Linux vsftpd:可以登录,但得到重复密码提示
我正在尝试在Centos 7服务器上设置vsftpd。我们有一批linux用户,他们使用Linux vsftpd:可以登录,但得到重复密码提示,linux,ftp,centos,pam,vsftpd,Linux,Ftp,Centos,Pam,Vsftpd,我正在尝试在Centos 7服务器上设置vsftpd。我们有一批linux用户,他们使用/usr/sbin/nologinshell来实现FTP。我还使用bashshell创建了一个普通用户testuser 匿名登录被禁用。当我尝试通过Chrome登录到FTP服务器时,会收到一个密码提示。当我提交密码提示时,我只得到另一个密码提示,一遍又一遍。但是,vsftpd日志文件的内容如下: Wed Aug 5 10:32:05 2020 [pid 30282] CONNECT: Client &quo
/usr/sbin/nologin
shell来实现FTP。我还使用bashshell创建了一个普通用户testuser
匿名登录被禁用。当我尝试通过Chrome登录到FTP服务器时,会收到一个密码提示。当我提交密码提示时,我只得到另一个密码提示,一遍又一遍。但是,vsftpd日志文件的内容如下:
Wed Aug 5 10:32:05 2020 [pid 30282] CONNECT: Client "my.ip.goes.here"
Wed Aug 5 10:32:05 2020 [pid 30282] FTP response: Client "my.ip.goes.here", "220 SUP GUY"
Wed Aug 5 10:32:05 2020 [pid 30282] FTP command: Client "my.ip.goes.here", "USER anonymous"
Wed Aug 5 10:32:05 2020 [pid 30282] [anonymous] FTP response: Client "my.ip.goes.here", "331 Please specify the password."
Wed Aug 5 10:32:05 2020 [pid 30282] [anonymous] FTP command: Client "my.ip.goes.here", "PASS <password>"
Wed Aug 5 10:32:07 2020 [pid 30281] [anonymous] FAIL LOGIN: Client "my.ip.goes.here"
Wed Aug 5 10:32:08 2020 [pid 30282] [anonymous] FTP response: Client "my.ip.goes.here", "530 Login incorrect."
Wed Aug 5 10:32:08 2020 [pid 30282] FTP command: Client "my.ip.goes.here", "QUIT"
Wed Aug 5 10:32:08 2020 [pid 30282] FTP response: Client "my.ip.goes.here", "221 Goodbye."
Wed Aug 5 10:32:08 2020 [pid 30285] CONNECT: Client "my.ip.goes.here"
Wed Aug 5 10:32:08 2020 [pid 30285] FTP response: Client "my.ip.goes.here", "220 SUP GUY"
Wed Aug 5 10:32:08 2020 [pid 30285] FTP command: Client "my.ip.goes.here", "USER testuser"
Wed Aug 5 10:32:08 2020 [pid 30285] [testuser] FTP response: Client "my.ip.goes.here", "331 Please specify the password."
Wed Aug 5 10:32:08 2020 [pid 30285] [testuser] FTP command: Client "my.ip.goes.here", "PASS <password>"
Wed Aug 5 10:32:08 2020 [pid 30284] [testuser] OK LOGIN: Client "my.ip.goes.here"
这是我的/etc/pam.d/vsftpd
文件:
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_nologin.so
auth include password-auth
account include password-auth
session required pam_loginuid.so
session include password-auth
我的testuser帐户不在ftpusers文件中
以下是testuser主目录的目录权限,以防出现差异:
total 16K
drwx------. 2 testuser testuser 91 Aug 5 10:27 .
drwxr-xr-x. 6 root root 65 Aug 4 10:42 ..
-rw-------. 1 testuser testuser 25 Aug 5 10:27 .bash_history
-rw-r--r--. 1 testuser testuser 18 Mar 31 21:17 .bash_logout
-rw-r--r--. 1 testuser testuser 193 Mar 31 21:17 .bash_profile
-rw-r--r--. 1 testuser testuser 231 Mar 31 21:17 .bashrc
-rw-rw-r--. 1 testuser testuser 0 Aug 5 10:27 hello```
Any idea what is going on here?
原来凶手是塞利努克斯。就vsftpd而言,一切都很好,但是SELinux阻止了对主目录的访问。我的
/var/log/audit/audit.log
中充满了这样的条目:
type=AVC msg=audit(1596625942.966:385491): avc: denied { read } for pid=6778 comm="vsftpd" name="vsftpd"
dev="sda2" ino=2013664268 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file permissive=0
在我的例子中,我不需要SELinux,所以我只需要在我的/etc/SELinux/config
中设置setEnforce0
并设置SELinux=disabled
,请将您的问题移至或(删除此处,重新发布)。是的。
type=AVC msg=audit(1596625942.966:385491): avc: denied { read } for pid=6778 comm="vsftpd" name="vsftpd"
dev="sda2" ino=2013664268 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file permissive=0