Saturday, January 5, 2013

CentOS 6 : Problem with FTP login - 500 OOPS cannot change directory

Yesterday I get a problem when I want to make an FTP connection to one of our web server (operating with CentOS 6). It's a bit strange, because usually it works normally.

The problem described as below (the IP address below is only an example, for security reasons):

[root@optiflex ~]# ftp 10.10.10.10
Connected to 10.10.10.10.
220 (vsFTPd 2.2.2)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (10.10.10.10:root): golduser
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/home/golduser
Login failed.

As we can see above, the FTP login failures occur because FTP can not change directory to the user's home directory (in this case it is /home/golduser).

To fix this problem, then here's how i done it. First, I do log on to the web server through an SSH connection with user 'root'.

Once the login is successful, then I need to see the booleans value of SELinux policy, filtering on whom containing the word 'ftp':

[root@goldsrv ~]# getsebool -a | grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> off
ftpd_connect_db --> off
httpd_enable_ftp_server --> off
sftpd_anon_write --> off
sftpd_enable_homedirs --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off
tftp_anon_write --> off

As we can see above, the ftp_home_dir boolean is set to off,  that's  preventing the FTP daemon (vsftpd) from reading and writing to files in user home directories.

To change the boolean value to on, perform the following steps (the '-P' parameter means permanent):

[root@goldsrv ~]# setsebool -P ftp_home_dir on

Please check back if ftp_home_dir values ​​have changed:

[root@goldsrv ~]# getsebool -a | grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> on
ftpd_connect_db --> off
httpd_enable_ftp_server --> off
sftpd_anon_write --> off
sftpd_enable_homedirs --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off
tftp_anon_write --> off

Aaah, the ftp_home_dir already set to on :-) After doing the steps above, I can log into my web server with FTP connection without any problems. Hope this article helps those of you who encountered similar problems.

Reference : RedHat customer portal

4 comments:

  1. Thanks! This solve my problem!

    ReplyDelete
  2. i'd see my ftp_home_dir --> on but still error 500 OOPS cannot change directory
    critical error
    could not connect to server
    PLz help, i'm newbie


    ReplyDelete
  3. have you check the file permission?

    ReplyDelete
  4. Awesome! Problem solved! :D

    ReplyDelete

Leave your comments with attitude please. This blog does DOFOLLOW :-)