免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
12下一页
最近访问板块 发新帖
查看: 9843 | 回复: 14

[FreeBSD] vsftpd 550 Create directory operation failed. [复制链接]

论坛徽章:
0
发表于 2012-01-20 15:37 |显示全部楼层
今天弄好的vsftp,下载什么的都没有问题,就是不能上传和mkdir,搜遍了google也搞不定,特求助兄弟们

我的vstfp和虚拟用户+pam认证

vsftpd.conf

# Example config file /usr/local/etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=NO
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=NO
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
secure_chroot_dir=/usr/local/share/vsftpd/empty

# If using vsftpd in standalone mode, uncomment the next two lines:
listen=YES
background=YES

# add by aplishy 2012.1.20
guest_enable=YES
guest_username=virtual
virtual_use_local_privs=YES
pam_service_name=vsftpd
user_config_dir=/usr/local/etc/vsftpd/
chmod_enable=YES
#add by aplishy vsftpd log
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES


ftp目录权限
drwxr-xr-x   2 775   www     512 Jan 20 11:34 ftp

virsual用户是属于www组的

论坛徽章:
1
寅虎
日期:2013-09-29 23:15:15
发表于 2012-01-21 21:04 |显示全部楼层
本帖最后由 congli 于 2012-01-21 21:05 编辑

贴一个正在使用中的配置文件, 也是虚拟用户的

  1. ftpd_banner=Welcome to Congli FTP Service.
  2. background=YES

  3. anonymous_enable=YES
  4. no_anon_password=YES
  5. anon_root=/var/congli/virtual/ftp
  6. anon_upload_enable=NO
  7. anon_mkdir_write_enable=NO
  8. anon_other_write_enable=NO
  9. anon_world_readable_only=YES

  10. local_enable=YES
  11. write_enable=YES
  12. local_umask=022

  13. dirmessage_enable=YES
  14. xferlog_enable=YES
  15. connect_from_port_20=YES
  16. idle_session_timeout=300
  17. data_connection_timeout=120

  18. chroot_list_enable=YES
  19. chroot_list_file=/usr/local/etc/vsftpd.chroot_list
  20. secure_chroot_dir=/usr/local/share/vsftpd/empty

  21. listen_port=21
  22. listen=YES
  23. pam_service_name=vsftpd

  24. userlist_enable=YES
  25. userlist_deny=NO
  26. userlist_file=/usr/local/etc/vsftpd.user_list

  27. pasv_min_port=49151
  28. pasv_max_port=65535

  29. max_per_ip=2
复制代码

论坛徽章:
0
发表于 2012-01-22 00:07 |显示全部楼层
收藏问题

论坛徽章:
381
CU十二周年纪念徽章
日期:2014-01-04 22:46:58CU大牛徽章
日期:2013-03-13 15:32:35CU大牛徽章
日期:2013-03-13 15:38:15CU大牛徽章
日期:2013-03-13 15:38:52CU大牛徽章
日期:2013-03-14 14:08:55CU大牛徽章
日期:2013-04-17 11:17:19CU大牛徽章
日期:2013-04-17 11:17:32CU大牛徽章
日期:2013-04-17 11:17:37CU大牛徽章
日期:2013-04-17 11:17:42CU大牛徽章
日期:2013-04-17 11:17:47CU大牛徽章
日期:2013-04-17 11:17:52CU大牛徽章
日期:2013-04-17 11:17:56
发表于 2012-01-22 09:07 |显示全部楼层
本帖最后由 chenyx 于 2012-01-22 09:08 编辑

回复 2# congli


    没看出来那个配置支持虚拟用户啊,虚拟用户不是应该有guest_enable=YES吗

论坛徽章:
1
寅虎
日期:2013-09-29 23:15:15
发表于 2012-01-22 17:42 |显示全部楼层
本帖最后由 congli 于 2012-01-22 17:43 编辑

回复 4# chenyx


    呵~这里是看不出的.因为OpenLDAP跟系统整合在一起. LDAP上的虚拟用户等同本地,local_enable=yes.

论坛徽章:
0
发表于 2012-01-30 10:58 |显示全部楼层
回复 2# congli
谢谢,我对照参考下,解决了再贴出来

   

论坛徽章:
0
发表于 2012-02-03 14:24 |显示全部楼层
本帖最后由 aplah 于 2012-02-03 14:26 编辑
  1. drwxr-xr-x   2 775   www     512 Jan 20 11:34 ftp
复制代码
这个搞错用户了
chown ftp:www ftp

现在的情况是chmod a-w ftp 是能够登入ftp但是不能上传

但是保持会话状态在服务器上chmod 775 ftp能上传,一旦会话退出,ftp缺登入不了了

论坛徽章:
1
寅虎
日期:2013-09-29 23:15:15
发表于 2012-02-03 19:25 |显示全部楼层
回复 7# aplah


    为什么用户是775?

论坛徽章:
0
发表于 2012-02-04 08:07 |显示全部楼层
当时chmod错了

现在chmod virtual:www ftp也一样(virtual为本地用户,ftp是映射的虚拟用户)

论坛徽章:
0
发表于 2012-02-04 08:55 |显示全部楼层
  1.     - Add stronger checks for the configuration error of running with a writeable
  2.     root directory inside a chroot(). This may bite people who carelessly turned
  3.     on chroot_local_user but such is life.

  4. The problem is that your users root directory is writable(用户根目录可写), which isn’t allowed when using chroot restrictions in the new update. The following command will fix this problem, replace the directory with your users root:

  5.     chmod a-w /home/user
复制代码
据说原因是这个
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP