But you have to know that this setting is only for stand alone to start with.
(for Super Daemon) Dirmessage_enable=yes #当使用者进入某个目录时, displays what the directory needs to be aware of, and the file preset is. Message, you can use the following set of items to revise!
Message_file=.message #当dirmessage_enable =yes, you can set up this project to let VSFTPD find the file to display the message!
Listen=yes #若设定为YES表示vsftpd是以standalone的方式来启动的!
Pasv_enable=yes #启动被动式连线模式 (passive mode) must be set to YES! Use_localtime=yes #是否使用本地时间?
VSFTPD preset To use GMT time (Greenwich), so it will be 8 hours later than Taiwan, the proposal is set to Yes! Write_enable=yes #如果你允许使用者上传资料时, we need to start this setting; Connect_timeout=60 #单位是秒, in the active line mode of data connection, our connection signal does not get a response from the client in 60 seconds,
Then do not wait and force the disconnection slightly. Accept_timeout=60 #当使用者以被动式PASV来进行资料传输时, if the host has passive port enabled and waits for more than 60 seconds for the client to respond without a response, then force a disconnection!
This setting is similar to Connect_timeout, but one is to manage the active line, one to manage the passive connection. data_connection_timeout=300 #如果伺服器与用户端的资料连线已经成功建立 (whether active or passive), but may not be able to successfully complete the transmission of data within 300 seconds due to line problems,
The subscriber line will be forcibly removed by our vsftpd! idle_session_timeout=300 #如果使用者在300秒内都没有命Make action, force offline!
Max_clients=50 #如果vsftpd是以stand alone, then this setup project can be set at the same time, the maximum number of client can be connected to vsftpd miles!?
Max_per_ip=5 #与上面max_clients类似, here is the same IP at the same time how many lines can be allowed? pasv_min_port=0, pasv_max_port=0 #上面两个是与passive mode uses the port number, if you want to use 65400 to 65410 of these 11 port for passive connection mode, You can set pasv_max_port=65410 and pasv_min_port=65400 this way.
If it is 0, it means random access without restriction. #ftpd_banner = Some words #当使用者连线进入到vsftpd时, the descriptive text that will appear on the FTP client software. However, the set value of the data is relatively small!
It is recommended that you use the set value below to replace the project; Banner_file=/etc/vsftpd/welcome.txt #这个项目可以指定某个纯文字档作为使用者登入vsftpd伺服器时所显示的欢迎字眼. # # # # #Entity user Settings # Guest_enable=no #若这个值设定为YES时, then any anonymous login account will be assumed to be guest (visitor) Oh! As for the visitor in the VSFTPD, the default will get the FTP user's relevant permissions.
But it can be modified through guest_username.
Guest_username=ftp #在guest_enable =yes will only take effect, the identity of the designated visitors.
Local_enable=yes #这个设定值必须要为YES时, the account within the/etc/passwd can be in the way of entity users login to our VSFTPD host Oh!
Write_enable=yes #是否允许实体用户写入 local_max_rate=60000 #实体用户的传输速度限制, the unit is Bytes/second, 0 is not limited. Chroot_local_user=yes #将使用者限制在自己的家目录之内 (chroot)! This setting in VSFTPD is no, because there are two items in the bottom of the auxiliary OH!
So do not need to start his #但如果启动了他, it means that the entity user default has been chroot, written in/etc/vsftpd/chroot_list users are not chroot. Chroot_list_enable=yes #是否启用将某些实体用户限制在他们的家目录内? The preset is no, but if you want some users to be unable to leave their home directory, consider setting this to Yes and planning for the next set of values Chroot_list_file=/etc/vsftpd/chroot_list #如果chroot_list_ Enable=yes then you can set up this project! He can specify that an entity user will be limited to their own home directory and can not leave!
(chroot) line an account can! The Userlist_enable=yes #是否借助vsftpd的抵挡机制来处理某些不受欢迎的帐号, which is related to the setting below, and the setting that will only take effect when the Userlist_deny=yes #当userlist_enable =yes, If this setting is yes, the user in the file will not be able to log into the VSFTPD server when the user account is included in the file.
The file name is related to the following setup items. Userlist_file=/etc/vsftpd/user_list #若上面userlist_deny =yes, then this file will be useful!
The account in this file cannot be used vsftpd Oh! # # # #Anonymous Settings # # Anonymous_enable=yes #设定为允许anonymous登入我们的vsftpd主机!
The preset is yes, and all of the underlying settings need to be set to Anonymous_enable=yes before it takes effect!
Anon_root=/var/ftp Anon_world_readable_only=yes #仅允许anonymous具有下载可读档案的权限, the preset is yes. Anon_other_write_enable=yes #是否允许anonymous具有写入的权限? Preset is no!
If you want to set Yes, then open to anonymous write directory also need to adjust permissions, so that vsftpd PID owner can write to the line! Anon_mkdir_write_enable=yes #是否让anonymous具有建立目Permission to record? The preset value is no!
If you want to set Yes, then anony_other_write_enable must be set to Yes!
#是否让anonymous具有上传资料的功能, the preset is no, and if you want to be set to Yes, Anon_other_write_enable=yes must be set. Deny_email_enable=yes #将某些特殊的email address to resist, do not let those anonymous login! Do you require a password if you log on to the anonymous? is the password not for you to enter your email address? If you hate some email address, you can use this setting to revoke his login privileges! Need to work with the next set of projects: #banned_email_file =/etc/vsftpd/banned_emails #如果deny_email_enable =yes, you can use this setup project to specify which email Address can not be logged into our vsftpd Oh!
In the file set above, a line input an email address can! No_anon_password=yes #当设定为YES时, indicating that anonymous will skip the password verification step and go directly into the VSFTPD server.
So the general preset is no! anon_max_rate=40000 #这个设定值后面接的数值单位为bytes/sec, limit anonymous transmission speed, if 0 is not limited (by the maximum bandwidth limit), if you want to let anonymous only kb/s speed, you can set " anon_max_rate=30000 "anon_umask=077 #限制anonymous的权限!
If it is 077 then anonymous transfer over the file permissions will be-RW-------Oh!
# # # about the system settings Ascii_download_enable=yes #如果设定为YES, then the client can download the file using the ASCII format. Ascii_upload_enable=yes #与上一个设定类似的, just this setting for upload! The preset is NO one_process_model=no #这个设定项目比较危险一点 ~ When set to Yes, it means that each established line will have a process in charge that can increase vsftpD's performance. However, unless your system is relatively secure and the hardware is relatively high, it is easy to run out of system resources.
The general recommendation is set to No! Tcp_wrappers=yes #当然我们都习惯支援TCP Wrappers!
So set it to Yes! Xferlog_enable=yes #当设定为YES时, users upload and download files will be recorded. The record file is related to the next setup project: Xferlog_file=/var/log/vsftpd.log #如果上一个xferlog_enable =yes, you can set it up here!
This is the file name of the login file! Xferlog_std_format=no #是否设定为wu FTP The same login file format?! The preset is no because the login file is easier to read! However, if you have an analysis software that uses the Wu FTP login file, it needs to be set to Yes Nopriv_user=nobody #我们的vsftpd预设以nobody作为此一服务执行者的权限.
Because the nobody is very low, so even if the intrusion, the intruder can only obtain nobody permissions Oh!
PAM_SERVICE_NAME=VSFTPD #这个是pam模组的名称, we placed in/etc/pam.d/vsftpd that is this thump!
Thank you for reading, I hope to help you, thank you for your support for this site!