-2

I am setting up a Centos 6.8 VPS to run a website plus it's staging and dev versions. We have some SSH users (authentication is key-only), and I am trying to set up a user (call them foo) for FTP access to all the sites. foo does not have ssh access or a /home/foo directory (does this mean they are a virtual user?

All the site directories beneath /var/www/ have owner foo, group www. (the same person maintains them all, so I see no need to have multiple users)

I'm using vsftpd, but am getting an error 500 OOPS: cannot change directory:/home/foo

SELinux is disabled

vsftpd settings are: 

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
chroot_local_user=NO # me experimenting!
listen=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

I've obviously missed a step or two - what are they?

EDIT I have now set up TLS, made it mandatory, and set the home directory for user foo to /var/www. Filezilla is logging in fine, but timing out while trying to retrieve a directory listing.

Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/var/www"
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (103,194,112,34,77,0).
Command:    LIST
Error:  Connection timed out after 20 seconds of inactivity
Error:  Failed to retrieve directory listing

I set log_ftp_protocol=YES, but xferlog is empty.

Richard Grevers
  • 167
  • 1
  • 12

1 Answers1

0

I've obviously missed a step or two - what are they?

You've missed the research before askingBullet point 2 * step

  • Google is your friend, searching for 500 OOPS: cannot change directory:/home (even without adding vsftpd) probably yields an answer to your problem.

  • On site search can be your friend too, there are 13 questions containing your error message.

You've also missed the security step.

  • Having one account able to write to everywhere isn't good.
  • Using FTP isn't good (passwords transmitted en clair etc. Use sftp or ftps)
  • You've disabled SELinux which isn't good.

You've probably missed the step of reading the VSFTP docs too.

*The rest of that link is worth reading too.

Community
  • 1
user9517
  • 115,471
  • 20
  • 215
  • 297
  • To be fair, I read four or five threads before asking, and in all cases they were wanting a user restricted to a subdirectory, which is almost the opposite of what I was asking. – Richard Grevers Aug 26 '16 at 10:34
  • SELinux must have been disabled by default in the server install, as I hadn't touched it. I don't really see the point in forcing the maintainer (me) to use separate FTP logins to upload to the staging or dev sites. And yes, we will certainly get sftp sorted before moving the production site to this box. – Richard Grevers Aug 26 '16 at 10:38
  • Do the fact that foo has no home directory and the error message not seem related. Does this not suggest an avenue of research ? – user9517 Aug 26 '16 at 11:15