Tag Archives: vsftpd

[Solved] SELinux intercepts vsftpd for CentOS (without shutting down SELinux)

Vsftpd is an FTP server program, and SELinux is the firewall component of CentOS. Since vsftpd is intercepted by SELinux by default, the following FTP problems are encountered:

226 transfer done (but failed to open directory)

550 failed to change directory

550 create directory operation failed

553 Could not create file.

Or simply after sending the list command, the server does not respond and disconnects after timeout (500 oops: vsftpd: chroot)

In case of such a problem, usually vsftpd does not have sufficient permissions, which is likely to be blocked by SELinux. The popular solution on the network is to turn off SELinux directly, which will cause other security problems, so there are other better ways

To determine if this is the problem, we need to try to turn off SELinux to see if it is the cause

setenforce 0 #Temporarily put SELinux into Permissive mode

Try again after running. If FTP can get the directory, upload and download, it is proved that SELinux is the cause

Solution: we can run getsebool – a | grep ftpd to determine the view permissions

getsebool -a | grep ftp

#The following is the displayed permissions, off is off permissions, on is open permissions, has been set, not set when all is off
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> on
ftpd_full_access --> on
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_home_dir --> on

Among them, FTP_ home_ Dir and allow_ ftpd_ full_ Access must be on to enable vsftpd to access the FTP root directory and transfer files

Run the following command:

setsebool -P ftp_home_dir 1
setsebool -P allow_ftpd_full_access 1

Note that these two commands usually take more than ten seconds to run

After running, we will resume SELinux and enter the forcing mode

setenforce 1 #Entering Enforcing Mode

If there is no accident, we can access the FTP directory, and vsftpd can upload and download files normally

But if this problem has not been solved, it may be that the directory attribute of FTP access is not enough. It is recommended to use Chmod – R 777 path to set the read-write property of the path to 777, and then try again, which can usually solve the problem

Vsftpd new directory prompt: 550 create directory operation failed

After configuring FTP on CentOS, I can log in, but I can’t create a new directory. The prompt is: 550 create directory operation failed. I tried method 1: set SELinux = disabled, and found it still can’t work. Finally, I confirmed that the folder write permission is not assigned

possibility 1:

After configuring vsftpd on CentOS , I carefully checked the configuration file. After connecting to the server, the error message “ 550 create directory operation failed ” was always displayed when creating and uploading files. I have configured vsftpd no less than five times. This problem has never occurred before, At first, I thought it was a problem of user permissions, so I simply configured Chmod – R 777 for the directory and local in vsftpd.conf_ Umask = 000 (in fact, it’s certainly not related to this configuration, and the psychological effect has been changed). As a result, the problem remains the same

Go to the official website of vsftpd to find out the answer. The original problem is SELinux. Speaking of SELinux, I hate SELinux to the bone. Normally, after installing the system, I directly delete it with Yum remove SELinux * – Y. Today, when I was about to leave work, I installed CentOS on the virtual machine VirtualBox, so I forgot to do this action

Solution:

1. How to disable SELinux

#VI/etc/SELinux/config
is modified to SELinux = disabled

If you don’t want to restart the system, enter: setenforce 0 in the terminal

Restart the vsftpd process and solve the problem

it’s better to delete this annoying SELinux directly

yum remove selinux* -y

The world is clean at last

possibility 2:

The directory of anonymous user (/ var/ftp/PUB) does not have write permission, so it needs to be set to have write permission

First go to/var/FTP

Then enter Chmod 777 pub in the terminal

Maybe that’s the problem that tripped you up