Vsftpd local users cannot log on

Article Title: how to solve the problem that vsftpd local users cannot log on. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Open/etc/selinux/config

Change selinux = enforcing or permissive to disabled.

Remember to restart the server!

Of course, you must also confirm the following issues:

1. Whether the user is restricted by vsftpd. For example, if the user name is in/etc/ftpusers, the user is blocked from logging on.

2, vsftpd. check whether the pam Authentication option is enabled in the conf file (this error often occurs when you compile and install it yourself) (see vsftpd. whether pam_service_name = ftp or vsftpd exists in conf. which one depends on?

Who is in the PAM module service file/etc/pam. d? My ftp is configured as follows:

# % PAM-1.0
Auth required/lib/security/pam_listfile.so item = user sense = deny file =/etc/ftpusers onerr = succeed
Auth required/lib/security/pam_unix.so shadow nullok
Auth required/lib/security/pam_shells.so
Account required/lib/security/pam_unix.so
Session required/lib/security/pam_unix.so
If some users in/etc/ftpusers are deny

3. Are the related folder permissions correct.

Regarding the issue that "some local users in vsftpd cannot log on, but some users can,

All the local accounts in the system cannot log on. The configuration of my/etc/vsftpd. conf file is as follows:

Local_enable = YES
Write_enable = YES
Chroot_local_user = YES
Pam_service_name = vsftpd
/Etc/pam. d/vsftpd exists and is normal.

The error messages during logon are the same:

500 OOPS: cannot change directory:/home/xxxx
Login failed.
421 Service not available, remote server has closed connection

Their home directory is/home/xxxx. The permissions for/home And/home/xxxx are 755.

None of the above accounts can log on via ftp. These accounts are usually used frequently and can be logged on using shell.

I have created a new usr1 account.

# Useradd-G test-d/tmp/usr1 usr1

Can log on to ftp. His home name is/tmp/usr1, which is on the/partition. While/home is mounted to/dev/hda9.

# Mount
/Dev/hdb1 on/type ext3 (rw)
/Dev/hda9 on/home type ext2 (rw)

Therefore, I guess: Is it because of the/home partition that the "Account of the home directory in the/home partition" cannot log on?

To verify the above ideas, I tried to create another account

Useradd-G test-d/home/usr3 usr3

/Home,/home/usr3 all have 755 permissions.

Usr3 ftp login failed.

500 OOPS: cannot change directory:/home/usr3

Login failed.

421 Service not available, remote server has closed connection

At this point, I think it is possible to be sure that the/home partition causes "accounts in the/home partition of the main directory" to be unable to log on.

References:

I finished my second upgrade to Fedora Core 4. Not everything is ironed out yet with the build of course. But one thing is for sure a lot has happened to the RedHat I knew before.

I must say of all the changes, for me the nicest addition is the new SELinux extensions. for deep background on the reasons for and theory of SELinux read, The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments

The more I work with SELinux the more I realize I need to know about it, and how exactly it does all its stuff. it certainly changes things relating to users, directories and access. as I am starting to learn it, I'm sure I'm doing things the hard-way. :)

The major difference, so far for me, in Red Hat's SELinux is the way ftp is handled. vsftpd is still the server which is great. however, it seems to be designed to run as a daemon rather than invoked via xinet. d. if you grab a working copy of the xinet. d file for vsftpd you can invoke it via xinet. d wrapper. I did my first server upgrade in this manner. the current one I am trying as a daemon. I certainly think I will miss some of the features that the xinet. d wrapper brings, and may yet return to it.

Of all the issues I saw most notable is if you want to enable chroot directory's outside of the normal/home/xxx vsftpd. These will fail with

500 OOPS: cannot change directory:/mnt/xxxxx

I was able to use ftp if I logged in with an account with a directory in/home, but once I set a user account to have a home drive outside of/home (in this case on a mounted secondary disk) vsftpd barfs the above.

I found information at the NSA that indicates you can disable SELinux protection of the ftp daemon.

Setsebool-P ftpd_disable_trans 1

This seems a bit drastic. It certainly works for now though.

I think ultimately the issue resides with birth ies, but as SELinux between ies are new to me, it will take time before it all gets sorted out. as I spend time with the new SELinux extensions in Fedora Core 4 I will keep you updated on my thoughts and configuration lessons.

Solution:

# Setsebool ftpd_disable_trans 1

# Service vsftpd restart

I used FC4. I tried it according to the method in your previous post and solved it right away. Therefore, the cause can be determined in SELinux.