我在配置 proftpd 以允许系统用户访问 centos 机器上的 /var/www/ 时遇到了麻烦。
proftpd配置文件
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
ServerType standalone
DefaultServer on
VRootEngine on
#DefaultRoot ~ !adm
DefaultRoot /var/www/
VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
#PersistentPasswd off
UseReverseDNS off
User nobody
Group nobody
MaxInstances 20
UseSendfile off
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
<Global>
Umask 022
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
<Limit LOGIN>
AllowUser ftpuser
DenyALL
</Limit>
我创建了一个系统用户“ftpuser”,其主目录为 /var/www/,并有一个有效的 shell。我可以以该用户身份通过 ssh 进入并查看正确的目录等。
但是,当我尝试使用 ftp 客户端连接或甚至从 shell 连接到本地主机时,我收到错误:
Status: Connecting to 10.0.10.10:21...
Status: Connection established, waiting for welcome message...
Response: 220 FTP Server ready.
Command: USER ftpuser
Response: 331 Password required for ftpuser
Command: PASS *******
Response: 230 User ftpuser logged in
Command: OPTS UTF8 ON
Response: 200 UTF8 set to on
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (10,0,10,10,184,18).
Command: MLSD
Response: 550 /: Invalid argument
Error: Failed to retrieve directory listing
或者:
telnet localhost 21
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 FTP Server ready.
user ftpuser
331 Password required for ftpuser
pass PASSWD
230 User ftpuser logged in
LIST
425 Unable to build data connection: Invalid argument
MLSD
550 /: Invalid argument
有人知道这里发生了什么以及如何解决吗?
答案1
检查 SElinux 是否没有给你带来问题
setenforce 0
如果这解决了你的问题,那么重新打开 SELinux(setenforce 1),然后尝试设置 ftp_home_dir 布尔值
setsebool -P ftp_home_dir on
这将允许 ftp 守护进程访问用户主目录。