解決方法:shell
就OK了!可是下次重啓了還會這樣··服務器
2在終端輸入命令:app
setsebool-Pftpd_disable_trans1less
servicevsftpdrestartide
這樣每次重啓機器均可以了·ui
關於vsftpd部分本地用戶不能登陸,部分能夠」的問題,我從新作了一些實驗,我把這個問題結合實驗的結果再從新描述一下,請各位高人,幫忙看看可能的緣由。謝謝了!
系統中原來就有的本地賬號都不能登陸,個人/etc/vsftpd/vsftpd.conf文件的配置以下:
local_enable=YES
write_enable=YES
chroot_local_user=YES
pam_service_name=vsftpd
/etc/pam.d/vsftpd存在且正常。
登陸時錯誤信息都是同樣的:
500OOPS:cannotchangedirectory:/home/xxxx
Loginfailed.
421Servicenotavailable,remoteserverhasclosedconnection
他們的home目錄都是/home/xxxx。/home和/home/xxxx的權限都是755。
以上這些賬號都不能ftp登陸,這些都是日常常常使用的,能夠用shell登陸的。
我新建立了一個usr1賬號,
#useradd-Gtest-d/tmp/usr1usr1
能ftp登陸,他的home爲/tmp/usr1,在/分區上。而/home我是mount到/dev/hda9上的。
#mount
/dev/hdb1on/typeext3(rw)
/dev/hda9on/hometypeext2(rw)
因此,我猜測:是不是因爲/home分區的緣由,而形成「主目錄在/home分區的賬號」都不能登陸呢?
爲了驗證以上設想,我試着再建立了一個賬號,
useradd-Gtest-d/home/usr3usr3
/home,/home/usr3的權限都是755。
usr3ftp登陸失敗。
500OOPS:cannotchangedirectory:/home/usr3
Loginfailed.
421Servicenotavailable,remoteserverhasclosedconnection
至此,我以爲能夠肯定是因爲/home分區的緣由,而形成「主目錄在/home分區的賬號」都不能登陸。
參考文章:
-----------------------------------------------------------------------------------------
IfinishedmysecondupgradetoFedoraCore4.Noteverythingisironedoutyetwiththebuildofcourse.ButonethingisforsurealothashappenedtotheRedHatIknewbefore.
Imustsayofallthechanges,formethenicestadditionisthenewSELinuxextensions.FordeepbackgroundonthereasonsforandtheoryofSELinuxread,TheInevitabilityofFailure:TheFlawedAssumptionofSecurityinModernComputingEnvironments
ThemoreIworkwithSELinuxthemoreIrealizeIneedtoknowaboutit,andhowexactlyitdoesallitsstuff.Itcertainlychangesthingsrelatingtousers,directoriesandaccess.AsIamstartingtolearnit,I'msureI'mdoingthingsthehard-way.:)
Themajordifference,sofarforme,inRedHat'sSELinuxisthewayftpishandled.vsftpdisstilltheserverwhichisgreat.However,itseemstobedesignedtorunasadaemonratherthaninvokedviaxinet.d.Ifyougrabaworkingcopyofthexinet.dfileforvsftpdyoucaninvokeitviaxinet.dwrapper.Ididmyfirstserverupgradeinthismanner.ThecurrentoneIamtryingasadaemon.IcertainlythinkIwillmisssomeofthefeaturesthatthexinet.dwrapperbrings,andmayyetreturntoit.
OfalltheissuesIsawmostnotableisifyouwanttoenablechrootdirectory'soutsideofthenormal/home/xxxvsftpd.Thesewillfailwitha
500OOPS:cannotchangedirectory:/mnt/xxxxx
IwasabletouseftpifIloggedinwithanaccountwithadirectoryin/home,butonceIsetauseraccounttohaveahomedriveoutsideof/home(inthiscaseonamountedsecondarydisk)vsftpdbarfstheabove.
IfoundinformationattheNSAthatindicatesyoucandisableSELinuxprotectionoftheftpdaemon.
setsebool-Pftpd_disable_trans1
Thisseemsabitdrastic.Itcertainlyworksfornowthough.
Ithinkultimatelytheissueresideswithpolicies,butasSELinuxpoliciesarenewtome,itwilltaketimebeforeitallgetssortedout.AsIspendtimewiththenewSELinuxextensionsinFedoraCore4Iwillkeepyouupdatedonmythoughtsandconfigurationlessons.
---------------------------------------------------------------------------------------
解決辦法:
--------------------------------------------------------------------------------------
#setseboolftpd_disable_trans1
#servicevsftpdrestart
因此,能夠肯定緣由就在SELinux。this
------------------------------------------------------------------------------------nuxt
2.再出問題rest
--------------------------------------------------orm
cannotchangedirectory:/home/***
ftp服務器鏈接失敗,錯誤提示:
500OOPS:cannotchangedirectory:/home/*******
500OOPS:childdied
解決方法:
在終端輸入命令:
setseboolftpd_disable_trans1
servicevsftpdrestart
就好了。
登錄ftp時再輸入用戶名和密碼出現:500OOPS:cannotchangedirectory:/home/**********
解決方法:在終端輸入setseboolftpd_disable_trans1而後重啓vsftp服務servicevsftpdrestart若是輸入上述命令時出現:Couldnotchangeactivebooleans:Invalidboolean是由於SELinux的問題接着在終端輸入:setseboolftp_home_dir=1重啓vsftp服務便可解決問題