How to resolve ftp error? 500 OOPS: cannot change directory: /home/ftp/user1

I had managed to set up an ftp server on my laptop running OpenSuse 11.1, runnning behind a router. Even got it working, with a chroot jail for users and all.

I fiddled with something (permissions–I was trying to make the files in the ftp users folders visible to me outside of su through dolphin). That messed things up, so I redid all the users, and redid the entire ftp configuration, using (as far as I know), the exact same steps as before, and I can no longer get the ftp server to work–I keep getting the 500 error, and it doesn’t seem to go away, no matter what I try.

Herewith my vsftpd.conf:

chroot_local_user=YES
ftpd_banner=Sawubona, hujambo, ola, goeie dag
idle_session_timeout=900
local_enable=YES
log_ftp_protocol=NO
max_clients=10
max_per_ip=3
pasv_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
write_enable=YES
local_root=/home/ftp/$USER

For my user1 (1002), I have set this user up in Yast - user and group management to be a member of the group

ftp-users (1001)

with a home directory of home/ftp/user1

I have checked in /etc/passwd

user1:x:1002:1001::/home/ftp/user1:/bin/bash

and with ls -l /home/ftp:

drwxr-xr-x 2 user1 ftp-users 4096 2010-02-11 22:40 user1

to make sure that the ownership for this directory match, which they do.

I thought that the problem could have been that I had tried to set up the ftp location away from /srv/ftp/, but when I set it up again back here, where I set up a /user1 sub-folder (as well as a /user2 folder), I was still getting the same problem.

I am not sure what else to do now, except maybe to kill the users and restart with everything.

Any help with this would be much appreciated.

Thanks.

What are the permissions of /home/ftp?

Thanks for getting back to me so quickly.

/home/ftp is

drwxrw-r-- 4 root ftp-users 406 2010-02-11 22:40 ftp

Conflict there?

Thanks.

Alright, I have gotten this working, but not to great satisfaction.

Basically, I killed everything, and restarted with a single user:

user1

Then I simplified the directory to:

/home/ftp-docs (I changed the folder name to conform to a tutorial I was following).

Then:

chown user1:ftp-users /home/ftp-docs

This allows me to log in and upload from a remote machine outside of the network.

However, according to the solution I was following:

Quick HOWTO : Ch15 : Linux FTP Server Setup - Linux Home Networking

I should have been able to keep the ownership of /home/ftp-docs as root:ftp-users, and thereby been able to support multiple users with their own directories under /home/ftp-docs.

I believe I tried all the permutations of that form of ownership with two different users with their own directories in /home/ftp-docs (with the line for local_root in vsftpd.conf specified as /home/ftp-docs/$USER), but to no avail.

Anyway, if anyone can spot what I did wrong under the multiple user configuration, I would appreciate it, but for now I have a working ftp server, albeit with but one user.

Thanks.

Looks like it. AFAICS in a short look, root has access+read+write, the ftp-users have read+write, no access. Try this, and see what happens:

chmod 775 /home/ftp

That should set access for ftp-users as well.

Hi,

Thanks for your suggestion on this. I followed your advice, which made the solution conform more closely to the linked tutorial I posted in my third entry.

I now have ownership as:

drwxrwx-x 2 root ftp-users 4096 2010-02-15 10:43 ftp-docs

And I connect fine with my user1, and can even add a user2 and connect.

However, the problem still comes with confining multiple users into their own directories beneath /home/ftp-docs. I haven’t figured out how to make a separate location

/home/ftp-docs/user1

and sequester user1 within that when user1 logs in.

The problem seems to be the line in vsftpd.conf:

local_root=/home/ftp-docs/$USER

The $USER variable doesn’t work. The only way I can get multiple users logging into ftp is to have

local_root=/home/ftp-docs/

And then user1 and user2 can access each other’s uploads.

How do I set this up so that I can have the chroot jail keeping multiple users in their own sub-directories?

Thanks for any advice.

The way I had it, was that I created a jail for all ftp users, in my case /disk/server/ftp. Each of the ftp-users has his/her homedir in /disk/server/ftp, with permissions 700. This way they all chroot to /disk/server/ftp, can see eachothers homedirs but not enter them.
What you want is far more elegant, IMHO the better way to go. Diving into it right now. Have to work from the laptop and prepare dinner, so give it a couple of hours

Many thanks, will look forward to any help you can provide.

Here it is:

Create the ftp users, having /home/ftp-docs as the basedir of their home, i.e. user1 lives in /home/ftp-docs, member of ftp group
Change the default access to 700 for their homedir.

Now edit vsftpd.conf and remove the ‘local_root=/home/ftp-docs’ line.
If the next line is not there, add it:

chroot_local_user=YES

I think they both will be in your vsftpd.conf, they were in my Yast generated one, guess the second one overrules the first. Now users are jailed in their own home That’s what you wanted ?

Great, that does it, thanks!

Here’s what it looks like now:

In Yast - users, I have:

user1, with home directory as /home/ftp-docs/user1
user2, with home directory as /home/ftp-docs/user2

ls -l /home

drwrxrwx-x 4 root ftp-users 4096 2010-02-16 10:30 ftp-docs

ls -l /home/ftp-docs

drwx------ 2 user1 ftp-users 4096 2010-02-16 10:31 user1
drwx------ 2 user2 ftp-users 4096 2010-02-16 10:32 user2

In vsftpd.conf, I have as the last two lines:

chroot_local_user=YES (cut and pasted from above, where this was before)
listen=YES

I commented out the local_root=/home/ftp-docs line.

Jail seems to be working out nicely.

Many thanks for your help with this!

Add the next line

user_sub_token=$USER

This seems to be essentially the problem treated in

http://forums.opensuse.org/english/get-technical-help-here/network-internet/479444-suse-pure-ftpd-anonymous-ftp.html

Surprisingly also execution permission “rwx” must be given to the directory. That is what I see above in your “working setup” and I think this the only essential thing. At least this was the case with the home directory for my “anonymous” user “ftp”