FTP help for a total linux noob

[breimann]

Fairly new at my job and we have a RedHat FTP server. All I would like to do is add a user and for that user to have a dedicated home directory. I found an old post on this forum and it led me to run the 'useradd' command and I was able made a user with a home directory.

I cannot find a clear guide to explain what the next steps are. I was able to log in with my new account but it looks like I don't have write permission. Whomever setup this server did not install any GUI either. Coming from the Windows world, this has frustrated me.

Any help would be really appreciated - thanks everyone!
Cheers

[atreyu]

I assume you are using vsftpd - can you confirm? try:

Code:

ps auxww|grep ftpd

If so, do you have write_enable=YES in your config file?

Code:

grep ^write_enable /etc/vsftpd/vsftpd.conf

If not, change it and restart the daemon:

Code:

service vsftpd restart

Is SELinux enabled? Check it with:

Code:

getenforce

If so, temporarily disable it and see if ftp works:

Code:

setenforce 0

If that works, then re-enabled SELinux:

Code:

setenforce 1

and try this SELinux command to allow FTP writes to user's homedir:

Code:

setsebool -P ftp_home_dir 1

NOTE: Run all the above commands as root.

[breimann]

Thank you very much for the quick reply. Unfortunately I was busy all day and it is finally quiet enough for me to look at this.

I got to the point where I can confirm vsftp is running and when I ran getenforce I got a reply of disabled.

I am reluctant to make any more changes because (if I understand correctly) it was supposed to be enabled? This server already has active accounts and I'm concerned with causing a problem with them.

Thanks again & Cheers!

[atreyu]

Do you mean SELinux was supposed to be enabled? anyway, if it is currently disabled and FTP writes still don't work, then SELinux is not your problem.

Did you run the command to check if write_enable was YES in vsftpd.conf? That will be key.

[breimann]

To make it easier I have attached what I did and what the results were. Yes, write_enable=YES was confirmed. Thank you again...

[atreyu]

Okay, so we can cross those two things off the list. Let's check some other things. In the commands below, substitute your ftp account name with $USER.

Check the user's homedir, according to /etc/passwd, e.g.:

Code:

awk -F: '$1 ~ /$USER/{print $6}' /etc/passwd

Check on the user's home directory (whatever was returned in the above command) ownership and permissions, e.g.:

Code:

ls -ld /home/$USER

To be on the safe side, restart the FTP server:

Code:

service vsftpd restart

Check the FTP log:

Code:

tail /var/log/xferlog

Check the other system logs:

Code:

tail /var/log/secure
tail /var/log/messages

Can you post the exact errors you are getting, when you attempt your ftp write?

What file are you trying to 'put'? Does your FTP user have sufficient rights to it?

BTW, you are trying to do this locally, right? You're just doing 'ftp localhost', etc.?

EDIT: I forgot - to install a GUI (graphical desktop environment), try this:

Code:

yum groupinstall 'GNOME Desktop Environment'

(I assume yum is up and running...)

[breimann]

Thank you once again for the assistance...

I ran the commands and it looks like the user does not have access to the home directory. If I am understanding correctly everything should be good once access is given, no?

Cheers


*** CuteFTP 8.3 - build May 19 2010 ***

STATUS:> [9/26/2011 11:25:15 AM] Transferring file "/home/ils/iCATVision [Archive].lnk"...
STATUS:> [9/26/2011 11:25:15 AM] Checking directory existence: "/home/ils".
STATUS:> [9/26/2011 11:25:15 AM] Remote directory already exists: "/home/ils".
COMMAND:> [9/26/2011 11:25:15 AM] TYPE I
[9/26/2011 11:25:15 AM] 200 Switching to Binary mode.
COMMAND:> [9/26/2011 11:25:15 AM] SIZE iCATVision [Archive].lnk
[9/26/2011 11:25:15 AM] 550 Could not get file size.
STATUS:> [9/26/2011 11:25:15 AM] Requested action not taken (e.g., file or directory not found, no access).
COMMAND:> [9/26/2011 11:25:15 AM] CWD /home/ils/iCATVision [Archive].lnk
[9/26/2011 11:25:15 AM] 550 Failed to change directory.
STATUS:> [9/26/2011 11:25:15 AM] Requested action not taken (e.g., file or directory not found, no access).
COMMAND:> [9/26/2011 11:25:15 AM] CWD /home/ils
[9/26/2011 11:25:15 AM] 250 Directory successfully changed.
STATUS:> [9/26/2011 11:25:15 AM] PWD skipped. Current folder: "/home/ils".
COMMAND:> [9/26/2011 11:25:15 AM] PASV
[9/26/2011 11:25:15 AM] 227 Entering Passive Mode (10,10,2,179,42,254)
COMMAND:> [9/26/2011 11:25:15 AM] STOR iCATVision [Archive].lnk
STATUS:> [9/26/2011 11:25:15 AM] Connecting FTP data socket... 10.10.2.179:11006...
[9/26/2011 11:25:15 AM] 553 Could not create file.
ERROR:> [9/26/2011 11:25:15 AM] Access denied.

[atreyu]

It should fix your problem, yes. I assume the username is ils - try this command:

Code:

chown -R ils /home/ils

You should really change the group ownership of the dir, too. Get the group id with:

Code:

id -ng ils

Say the group command returned "users". You could modify the chown command to be:

Code:

chown -R ils:users /home/ils

You should also change the permissions on it:

Code:

chmod 0700 /home/ils

[breimann]

Excellent progress! I was able to read/write+delete files and folders! The only problem now is I noticed I am able to browse "up" to other folders. While the account does not have access to these folders, I would "prefer" if this was disabled. If not, I'll accept it...

Cheers!

[atreyu]

Try setting chroot_local_user=YES in your /etc/vsftpd/vsftpd.conf and then restart the daemon: service vsftpd restart