configuring vsftpd

paruhang · April 21, 2012, 9:19am

hi everybody,
i am new to linux. iam using centos 6.2, and trying to configure ftp server in my local network, i have seen one fpt server how to videos tutriol but iam unable to follow i have some confussion in /etc/vsftpd/vsftpd.conf about userlist_enable and userlist_deny, /etc/vsftpd/userlist and user_list and ftpusers.

i haven't change vsftpd.conf, user_list and ftpusers, when iam trying to ftp with users 'khem' or 'guest' the following error occurs:

trying to ftp with user khem it prompt for password after inserting password the error

500 OOPS: cannot change directory:/home/khem, login failed

# ftp 10.10.10.161
Connected to 10.10.10.161 (10.10.10.161).
220 (vsFTPd 2.2.2)
Name (10.10.10.161:khem): khem
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/home/khem
Login failed.

and again trying to ftp with user guest

# ftp 10.10.10.161
Connected to 10.10.10.161 (10.10.10.161).
220 (vsFTPd 2.2.2)
Name (10.10.10.161:khem): guest
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/home/guest
Login failed.

the same errors occours as user khem.

ABOUT CONSOLE OR VIA SSH, my local ip is 10.10.10.161

now iam login with user guest and trying to login with via ssh with my local machine

[guest@workstation ~]$
[guest@workstation ~]$ ssh khem@10.10.10.161
khem@10.10.10.161's password:
Last login: Fri Apr 20 18:41:04 2012 from workstation
[khem@workstation ~]$

hope user khem can login colsole or via ssh, if iam not wrong i just try it by googeling.
iam using default centos 6.2 shell may be it is bash.
both user khem and guest have password ,this account is created by root.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

i hav insert user khem and guest in /etc/vsftpd/user_list and i save it and exit

# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
khem
guest
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

after save and exit i have restart vsftpd

# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]

and trying to ftp using both user 'khem' and 'guest' respectively

ftp using khem

# ftp 10.10.10.161
Connected to 10.10.10.161 (10.10.10.161).
220 (vsFTPd 2.2.2)
Name (10.10.10.161:khem): khem
530 Permission denied.
Login failed.

ftp using guest

# ftp 10.10.10.161
Connected to 10.10.10.161 (10.10.10.161).
220 (vsFTPd 2.2.2)
Name (10.10.10.161:khem): guest
530 Permission denied.
Login failed.

i have created user khem and guest by root user and i gave password to them

can anybody guide me to configure ftp by analysing this post. any kinds of ideas and suggestions are welcome and i'll be greatful.
THANK YOU IN ADVANCE

admin_xor · April 21, 2012, 3:59pm

So as I have understood, you want to login to the ftp server using khem id and want to get into the home directory of that user. Right?

Is SELinux set to enforcing mode? to check this try the below command:

getenforce

If it's in enforcing mode, you need to check if ftp_home_dir boolean is set to on:

getsebool -a | grep ftp_home_dir

If that's off, turn it on to allow ftp user's to get into their home directory:

setsebool -P ftp_home_dir=1

By default, whatever user names you put in /etc/vsftpd/user_list file, it gets denied from logging into the ftp server. So either you remove the user khem from that file or you add "userlist_deny=NO" line at the end of /etc/vsftpd/vsftpd.conf file. Then, restart the vsftpd server.

paruhang · April 21, 2012, 6:41pm

thank you,
admin_xor form my inner heart, your guidelines will help to improve my skills and clear my doubt about how to login in ftp and credit goes to you. i have some doubts hope you help me.

first i delete user khem from /etc/vsftpd/user_list and save. and change to premissive mode,

# setenforce 0
[root@workstation vsftpd]# getenforce
Permissive

it works with all users and again i convert in enforcing mode by following comman,

# setenforce 1
# getenforce
Enforcing

it doesn't work in Enforcing mode and i follow your instruction given by you in your post.

#getencorce
#getsebool -a | grep ftp_home_dir
#setsebool -P ftp_home_dir=1

and i tried it works successfully every user can ftp, to their respective home directory

# ftp 10.10.10.161
Connected to 10.10.10.161 (10.10.10.161).
220 (vsFTPd 2.2.2)
Name (10.10.10.161:khem): khem
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/home/khem"

# ftp 10.10.10.161
Connected to 10.10.10.161 (10.10.10.161).
220 (vsFTPd 2.2.2)
Name (10.10.10.161:khem): guest
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/home/guest"

# ftp 10.10.10.161
Connected to 10.10.10.161 (10.10.10.161).
220 (vsFTPd 2.2.2)
Name (10.10.10.161:khem): ashim
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/home/ashim"

what i want to do is, i want to create folder name 'files' inside /var/ftp/pub/

and anytime any users login with ftp server they should redirect to /var/ftp/pub/files not in their respective directory so everybody shares data from /var/ftp/pub/files.

can anybody give me any kinds of ideas, suggestions or guidelines i'll be greatful and any all ideas, suggestion and guidelines are welcome.

    THANK YOU IN ADVANCE

admin_xor · April 22, 2012, 4:00am

Always happy to help!

You can achieve this in several ways. I will provide you the convenient one here.

Make a group called "ftpusers" or something like that:

groupadd ftpusers

Change the home directory of the users who will login to the ftp to /var/ftp/pub/files and add them to the group ftpusers:

usermod -aG ftpusers -d /var/ftp/pub/files user01

Change the group ownership of /var/ftp/pub/files

chown root:ftpusers /var/ftp/pub/files

Make the directory writable by the ftpusers (if needed) group

chmod g+w /var/ftp/pub/files

And that's it!

Connected to 10.0.1.101.
220 (vsFTPd 2.2.2)
User (10.0.1.101:(none)): user01
331 Please specify the password.
Password:
230 Login successful.
ftp> pwd
257 "/var/ftp/pub/files"
ftp>

paruhang · May 10, 2012, 7:17pm

hellow,
admin_xor

i have some problem the problems are as follows

#groupadd ftpusers
#useradd ashim
#passwd ashim
#usermod -aG ftpusers -d /var/ftp/pub/files ashim
#chgrp ftpusers var
#chgrp ftpusers ftp
#chgrp ftpusers pub
#chgrp ftpusers files

#chmod 770 var
#chmod 770 ftp
#chmod 770 pub
#chmod 770 files

1) after doing this i log in as 'ashim' i was able to access the files on ftp servers. but i was not able to create new folder and paste some files in that ftp servers.

2) when i reboot the system i got error message = could not update ICEauthority file /var/lib/gdm/.ICEauthority

i login as single user as root and check file are as follows:

[root@workstation var] ll
drwxrwx--T 2 root gdm 4096 Dec 8 01:58

and i have change it to

drwxrwx--T 2 gdm gdm 4096 Dec 8 01:58

and it doesnt work

[root@workstation lib] ll
drwxrwx--T 2 gdm gdm 4096 May 11 03:49

i havent change anything here

3) i cannot login using hostname of my machine. what i mean is when i do this ftp://10.10.10.161 i can access the file but when i use ftp://workstation but i can't access.

ip = 10.10.10.161 
hostname = workstation

i was worried about my data on harddisk if my system doesn't boot i loose all my important data. iam new to linux any kinds of ideas and suggestions are welcome.
THANK YOU IN ADVANCE

admin_xor · May 11, 2012, 1:36pm

Did you give write permission to the group on the directory?
chmod g+w /var/ftp/pub/files

This is entirely a different issue. With which ID did you login?

Name to address resolution is done by either DNS or the /etc/hosts file. If you do not have a DNS server for your network, just make an entry as following in /etc/hosts file on the ftp client machine (from the machine you are accessing the server):

10.10.10.161         workstation

paruhang · May 11, 2012, 7:40pm

hi ,
i have done the following steps but i cannot create file inside /var/ftp/pub/files

#setsebool - P ftp_home_dir=1
# getsebool -a | grep ftp_home_dir
ftp_home_dir --> on
# service vsftpd status
vsftpd (pid 1262) is running...
# groupadd ftpusers
# useradd ashim
# passwd ashim
# pwd
/var/ftp/pub/files
# usermod -aG ftpusers -d /var/ftp/pub/files ashim
# chown root:ftpusers /var/ftp/pub/files
# chmod g+w /var/ftp/pub/files
# service vsftpd restart

i have checked after giving this command

# chown root:ftpusers /var/ftp/pub/files and
# chmod g+w /var/ftp/pub/files

# pwd
/

drwxr-xr-x.  23 root root  4096 May 11 01:41 var

pwd
/var

drwxr-xr-x.  3 root root 4096 May 11 01:41 ftp

# pwd
/var/ftp

drwxr-xr-x. 3 root root 4096 May 12 08:44 pub

# pwd
/var/ftp/pub

drwxrwxr-x. 2 root ftpusers 4096 May 12 10:03 files

i have install centos in my desktop and windows 7 on my laptop.

1) (from windows) when try to upload data in ftpserver=10.10.10.161 "/var/ftp/pub/files from my client laptop using windows 7 os the following error occurs

550 create directory operation failed

2) (in centos) when i try to make directory inside /var/ftp/pub/files/ the error occurs

# ftp 10.10.10.161
Connected to 10.10.10.161 (10.10.10.161).
220 (vsFTPd 2.2.2)
Name (10.10.10.161:khem): ashim
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/var/ftp/pub/files"
ftp> mkdir test
550 Create directory operation failed.
ftp>