Has the time come for one of the oldest and most popular protocols to cease? A new problem has arisen which has highlighted again that the use of FTP has to be on its way out due to its known flaws. In this post I shall be exploring this new problem and how I overcame it.
A new problem with vsFTPD
A routine upgrade of one of my main CentOS web servers to Linux release 7.3.1611 (Core) brought down my main FTP service (vsftpd). Upon login to the server via FTP I was greeted with a familiar error indicating to me an SELinux issue. Its basically blocking FTP access to the home directories.
Response: 500 OOPS: chroot
Error: Critical error: Could not connect to server
Status: Disconnected from server
To resolve this issue with SELinux there is a boolean you must enable to allow this through its security. This was a boolean I know I already enabled so was surprised to see it. The next shock was that when attempting to enable it, I got the new error below:
Boolean ftp_home_dir is not defined
The system doesn’t recognise it as a valid boolean. Not Good.
It would appear that the upgrade to RHEL 7.3 does not have this boolean on its OS and has been removed. Naturally this has been reported as bug and is being investigated.
While this is being worked on the only workaround is to apply another boolean “ftpd_full_access”. Command below:
setsebool -P ftpd_full_access on
This will allow ftpd full access to the system.
Maybe it’s time to move away from FTP and let it die gracefully?