vsftpd 550 Create directory operation failed.

aplah

今天弄好的vsftp，下載什么的都沒有問題，就是不能上傳和mkdir，搜遍了google也搞不定，特求助兄弟們

我的vstfp和虛擬用戶+pam認證

vsftpd.conf

# Example config file /usr/local/etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=NO
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=NO
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
secure_chroot_dir=/usr/local/share/vsftpd/empty

# If using vsftpd in standalone mode, uncomment the next two lines:
listen=YES
background=YES

# add by aplishy 2012.1.20
guest_enable=YES
guest_username=virtual
virtual_use_local_privs=YES
pam_service_name=vsftpd
user_config_dir=/usr/local/etc/vsftpd/
chmod_enable=YES
#add by aplishy vsftpd log
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES

ftp目錄權限

drwxr-xr-x   2 775   www     512 Jan 20 11:34 ftp

virsual用戶是屬于www組的

congli

貼一個正在使用中的配置文件, 也是虛擬用戶的

1. 
   
2. ftpd_banner=Welcome to Congli FTP Service.
   
3. background=YES
   
4. 
   
5. anonymous_enable=YES
   
6. no_anon_password=YES
   
7. anon_root=/var/congli/virtual/ftp
   
8. anon_upload_enable=NO
   
9. anon_mkdir_write_enable=NO
   
10. anon_other_write_enable=NO
    
11. anon_world_readable_only=YES
    
12. 
    
13. local_enable=YES
    
14. write_enable=YES
    
15. local_umask=022
    
16. 
    
17. dirmessage_enable=YES
    
18. xferlog_enable=YES
    
19. connect_from_port_20=YES
    
20. idle_session_timeout=300
    
21. data_connection_timeout=120
    
22. 
    
23. chroot_list_enable=YES
    
24. chroot_list_file=/usr/local/etc/vsftpd.chroot_list
    
25. secure_chroot_dir=/usr/local/share/vsftpd/empty
    
26. 
    
27. listen_port=21
    
28. listen=YES
    
29. pam_service_name=vsftpd
    
30. 
    
31. userlist_enable=YES
    
32. userlist_deny=NO
    
33. userlist_file=/usr/local/etc/vsftpd.user_list
    
34. 
    
35. pasv_min_port=49151
    
36. pasv_max_port=65535
    
37. 
    
38. max_per_ip=2
    

復制代碼

lastfile

收藏問題

chenyx

回復 2# congli


    沒看出來那個配置支持虛擬用戶啊,虛擬用戶不是應該有guest_enable=YES嗎

congli

回復 4# chenyx


    呵~這里是看不出的.因為OpenLDAP跟系統(tǒng)整合在一起. LDAP上的虛擬用戶等同本地,local_enable=yes.

aplah

回復 2# congli
謝謝，我對照參考下，解決了再貼出來

   

aplah

1. drwxr-xr-x   2 775   www     512 Jan 20 11:34 ftp

復制代碼

這個搞錯用戶了
chown ftp:www ftp

現在的情況是chmod a-w ftp 是能夠登入ftp但是不能上傳

但是保持會話狀態(tài)在服務器上chmod 775 ftp能上傳，一旦會話退出，ftp缺登入不了了

congli

回復 7# aplah


    為什么用戶是775?

aplah

當時chmod錯了

現在chmod virtual:www ftp也一樣(virtual為本地用戶,ftp是映射的虛擬用戶)

aplah

1.     - Add stronger checks for the configuration error of running with a writeable
   
2.     root directory inside a chroot(). This may bite people who carelessly turned
   
3.     on chroot_local_user but such is life.
   
4. 
   
5. The problem is that your users root directory is writable(用戶根目錄可寫), which isn’t allowed when using chroot restrictions in the new update. The following command will fix this problem, replace the directory with your users root:
   
6. 
   
7.     chmod a-w /home/user

復制代碼

據說原因是這個