500 OOPS: cannot change directory:/srv/ftp/job06
Crap!My guess is that it is either a simple directory owner, group, or mode problem, or else I'm missing something in vsftpd.conf
So, starting from the beginning:
I'm a business. For each of my contracts I need an FTP share for a team of consultants.
Each member of the team gets their own directory inside a shared chroot jail.
I'm using --passwd_chroot_enable in vsftpd.conf so that I can specify the chroot jail location on a per-user basis by editing the home directory path for each user in the passwd file - has anyone here used this?
Now... I can verify that I can connect to FTP with my own personal account (different from my account for the project team below), so I know that vsftpd is up and running and taking connections. I have excepted my personal account from chroot_local_user by listing myself in chroot_list_enable and that is all working fine. I have also created another "normal" user called "dummy" and dummy can connect and is chrooted to his own directory, so I've got the chroot parameters set up correctly, at least for normal users. So here's the rest of the setup:
FTP root: /srv/ftp
Shared chroot jail: /srv/ftp/job06013
Member directories in that jail: arch, mep (that's all for now, will add more when I get this working)
My user account happens to be "arch"
I've created a group for this project team called "ftp06013" and I've added the users to that group and assigned the directories for the ftp share to that group (output of ls -l shown below for each directory).
So, for "arch" the passwd file says:
arch:x:1003:1003:,,,:/srv/ftp/job06013/./arch:/bin/bash
where the /./ specifies that the chroot jail is job06013/
Directory owner, group, permissions (permissions for all the below are 650):
for /srv/ftp/job06013:
drw-r-x--- 4 arch ftp06013 4096 2011-03-02 10:48 job06013
for the two directories inside job06013:
drw-r-x--- 2 arch ftp06013 4096 2011-03-01 12:50 arch
drw-r-x--- 2 mep ftp06013 4096 2011-03-01 12:24 mep
Here's vsftpd.conf:
Code: Select all
listen=YES
#listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
#local_umask=022
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
#chown_uploads=YES
#chown_username=whoever
#xferlog_file=/var/log/vsftpd.log
#xferlog_std_format=YES
#idle_session_timeout=600
#data_connection_timeout=120
#nopriv_user=ftpsecure
#async_abor_enable=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES
#ftpd_banner=Welcome to blah FTP service.
#deny_email_enable=YES
#banned_email_file=/etc/vsftpd.banned_emails
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
#ls_recurse_enable=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
# The above are all "from the factory" directives
# although some have been changed from their default values.
# and some have been un-commented.
# The below are added directives.
passwd_chroot_enable=YES
Here's the passwd file:
Code: Select all
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
mysql:x:102:105:MySQL Server,,,:/var/lib/mysql:/bin/false
postfix:x:103:109::/var/spool/postfix:/bin/false
dovecot:x:104:111:Dovecot mail server,,,:/usr/lib/dovecot:/bin/false
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
landscape:x:106:115::/var/lib/landscape:/bin/false
jt:x:1000:1000:jt,,,:/home/jt:/bin/bash
ftp:x:107:118:ftp daemon,,,:/srv/ftp:/bin/false
dummy:x:1001:1001:,,,:/home/dummy:/bin/bash
mep:x:1002:1002:,,,:/srv/ftp/job06013/./mep:/bin/bash
arch:x:1003:1003:,,,:/srv/ftp/job06013/./arch:/bin/bash
I think that's everything. Hopefully I edited out all the sensitive stuff without mucking anything up. Any advice is much appreciated.
