vsftpd 550 Create directory operation failed.
:emn3: 今天弄好的vsftp,下载什么的都没有问题,就是不能上传和mkdir,搜遍了google也搞不定,特求助兄弟们我的vstfp和虚拟用户+pam认证
vsftpd.conf
# Example config file /usr/local/etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=NO
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=NO
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
secure_chroot_dir=/usr/local/share/vsftpd/empty
# If using vsftpd in standalone mode, uncomment the next two lines:
listen=YES
background=YES
# add by aplishy 2012.1.20
guest_enable=YES
guest_username=virtual
virtual_use_local_privs=YES
pam_service_name=vsftpd
user_config_dir=/usr/local/etc/vsftpd/
chmod_enable=YES
#add by aplishy vsftpd log
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
ftp目录权限
drwxr-xr-x 2 775 www 512 Jan 20 11:34 ftp
virsual用户是属于www组的 本帖最后由 congli 于 2012-01-21 21:05 编辑
贴一个正在使用中的配置文件, 也是虚拟用户的
ftpd_banner=Welcome to Congli FTP Service.
background=YES
anonymous_enable=YES
no_anon_password=YES
anon_root=/var/congli/virtual/ftp
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
anon_world_readable_only=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
idle_session_timeout=300
data_connection_timeout=120
chroot_list_enable=YES
chroot_list_file=/usr/local/etc/vsftpd.chroot_list
secure_chroot_dir=/usr/local/share/vsftpd/empty
listen_port=21
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=NO
userlist_file=/usr/local/etc/vsftpd.user_list
pasv_min_port=49151
pasv_max_port=65535
max_per_ip=2
收藏问题 :lol 本帖最后由 chenyx 于 2012-01-22 09:08 编辑
回复 2# congli
没看出来那个配置支持虚拟用户啊,虚拟用户不是应该有guest_enable=YES吗 本帖最后由 congli 于 2012-01-22 17:43 编辑
回复 4# chenyx
呵~这里是看不出的.因为OpenLDAP跟系统整合在一起. LDAP上的虚拟用户等同本地,local_enable=yes. 回复 2# congli
谢谢,我对照参考下,解决了再贴出来
本帖最后由 aplah 于 2012-02-03 14:26 编辑
drwxr-xr-x 2 775 www 512 Jan 20 11:34 ftp这个搞错用户了
chown ftp:www ftp
现在的情况是chmod a-w ftp 是能够登入ftp但是不能上传
但是保持会话状态在服务器上chmod 775 ftp能上传,一旦会话退出,ftp缺登入不了了:emn16: 回复 7# aplah
为什么用户是775? 当时chmod错了
现在chmod virtual:www ftp也一样(virtual为本地用户,ftp是映射的虚拟用户) - Add stronger checks for the configuration error of running with a writeable
root directory inside a chroot(). This may bite people who carelessly turned
on chroot_local_user but such is life.
The problem is that your users root directory is writable(用户根目录可写), which isn’t allowed when using chroot restrictions in the new update. The following command will fix this problem, replace the directory with your users root:
chmod a-w /home/user据说原因是这个:mrgreen:
页:
[1]
2