| nodiscc |
08-25-2010 06:50 AM |
VSFTPD: "cannot change directory"
Hello all,
i'm trying to setup a vsftpd server, SSL-enabled, based on local users with no shell access (/bin/false). I added /bin/false to /etc/shells so users can log in. I had a "GnuTLS error -8" at user login caused by the server sending a cleartext error message in SSL mode, so I disabled SSL and the error message came up at login:
USER privateftp
PASS ***************
500 OOPS: cannot change directory:/home/ftp/privateftp/
ACL are enabled and user privateftp has r-x rights on the directory. Changing user's shell has no effect. Changing directory POSIX owner has no effect.
What's wrong?
my /etc/vsftpd.conf:
Code:
#VSFTPD CONFIG FILE (sites.google.com/nodiscc) (vsftpd.beasts.org)
#BOOLEAN OPTIONS
allow_anon_ssl=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
anon_upload_enable=NO
anon_world_readable_only=YES
anonymous_enable=YES
ascii_download_enable=NO
ascii_upload_enable=NO
async_abor_enable=NO
background=YES
check_shell=NO
chmod_enable=YES
chown_uploads=YES
chroot_list_enable=NO
chroot_local_user=YES
connect_from_port_20=YES
debug_ssl=NO
delete_failed_uploads=YES
deny_email_enable=NO
dirlist_enable=YES
dirmessage_enable=NO
download_enable=YES
dual_log_enable=NO
force_dot_files=NO
force_anon_data_ssl=NO
force_anon_logins_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
guest_enable=NO
hide_ids=YES
implicit_ssl=NO
listen=YES
listen_ipv6=NO
local_enable=YES
lock_upload_files=YES
log_ftp_protocol=YES
ls_recurse_enable=NO
mdtm_write=YES
no_anon_password=YES
no_log_lock=NO
one_process_model=NO
passwd_chroot_enable=YES
pasv_addr_resolve=NO
pasv_enable=YES
pasv_promiscuous=NO
port_enable=YES
port_promiscuous=NO
require_cert=NO
run_as_launching_user=NO
secure_email_list_enable=NO
session_support=NO
setproctitle_enable=NO
ssl_enable=YES
ssl_request_cert=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
#THESE OPTIONS ARE OFF BECAUSE OF BROKEN CLIENTS
strict_ssl_read_eof=NO
strict_ssl_write_shutdown=NO
syslog_enable=NO
tcp_wrappers=NO
text_userdb_names=NO
tilde_user_enable=NO
use_localtime=YES
userlist_deny=NO
userlist_enable=YES
validate_cert=NO
virtual_use_local_privs=NO
write_enable=YES
xferlog_enable=YES
xferlog_std_format=NO
#NUMERIC OPTIONS
accept_timeout=60
anon_max_rate=0
anon_umask=077
chown_upload_mode=0600
connect_timeout=60
data_connection_timeout=300
delay_failed_login=3
delay_successful_login=0
file_open_mode=0755
ftp_data_port=20
idle_session_timeout=300
listen_port=21
local_max_rate=0
local_umask=0777
max_clients=10
max_login_fails=3
max_per_ip=3
pasv_max_port=0
pasv_min_port=0
trans_chunk_size=0
#STRING OTIONS
anon_root=/home/ftp/anonftp/
#banned_email_file
#banner_file
#ca_certs_file
#chown_username
#chroot_list_file
#OPTIONS TO SET IN EACH USER CONFIG FILE !!
#cmds_allowed
#cmds_denied
#deny_file
#hide_file
#dsa_cert_file
#dsa_private_key_file
#email_password_file
ftp_username=anonftp
ftpd_banner=RADON-GNU/LINUX FTP SERVAR: WELCOME
#guest_username
#listen_address=192.168.1.71
#listen_address6
#local_root
#message_file
nopriv_user=noprivftp
pam_service_name=vsftpd
#pasv_address=192.168.1.71
rsa_cert_file=/usr/share/ssl/certs/vsftpd.pem
rsa_private_key_file=/usr/share/ssl/certs/vsftpd.pem
secure_chroot_dir=/var/run/vsftpd/empty
ssl_ciphers=AES256-SHA
user_config_dir=/etc/vsftpd/userconf/
#user_sub_token
userlist_file=/etc/vsftpd/userlist
vsftpd_log_file=/var/log/vsftpd.log
#xferlog_file
my /etc/vsftpd/userconf/privateftp:
Code:
#FILE /etc/vsftpd/userconf/privateftp
#USER PRIVATEFTP:
#(PRIVATE FTP USER, SHARES ARE PASSWORD-PROTECTED)
#(GROUP: PRIVATEFTP)
#(HOMEDIR: /home/ftp/privateftp/)
#ALLOWED/DENIED COMMANDS
cmds_allowed=ACCT,CDUP,CWD,EPRT,EPSV,FEAT,LIST,NOOP,OPTS,AUTH,ADAT,PASS,PASV,PORT,PWD,QUIT,REIN,REST,SIZE,AUTH,PBSZ,ADAT,PROT,CCC,CONF,ENC,MICSTAT,TYPE,USER,XCUP,XCWD,XPWD,MGET,LPSV,LPRT,GET,CLNT,RETR,NLST
cmds_denied=ABOR,ALLO,APPE,DELE,MDTM,MKD,MODE,HELP,RMD,RNFR,RNTO,SITE,SMNT,STOR,STOU,STRU,SYST,XMKD,XRMD,MPUT,PUT
#SPEED LIMIT (BYTES/S)
local_max_rate=0
#PERSO MESSAGE
ftpd_banner=RADON SERVER 0.x; help yourself.
#DENIED/HIDDEN FILES:
deny_file=*cy
hide_file=*cy
i'm running Debian lenny. No SELinux. SSL is temporarily disabled to solve this issue. Pleaze hellppp..... Thanks in advance. |
