CentOS 6 : Problem with FTP login - 500 OOPS cannot change directory
Yesterday I get a problem when I want to make an FTP connection to one of our web server (operating with CentOS 6). It's a bit strange, because usually it works normally.
The problem described as below (the IP address below is only an example, for security reasons):
As we can see above, the FTP login failures occur because FTP can not change directory to the user's home directory (in this case it is /home/golduser).
To fix this problem, then here's how i done it. First, I do log on to the web server through an SSH connection with user 'root'.
Once the login is successful, then I need to see the booleans value of SELinux policy, filtering on whom containing the word 'ftp':
As we can see above, the ftp_home_dir boolean is set to off, that's preventing the FTP daemon (vsftpd) from reading and writing to files in user home directories.
To change the boolean value to on, perform the following steps (the '-P' parameter means permanent):
Please check back if ftp_home_dir values have changed:
Aaah, the ftp_home_dir already set to on :-) After doing the steps above, I can log into my web server with FTP connection without any problems. Hope this article helps those of you who encountered similar problems.
Reference : RedHat customer portal
The problem described as below (the IP address below is only an example, for security reasons):
[root@optiflex ~]# ftp 10.10.10.10 Connected to 10.10.10.10. 220 (vsFTPd 2.2.2) 530 Please login with USER and PASS. 530 Please login with USER and PASS. KERBEROS_V4 rejected as an authentication type Name (10.10.10.10:root): golduser 331 Please specify the password. Password: 500 OOPS: cannot change directory:/home/golduser Login failed.
As we can see above, the FTP login failures occur because FTP can not change directory to the user's home directory (in this case it is /home/golduser).
To fix this problem, then here's how i done it. First, I do log on to the web server through an SSH connection with user 'root'.
Once the login is successful, then I need to see the booleans value of SELinux policy, filtering on whom containing the word 'ftp':
[root@goldsrv ~]# getsebool -a | grep ftp allow_ftpd_anon_write --> off allow_ftpd_full_access --> off allow_ftpd_use_cifs --> off allow_ftpd_use_nfs --> off ftp_home_dir --> off ftpd_connect_db --> off httpd_enable_ftp_server --> off sftpd_anon_write --> off sftpd_enable_homedirs --> off sftpd_full_access --> off sftpd_write_ssh_home --> off tftp_anon_write --> off
As we can see above, the ftp_home_dir boolean is set to off, that's preventing the FTP daemon (vsftpd) from reading and writing to files in user home directories.
To change the boolean value to on, perform the following steps (the '-P' parameter means permanent):
[root@goldsrv ~]# setsebool -P ftp_home_dir on
Please check back if ftp_home_dir values have changed:
[root@goldsrv ~]# getsebool -a | grep ftp allow_ftpd_anon_write --> off allow_ftpd_full_access --> off allow_ftpd_use_cifs --> off allow_ftpd_use_nfs --> off ftp_home_dir --> on ftpd_connect_db --> off httpd_enable_ftp_server --> off sftpd_anon_write --> off sftpd_enable_homedirs --> off sftpd_full_access --> off sftpd_write_ssh_home --> off tftp_anon_write --> off
Aaah, the ftp_home_dir already set to on :-) After doing the steps above, I can log into my web server with FTP connection without any problems. Hope this article helps those of you who encountered similar problems.
Reference : RedHat customer portal
Thanks! This solve my problem!
ReplyDeletei'd see my ftp_home_dir --> on but still error 500 OOPS cannot change directory
ReplyDeletecritical error
could not connect to server
PLz help, i'm newbie
have you check the file permission?
ReplyDeleteAwesome! Problem solved! :D
ReplyDelete