解决方法:shell
就OK了!可是下次重启了还会这样··服务器
2在终端输入命令:app
setsebool-Pftpd_disable_trans1less
servicevsftpdrestartide
这样每次重启机器均可以了·ui
关于vsftpd部分本地用户不能登陆,部分能够”的问题,我从新作了一些实验,我把这个问题结合实验的结果再从新描述一下,请各位高人,帮忙看看可能的缘由。谢谢了!
系统中原来就有的本地账号都不能登陆,个人/etc/vsftpd/vsftpd.conf文件的配置以下:
local_enable=YES
write_enable=YES
chroot_local_user=YES
pam_service_name=vsftpd
/etc/pam.d/vsftpd存在且正常。
登陆时错误信息都是同样的:
500OOPS:cannotchangedirectory:/home/xxxx
Loginfailed.
421Servicenotavailable,remoteserverhasclosedconnection
他们的home目录都是/home/xxxx。/home和/home/xxxx的权限都是755。
以上这些账号都不能ftp登陆,这些都是日常常常使用的,能够用shell登陆的。
我新建立了一个usr1账号,
#useradd-Gtest-d/tmp/usr1usr1
能ftp登陆,他的home为/tmp/usr1,在/分区上。而/home我是mount到/dev/hda9上的。
#mount
/dev/hdb1on/typeext3(rw)
/dev/hda9on/hometypeext2(rw)
因此,我猜测:是不是因为/home分区的缘由,而形成“主目录在/home分区的账号”都不能登陆呢?
为了验证以上设想,我试着再建立了一个账号,
useradd-Gtest-d/home/usr3usr3
/home,/home/usr3的权限都是755。
usr3ftp登陆失败。
500OOPS:cannotchangedirectory:/home/usr3
Loginfailed.
421Servicenotavailable,remoteserverhasclosedconnection
至此,我以为能够肯定是因为/home分区的缘由,而形成“主目录在/home分区的账号”都不能登陆。
参考文章:
-----------------------------------------------------------------------------------------
IfinishedmysecondupgradetoFedoraCore4.Noteverythingisironedoutyetwiththebuildofcourse.ButonethingisforsurealothashappenedtotheRedHatIknewbefore.
Imustsayofallthechanges,formethenicestadditionisthenewSELinuxextensions.FordeepbackgroundonthereasonsforandtheoryofSELinuxread,TheInevitabilityofFailure:TheFlawedAssumptionofSecurityinModernComputingEnvironments
ThemoreIworkwithSELinuxthemoreIrealizeIneedtoknowaboutit,andhowexactlyitdoesallitsstuff.Itcertainlychangesthingsrelatingtousers,directoriesandaccess.AsIamstartingtolearnit,I'msureI'mdoingthingsthehard-way.:)
Themajordifference,sofarforme,inRedHat'sSELinuxisthewayftpishandled.vsftpdisstilltheserverwhichisgreat.However,itseemstobedesignedtorunasadaemonratherthaninvokedviaxinet.d.Ifyougrabaworkingcopyofthexinet.dfileforvsftpdyoucaninvokeitviaxinet.dwrapper.Ididmyfirstserverupgradeinthismanner.ThecurrentoneIamtryingasadaemon.IcertainlythinkIwillmisssomeofthefeaturesthatthexinet.dwrapperbrings,andmayyetreturntoit.
OfalltheissuesIsawmostnotableisifyouwanttoenablechrootdirectory'soutsideofthenormal/home/xxxvsftpd.Thesewillfailwitha
500OOPS:cannotchangedirectory:/mnt/xxxxx
IwasabletouseftpifIloggedinwithanaccountwithadirectoryin/home,butonceIsetauseraccounttohaveahomedriveoutsideof/home(inthiscaseonamountedsecondarydisk)vsftpdbarfstheabove.
IfoundinformationattheNSAthatindicatesyoucandisableSELinuxprotectionoftheftpdaemon.
setsebool-Pftpd_disable_trans1
Thisseemsabitdrastic.Itcertainlyworksfornowthough.
Ithinkultimatelytheissueresideswithpolicies,butasSELinuxpoliciesarenewtome,itwilltaketimebeforeitallgetssortedout.AsIspendtimewiththenewSELinuxextensionsinFedoraCore4Iwillkeepyouupdatedonmythoughtsandconfigurationlessons.
---------------------------------------------------------------------------------------
解决办法:
--------------------------------------------------------------------------------------
#setseboolftpd_disable_trans1
#servicevsftpdrestart
因此,能够肯定缘由就在SELinux。this
------------------------------------------------------------------------------------nuxt
2.再出问题rest
--------------------------------------------------orm
cannotchangedirectory:/home/***
ftp服务器链接失败,错误提示:
500OOPS:cannotchangedirectory:/home/*******
500OOPS:childdied
解决方法:
在终端输入命令:
setseboolftpd_disable_trans1
servicevsftpdrestart
就好了。
登录ftp时再输入用户名和密码出现:500OOPS:cannotchangedirectory:/home/**********
解决方法:在终端输入setseboolftpd_disable_trans1而后重启vsftp服务servicevsftpdrestart若是输入上述命令时出现:Couldnotchangeactivebooleans:Invalidboolean是由于SELinux的问题接着在终端输入:setseboolftp_home_dir=1重启vsftp服务便可解决问题