Saturday, June 6, 2009

VSFTPD: Transfer Done (but failed to open directory)

If you like the following article and it has helped you out, please leave a comment and let other readers know of you success and thank you for reading my blog.

In most cases, the supplied sample configuration file for VSFTPD located in /etc/vsftpd will work for most simple setups. However, you might find that after connecting to your FTP server using you favourite FTP client, you find you recieve the following error in you client log:

Error: Transfer Done (but failed to open directory)

The main reason that the client can't read or "open" the directory is permission issues on the folder denying the client access. When running a Red Hat based (Red Hat, Fedora etc.) server, SELinux is installed and live be default. SELinux controls a second set of folder/file access permissions on top of the standard linux folder permissions system. And because in most cases SELinux is not setup properly, users and administrators are unaware that SELinux is working on this layer.

Because of many issues with configuration SELinux, if you don't properly set this up, SELinux will deny FTP access to the folders and also see the access as a possible security threat.

In my configuration, the standard linux permission system is fine. Therefore, disabling SELinux resolves this issue.

To disable SELinux (Note: this needs to be done as root or sudo):
  1. Using a command-line, goto /etc/selinux/
  2. Open the file config using your prefered text editor (e.g. vim, nano)
  3. Find the option SELINUX= and set it to the following:
    SELINUX=disabled
  4. Save the file and reboot you machine.
Once this has been done, you FTP clients should now be able to access your folders.

14 comments:

  1. Thanks a bunch. Iv'e been looking for this answer for hours. Works great now.

    ReplyDelete
  2. Instead of disable SELinux, just switch SELinux boolean :
    setsebool -P ftp_home_dir=1

    ReplyDelete
    Replies
    1. Thanks Tom for your input. Obviously properly configuring SELinux is far more secure and this can help users do that.

      Delete
    2. Sorry, but how to switch
      SELinux boolean : setsebool -P ftp_home_dir=1

      ? Sorry I am still a newbie in linux.

      Thanks!

      Delete
    3. This didn't work for me and I had to change config file for it to work. Any reason why this is the case?

      Delete
  3. Idem for :
    setsebool -P allow_ftpd_full_access 1

    ReplyDelete
  4. I've an EC2 instance with Red Hat and I was crazy with this issue.

    Thanks a lot. This has be very useful for me.

    ReplyDelete
  5. Thanks so much, have been looking for this solution for 2 hours! Thanks!

    ReplyDelete
  6. What if tha's not the cause to the problem?
    I've installed vsftpd.
    Created an ftpuser, added it to the ftp group.
    -I don't have SELinux installed on my machine.-
    The user can log in the ftp server, but cannot see anything or create new files/folders.
    I get the "Transfer Done (but failed to open directory)" error
    even though the permission to a folder are 777 still the error pops. (using filezilla)

    ReplyDelete
  7. Thanks so much, have been looking for this solution for 4 hours! Thanks!

    ReplyDelete
  8. This command:

    setsebool -P allow_ftpd_full_access 1

    seems much more sensible to me than just switching SELinux off altogether. It works for me.

    ReplyDelete
  9. Many thanks from Indonesia..it worked..

    ReplyDelete