500OOPS:childdied
解决方法:
servicevsftpdrestart
就OK了!但是下次重启了还会这样··
2在终端输入命令:
setsebool-Pftpd_disable_trans1
servicevsftpdrestart
这样每次重启机器都可以了·
[root@plat-vm36vsftpd]#sestatus-b|grepftp
allow_ftpd_anon_writeoff
allow_ftpd_full_accessoff
allow_ftpd_use_cifsoff
allow_ftpd_use_nfsoff
ftp_home_diroff
ftpd_disable_transon<=====
ftpd_is_daemonon
httpd_enable_ftp_serveroff
tftpd_disable_transoff
[root@plat-vm36vsftpd]#mansetsebool
setsebool(8)SELinuxCommandLinedocumentationsetsebool(8)
NAME
setsebool-setSELinuxbooleanvalue
SYNOPSIS
setsebool[-P]booleanvalue|bool1=val1bool2=val2...
DESCRIPTION
setseboolsetsthecurrentstateofaparticularSELinuxbooleanoralistofbooleanstoagivenvalue.Thevaluemaybe1ortrueor
ontoenabletheboolean,or0orfalseorofftodisableit.
Withoutthe-Poption,onlythecurrentbooleanvalueisaffected;theboot-timedefaultsettingsarenotchanged.
Ifthe-Poptionisgiven,allpendingvaluesarewrittentothepolicyfileondisk.Sotheywillbepersistantacrossreboots.
AUTHOR
ThismanualpagewaswrittenbyDanWalsh<dwalsh@redhat.com>.TheprogramwaswrittenbyTresysTechnology.
SEEALSO
getsebool(8),booleans(8),togglesebool(8)
dwalsh@redhat.com11Aug2004setsebool(8)
[root@plat-vm36vsftpd]#
关于vsftpd部分本地用户不能登录,部分可以”的问题,我重新做了一些实验,我把这个问题结合实验的结果再重新描述一下,请各位高人,帮忙看看可能的原因。谢谢了!
系统中原来就有的本地帐号都不能登录,我的/etc/vsftpd/vsftpd.conf文件的配置如下:
local_enable=YES
write_enable=YES
chroot_local_user=YES
pam_service_name=vsftpd
/etc/pam.d/vsftpd存在且正常。
登录时错误信息都是一样的:
500OOPS:cannotchangedirectory:/home/xxxx
Loginfailed.
421Servicenotavailable,remoteserverhasclosedconnection
他们的home目录都是/home/xxxx。/home和/home/xxxx的权限都是755。
以上这些帐号都不能ftp登录,这些都是平常经常使用的,可以用shell登录的。
我新创建了一个usr1帐号,
#useradd-Gtest-d/tmp/usr1usr1
能ftp登录,他的home为/tmp/usr1,在/分区上。而/home我是mount到/dev/hda9上的。
#mount
/dev/hdb1on/typeext3(rw)
/dev/hda9on/hometypeext2(rw)
所以,我猜想:是否是由于/home分区的原因,而造成“主目录在/home分区的帐号”都不能登录呢?
为了验证以上设想,我试着再创建了一个帐号,
useradd-Gtest-d/home/usr3usr3
/home,/home/usr3的权限都是755。
usr3ftp登录失败。
500OOPS:cannotchangedirectory:/home/usr3
Loginfailed.
421Servicenotavailable,remoteserverhasclosedconnection
至此,我觉得可以确定是由于/home分区的原因,而造成“主目录在/home分区的帐号”都不能登录。
参考文章:
-----------------------------------------------------------------------------------------
IfinishedmysecondupgradetoFedoraCore4.Noteverythingisironedoutyetwiththebuildofcourse.ButonethingisforsurealothashappenedtotheRedHatIknewbefore.
Imustsayofallthechanges,formethenicestadditionisthenewSELinuxextensions.FordeepbackgroundonthereasonsforandtheoryofSELinuxread,TheInevitabilityofFailure:TheFlawedAssumptionofSecurityinModernComputingEnvironments
ThemoreIworkwithSELinuxthemoreIrealizeIneedtoknowaboutit,andhowexactlyitdoesallitsstuff.Itcertainlychangesthingsrelatingtousers,directoriesandaccess.AsIamstartingtolearnit,I'msureI'mdoingthingsthehard-way.:)
Themajordifference,sofarforme,inRedHat'sSELinuxisthewayftpishandled.vsftpdisstilltheserverwhichisgreat.However,itseemstobedesignedtorunasadaemonratherthaninvokedviaxinet.d.Ifyougrabaworkingcopyofthexinet.dfileforvsftpdyoucaninvokeitviaxinet.dwrapper.Ididmyfirstserverupgradeinthismanner.ThecurrentoneIamtryingasadaemon.IcertainlythinkIwillmisssomeofthefeaturesthatthexinet.dwrapperbrings,andmayyetreturntoit.
OfalltheissuesIsawmostnotableisifyouwanttoenablechrootdirectory'soutsideofthenormal/home/xxxvsftpd.Thesewillfailwitha
500OOPS:cannotchangedirectory:/mnt/xxxxx
IwasabletouseftpifIloggedinwithanaccountwithadirectoryin/home,butonceIsetauseraccounttohaveahomedriveoutsideof/home(inthiscaseonamountedsecondarydisk)vsftpdbarfstheabove.
IfoundinformationattheNSAthatindicatesyoucandisableSELinuxprotectionoftheftpdaemon.
setsebool-Pftpd_disable_trans1
Thisseemsabitdrastic.Itcertainlyworksfornowthough.
Ithinkultimatelytheissueresideswithpolicies,butasSELinuxpoliciesarenewtome,itwilltaketimebeforeitallgetssortedout.AsIspendtimewiththenewSELinuxextensionsinFedoraCore4Iwillkeepyouupdatedonmythoughtsandconfigurationlessons.
---------------------------------------------------------------------------------------
解决办法:
--------------------------------------------------------------------------------------
#setseboolftpd_disable_trans1
#servicevsftpdrestart
所以,可以确定原因就在SELinux。
------------------------------------------------------------------------------------
2.再出问题
--------------------------------------------------
FTP出现500OOPS:cannotchangedirectory
cannotchangedirectory:/home/***
ftp服务器连接失败,错误提示:
500OOPS:cannotchangedirectory:/home/*******
500OOPS:childdied
解决方法:
在终端输入命令:
setseboolftpd_disable_trans1
servicevsftpdrestart
就行了。
登陆ftp时再输入用户名和密码出现:500OOPS:cannotchangedirectory:/home/**********
解决方法:在终端输入setseboolftpd_disable_trans1然后重启vsftp服务servicevsftpdrestart如果输入上述命令时出现:Couldnotchangeactivebooleans:Invalidboolean是因为SELinux的问题接着在终端输入:setseboolftp_home_dir=1重启vsftp服务即可解决问题
