15

My question is what settings do I need to change and/or commands to run to allow me to log into my vsftpd system?

I am getting this error, when I login using ftp instead of sftp:

Name (localhost:dbadmin): dbadmin
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/home/dbadmin
Login failed.
ftp>

This works when logging in using sftp@, but my server is behind a firewall, and I need to be able to login using ftp as well as sftp.

I have been looking at quite a few posts about the "OOPS" error but so far have had no luck logging in.

Here is some information about my system and settings:

I am running CentOS 6.4.

iptables and ip6tables are stopped and disabled.

My home directory is protected 700, and I have tried 750, just to see if that made a difference. It did not.

Here are the active lines in /etc/vsftpd/vsftpd.conf

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

My login name is not in user_list.

Gilles 'SO- stop being evil'
  • 807,993
  • 194
  • 1,674
  • 2,175
octopusgrabbus
  • 556
  • 2
  • 7
  • 25
  • Even i faced the same issue.. >Try changing the access to 775, it worked for me. –  Oct 07 '15 at 12:55
  • In case the problem still occurs even though you have disabled selinux, please recheck permissions of your directory. Is your ftp user really have rights in that folder? or Is any setgid bit set at parent of that folder? A 's' bit at parent folder might cause a problem, if you try to create a new folder beneath. – Chatchai Mao Oct 08 '15 at 08:08

7 Answers7

11

Run this one command, no need to restart any service & server:

# setenforce 0

To check SELinux status : 

# getenforce

or

edit the file /etc/sysconfig/selinux to include

SELINUX=disabled

Doing so will require a reboot.

G-Man Says 'Reinstate Monica'
  • 22,130
  • 27
  • 68
  • 117
Mitter
  • 134
  • 1
  • 3
7

Although disabling SELinux by SELINUX=disabled will solve the problem this would not be advisable. You can enable ftp user to access his home directory by configuring SELinux boolean value ftp_home_dir by running the following command:

setsebool -P ftp_home_dir=1
Community
  • 1
Indika K
  • 179
  • 1
  • 3
4

you can always allow the FTP daemon full access to all files by running

setsebool -P allow_ftpd_full_access 1
Bee Kay
  • 161
  • 3
3

I disabled selinux by following these instructions here. I was able to log in not using sftp.

To disable permanently, I edited /etc/selinux/config and set

SELINUX=disabled

After the reboot, I was able to log in normally.

octopusgrabbus
  • 556
  • 2
  • 7
  • 25
  • 2
    Disabling SELinux is a troubleshooting step to determining whether SELinux is the cause of the problem, not a final solution. Once you have determined SELinux is the cause, you should look into your AVC denials and determine which boolean you need to change, or make a custom policy with the SELinux tools. Disabling SELinux permanently is not a good idea. – suprjami Nov 21 '14 at 03:46
0

Probably the user has no execute privileges on their home folder. Perform:

chmod +x /home/user

or,

chmod 700 /home/user
Stephen Rauch
  • 4,209
  • 14
  • 22
  • 32
sharpy1064
  • 1
0

Hope this might help.

local_root=/var/www/ftp/$USER
user_sub_token=$USER
Missing Twins
  • 21
  • 3
  • 1
    Welcome to the site and thank you for your contribution. Would you mind adding more explanation as to how (i.e. by what mechanism) your answer solves the original problem? This might give others facing a similar problem more insight as to why they have this issue in the first place. – AdminBee Jan 24 '20 at 07:51
-1

Running setenforce 0 as another answer suggested did not work for me.

The following command solved the problem:

chmod -R 755 /home/dbadmin

(Previously the /home/dbadmin directory had 700 permissions.)

pacoverflow
  • 278
  • 3
  • 15