Find the answer to your Linux question:
Results 1 to 2 of 2
Hi All, Getting lost here. Cannot seem to set a home root directory and connect as a local account to the FTP Service over SSL. Anonymous works perfectly fine. Running ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2011
    Posts
    2

    HELP - VSFTPD over SSL


    Hi All,

    Getting lost here. Cannot seem to set a home root directory and connect as a local account to the FTP Service over SSL.

    Anonymous works perfectly fine.

    Running version 2.2.2.
    Running as root.


    Ports open inbound/outbound
    tcp/21
    tcp/31350 - tcp/31400

    vsftpd.conf
    anonymous_enable=NO
    #anonymous_enable=YES

    local_enable=YES
    write_enable=YES
    local_umask=022

    dirmessage_enable=YES
    xferlog_enable=YES
    connect_from_port_20=YES

    xferlog_std_format=YES


    ftpd_banner=Welcome to Secure FTP service.

    listen=YES

    pam_service_name=vsftpd
    userlist_enable=YES
    tcp_wrappers=YES

    #SSL Settings - Added 7/15/2011
    ssl_enable=YES

    allow_anon_ssl=NO
    #allow_anon_ssl=YES

    force_local_data_ssl=YES
    force_local_logins_ssl=YES
    ssl_tlsv1=YES
    ssl_sslv2=NO
    ssl_sslv3=NO
    rsa_cert_file=/etc/vsftpd/vsftpd.pem
    require_ssl_reuse=NO

    pasv_enable=YES
    pasv_min_port=21350
    pasv_max_port=21400

    local_root=/var/www-data






    CONNECT AS ANONYMOUS (Testing only)
    Connect socket #912 to xxx.xxx.xxx.xxx, port 21...
    220 Welcome to Secure FTP service.
    AUTH SSL
    234 Proceed with negotiation.
    TLSv1, cipher TLSv1/SSLv3 (DES-CBC3-SHA) - 168 bit
    USER anonymous
    331 Please specify the password.
    PASS **********
    230 Login successful.
    SYST
    215 UNIX Type: L8
    Keep alive off...
    PWD
    257 "/"
    PBSZ 0
    200 PBSZ set to 0.
    PROT P
    200 PROT now Private.
    PASV
    227 Entering Passive Mode (xxx,xxx,xxx,xxx,83,122).
    LIST
    Connect socket #900 to xxx.xxx.xxx.xxx, port 21370...
    TLSv1, cipher TLSv1/SSLv3 (DES-CBC3-SHA) - 168 bit
    150 Here comes the directory listing.
    226 Directory send OK.
    Transferred 61 bytes in 2.295 seconds
    CWD /pub
    250 Directory successfully changed.
    PASV
    227 Entering Passive Mode (xxx,xxx,xxx,xxx,83,129).
    LIST
    Connect socket #928 to xxx.xxx.xxx.xxx, port 21377...
    TLSv1, cipher TLSv1/SSLv3 (DES-CBC3-SHA) - 168 bit
    150 Here comes the directory listing.
    226 Directory send OK.
    Transferred 0 bytes in 2.285 seconds
    CDUP
    250 Directory successfully changed.
    PWD
    257 "/"
    PASV
    227 Entering Passive Mode (xxx,xxx,xxx,xxx,83,114).
    LIST
    Connect socket #928 to xxx.xxx.xxx.xxx, port 21362...
    TLSv1, cipher TLSv1/SSLv3 (DES-CBC3-SHA) - 168 bit
    150 Here comes the directory listing.
    226 Directory send OK.
    Transferred 61 bytes in 2.287 seconds
    QUIT
    221 Goodbye.



    Connect as LOCALADMIN
    Connect socket #984 to xxx.xxx.xxx.xxx, port 21...
    220 Welcome to Secure FTP service.
    AUTH SSL
    234 Proceed with negotiation.
    TLSv1, cipher TLSv1/SSLv3 (DES-CBC3-SHA) - 168 bit
    USER localadmin
    331 Please specify the password.
    PASS **********

  2. #2
    Just Joined!
    Join Date
    Jul 2011
    Posts
    2
    Ok,

    Got that sorted out.

    setsebool -P ftp_home_dir=1

    Now, I can't seem to write to var/.... Not even as "root" when temporarily enabled.

    type=AVC msg=audit(1311082932.993:4935: avc: denied { write } for pid=4884 comm="vsftpd" name="wordpress" dev=dm-3 ino=4064 scontext=unconfined_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:httpd_sys_content_t :s0 tclass=dir

    type=SYSCALL msg=audit(1311082932.993:4935: arch=c000003e syscall=2 success=no exit=-13 a0=7fc3977d18c0 a1=c41 a2=1b6 a3=0 items=0 ppid=4877 pid=4884 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1733 comm="vsftpd" exe="/usr/sbin/vsftpd" subj=unconfined_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)

    Anyone?
    Hades666

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •