VSFTPD - how do you configure the FTP root directory?

I've recently obtained my own dedicated Linux server, and have full root access.

I've verified that I have the VSFTPD sever installed, and that the service is running.

I am able to log in via FTP (using the same username & password that I've been using to connect via SFTP) -- but after connecting, .. I never see a directory or file listing.  It just hands at the "LIST" command and eventually throws an error message (ie: )

I'm assuming that I need to modify the vsftpd.conf file and specify the FTP root directory somehow. I've had a look at the file, but can't seem to figure out where this entry needs to be updated or added.  Please advise.

By the way, I need to get FTP working because I need to configure Joomla with it (since Joomla currently doesn't have built-in SFTP support -- it only has FTP support)

Thanks in advance,
- Yvan



egoselfaxisAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
ckozloskiConnect With a Mentor Commented:
SELinux is a security distribution that comes default with Linux. By default, it is usually turned on unless you select the option to turn it off during install.
The config file for selinux is: /etc/selinux/config
If the line "SELINUX=" is set to "enforcing" or "permissive' then SELinux is running on your machine.
Just do run this from command line to see what it is set to: more /etc/selinux/config | grep SELINUX=
To disable it temporarily, do the following from the shell:
echo 0 > /selinux/enforce
If you need to reenable it, change echo 0 to echo 1
To permanently disable it, you can edit the config file and set the parameter: SELINUX=disabled and reboot. (to reboot from CLI: init 6 or shutdown -r now).
The link above gives you a command to run at the command line in order to make vsftpd work if SELinux is installed and enabled.
0
 
BigCasinoCommented:
Create a directory /home/"username" with the appropriate privilege.  The user should own the directory and be able to change, add, modify.
0
 
nabeelmoiduCommented:
most likely its a firewall issue...ftp needs two ports for the ftp and ftp-data protocol each
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
egoselfaxisAuthor Commented:
>> most likely its a firewall issue...ftp needs two ports for the ftp and ftp-data protocol each

Does this still apply if I am able to connect (but just not view directory contents)?  

Also, ... how can I confirm that the needed FTP ports are open?  What ports do I need to make sure are open.  21 and ... ???

Thanks,
- Yvan
0
 
nabeelmoiduCommented:
>>>>>>Does this still apply if I am able to connect (but just not view directory contents)?  

Yes and it most likely is that issue. coz your commands while connecting happen on the ftp port. after the LIST, the directory content listing is actually a data transfer which happens over the ftp-data port. which is port 20.since its blocked(probably) you don't get a response after that command
Actually try disabling the firewall initially and then ensure its a firewall issue first. Then once its working try setting the rules accordingly..
do some read-up on active-ftp and passive ftp..its a little different from normal protocols and its always worth understanding....
0
 
BigCasinoCommented:
I have VSFTP setup on my server, and the only directories each user can see are there own in the given home directory.  If there is nothing there, they will see nothing.
0
 
egoselfaxisAuthor Commented:
Well, .. I've added a new "accept" rule for TCP port #23 in iptables (and also clicked on the "Apply Configuration" button)

I've also verified that a home directory of the user I'm logging in as exists on the server, and that it has the appropriate permissions set to it.  

However, .. I am still hanging -- right before retrieving the directory listing:

Command:      LIST
Response:      425 Failed to establish connection.
Error:      Failed to retrieve directory listing

Any thoughts?

- Yvan

 
0
 
egoselfaxisAuthor Commented:
(I meant port #20 --- sorry)

- Yvan
0
 
BigCasinoCommented:
I found this...may be old news but something you could try.  I did not have to deal with IPtables in my setup.

Fixes "425 Failed to establish connection" or "Client Error: Failed to retrieve directory listing". If you have not run some sort of automated firewall utility you may need to add the module ip_conntrack_ftp to your iptables configuration. Just make sure your line includes  ip_conntrack_ftp as stated below. If you are not running an iptables based firewall then this can be ignored.
>nano /etc/sysconfig/iptables-config
IPTABLES_MODULES="ip_conntrack_ftp"

0
 
nabeelmoiduCommented:
check if your vsftpd is running in active or passive mode (the following variables decide that : connect_from_port_20 , pasv_enable )

....if you are not sure, post your vsftpd.conf here (strip off comments with | grep -v ^# )

if its active, IIRC the server's port 20 initiates a connection to your system at a port >1024, so you'll need to set the firewall rules accordingly. Actually iptables can take care of the ftp connection tracking. which is why I asked u to first ensure if its a firewall problem. if you can't drop the firewall, try opening up all TCP traffic between the server and your host only.

if you have something like iptraf or tcpdump, you can monitor if the ftp-data port connection is dropping at your end and what ports are exactly being used.
0
 
ckozloskiCommented:
Here's the vsftpd.conf file i have set up:

----------------------------------
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
------------------------------------

There should also be a file called ftpusers that lists all accounts that should not be allowed to ftp into the server ever.

There is also a file calls user_list that specifies users that are allowed to log into the server via ftp, provided you have the "userlist_enable" option set to "YES" in the conf file.

Just out of curiosity, are you running selinux?

0
 
ckozloskiCommented:
Sorry for the second post but if you are running SELinux on that box, have a look at this:

http://www.linuxquestions.org/questions/linux-software-2/vsftpd-and-selinux-449313/
0
 
egoselfaxisAuthor Commented:
Ckozloski --- my vsftpd.conf file is configured the exact same way (same settings). The only difference is that I have anonymous_enable set to YES. I don't believe that changing this one parameter will have any effect, however.   BTW -- I'm running CentOS 5.

Any thoughts?

-Yvan




0
 
ckozloskiCommented:
Well, as in my above post:
If you have SELinux enabled on that Linux machine you need to have a look at this:
http://www.linuxquestions.org/questions/linux-software-2/vsftpd-and-selinux-449313/
SELinux apparently has issues with vsftp.
Also, if you have enabled firewalling on that machine (i.e. you are using iptables or ipchains), you need to make sure that you set your allows in your iptables on the server so that it will open the ftp for connection. Otherwise the linux firewall will block it.
0
 
egoselfaxisAuthor Commented:
I thought SELinux was a distro of somekind.  What is it, and how can I tell if it's installed on my server?

- Yvan
0
 
egoselfaxisAuthor Commented:
Thanks!  I typed the following at the command line:

/usr/sbin/setsebool  -P ftp_home_dir=1

.. which disabled SELinux, and now I am able to connect via straight FTP.

- Yvan
0
 
omarfaridCommented:
SELinux is not matured  yet and it is not recommended to enable it.
0
All Courses

From novice to tech pro — start learning today.