Monthly Archives: June 2015

VSFTPD Users

Leave a reply

To only allow specified users using FTP

Edit /etc/vsftpd/vsftpd.conf. Add towards the bottom of the file:


userlist_deny=NO
userlist_enable=YES
userlist_file=/etc/vsftpd/vsftpd.allowed_users

Create vsftpd.allowed_users


#To allow just some users to login:
#Code:
#userlist_deny=NO
#userlist_enable=YES
#userlist_file=/etc/vsftpd.allowed_users
#
#In the file /etc/vsftpd.allowed_users add the username of the users that can login.
#The not allowed users will get an error that they can't login before they type their password.
jforces

Restart VSFTPD


$ service vsftpd restart

VSFTPD errors 550, 553

Leave a reply

Errors at get and put on commandline and inside FTP Client

ftp> get hello.txt
Response: 550 Failed to open file.
Error: Critical file transfer error

ftp> put hello.txt
Response: 553 Could not create file.
Error: Critical file transfer error

Most likely caused by SE Linux

Check SE status



[root@one ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

If status is enforcing 


[root@one ~]# setenforce 0

[root@one ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

Retry ftp and check if problems magically gone away. If so,



[root@one ~]# setenforce 1

[root@one ~]# getsebool -a | grep ftp
ftp_home_dir --> off
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> off
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off

[root@one ~]# setsebool -P ftp_home_dir on

[root@one ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28