??xml version="1.0" encoding="utf-8" standalone="yes"?>
关于“vsftpd 部分本地用户不能dQ部分可?#8221;的问题,我重新做?jin)一些实验,我把q个问题l合实验的结果再重新描述一下,请各位高?sh),帮忙看看可能的原因?谢谢?jin)?br />
pȝ中原来就有的本地帐号都不能登录,我的/etc/vsftpd/vsftpd.conf文g的配|如下:(x)
local_enable=YES
write_enable=YES
chroot_local_user=YES
pam_service_name=vsftpd
/etc/pam.d/vsftpd存在且正常?br />
d旉误信息都是一L(fng)Q?br />
500 OOPS: cannot change directory:/home/xxxx
Login failed.
421 Service not available, remote server has closed connection
他们的home目录都是/home/xxxx?home?home/xxxx的权限都?55?br />
以上q些帐号都不能ftpdQ这些都是^常经怋用的Q可以用shelld的?br />
我新创徏?jin)一个usr1帐号Q?br />
# useradd -G test -d /tmp/usr1 usr1
能ftpdQ他的home?tmp/usr1,?分区上。?home我是mount?dev/hda9上的?br />
#mount
/dev/hdb1 on / type ext3 (rw)
/dev/hda9 on /home type ext2 (rw)
所以,我猜惻I(x)是否是由?home分区的原因,而造成“ȝ录在/home分区的帐?#8221;都不能登录呢Q?br />
Z(jin)验证以上设想Q我试着再创Z(jin)一个帐P
useradd -G test -d /home/usr3 usr3
/home, /home/usr3 的权限都?55?br />
usr3 ftpdp|?
500 OOPS: cannot change directory:/home/usr3
Login failed.
421 Service not available, remote server has closed connection
x(chng)Q我觉得可以定是由?home分区的原因,而造成“ȝ录在/home分区的帐?#8221;都不能登录?br />
参考文章:(x)
-----------------------------------------------------------------------------------------
I finished my second upgrade to Fedora Core 4. Not everything is ironed out yet with the build of course. But one thing is for sure a lot has happened to the RedHat I knew before.
I must say of all the changes, for me the nicest addition is the new SELinux extensions. For deep background on the reasons for and theory of SELinux read, The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments
The more I work with SELinux the more I realize I need to know about it, and how exactly it does all its stuff. It certainly changes things relating to users, directories and access. As I am starting to learn it, I'm sure I'm doing things the hard-way. :)
The major difference, so far for me, in Red Hat's SELinux is the way ftp is handled. vsftpd is still the server which is great. However, it seems to be designed to run as a daemon rather than invoked via xinet.d. If you grab a working copy of the xinet.d file for vsftpd you can invoke it via xinet.d wrapper. I did my first server upgrade in this manner. The current one I am trying as a daemon. I certainly think I will miss some of the features that the xinet.d wrapper brings, and may yet return to it.
Of all the issues I saw most notable is if you want to enable chroot directory's outside of the normal /home/xxx vsftpd. These will fail with a
500 OOPS: cannot change directory: /mnt/xxxxx
I was able to use ftp if I logged in with an account with a directory in /home, but once I set a user account to have a home drive outside of /home (in this case on a mounted secondary disk) vsftpd barfs the above.
I found information at the NSA that indicates you can disable SELinux protection of the ftp daemon.
setsebool -P ftpd_disable_trans 1
This seems a bit drastic. It certainly works for now though.
I think ultimately the issue resides with policies, but as SELinux policies are new to me, it will take time before it all gets sorted out. As I spend time with the new SELinux extensions in Fedora Core 4 I will keep you updated on my thoughts and configuration lessons.
---------------------------------------------------------------------------------------
解决办法Q?br />
--------------------------------------------------------------------------------------
# setsebool ftpd_disable_trans 1
# service vsftpd restart
我用的是FC4Q按照你上一帖子里的Ҏ(gu)试了(jin)Q马上就解决?jin)。所以,可以定原因在SELinux?br />
------------------------------------------------------------------------------------
System.out.println()?
commons-loggingLog4j?Commons-logginJavaSimpleLog?Log4jJavaLog4jLog4jcommons-logginLog4jcommons-loggingLog4j commons-loggingLog4jLog4j我想q也是ؓ(f)什?#8220;所有用?/span>Log4jcommons-logginCommons-loggingl al l q里看一下它怎么“‘很脓(chung)?j)?#8217;帮我?#8216;自动选择’‘适当?#8217;日志实现pȝ”Q?/span>
1) classpathcommons-logging.propertiesLog2) commons-logging.propertiesorg.apache.commons.logging.LogLog3) classpathLog4jLog4j4) JDKJDK1.45) commons-loggingSimpleLogQ以上顺序不保证完全准确Q请参考官Ҏ(gu)档)(j)
commons-logging12Log4j3SimpleLog commons-loggingLog4j commons-loggingcommons-loggingcommons-loggingLog4jJarclasspashcommons-loggingLog4j如果不想?/span>Log4jclasspathLog4jJarp么简单!
代码应该怎么写?
1commongs-loggingimport org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.logging.*;
2org.apache.commons.logging.Logprivate static Log log = LogFactory.getLog(YouClassName.class);
staticLogFactory.getLog()classLogFactory.getLog(this.getClass())staticthis3org.apache.commons.logging.Loglog.debug("111");
log.info("222");
log.warn("333");
log.error("444");
log.fatal("555");
logorg.apache.commons.logging.Logstdoutlog4j.propertiesl debug() l info() l warn() l error() l fatal() Ҏ(gu)不同的性质Q日志信息通常被分成不同的U别Q从低到高(sh)ơ是Q?#8220;调试Q?/span>DEBUGINFOWARNERRORFATALZ么要把日志信息分成不同的U别呢?q实际上是方便我们更好的控制它。比如,通过Log4j debug()info()warn()error()fatal()
commons-loggingLog, LogFactory上面所介绍的方法是目前被普通应用的Q可以说是被标准化了(jin)的方法,几乎所有的人都是这么用。如果不信,或想认一下,去下蝲几个知名?/span>Java
Javapackage liigo.testlog;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class TestLog {
private static Log log = LogFactory.getLog(TestLog.class);
public void test() {
log.debug("111");
log.info("222");
log.warn("333");
log.error("444");
log.fatal("555");
}
public static void main(String[] args) {
TestLog testLog = new TestLog();
testLog.test();
}
}
commons-loggingjarclasspath
Log4j应该注意刎ͼ我们上面l出的源代码Q完全没有涉?qing)?/span>Log4jcommons-logging可是Q怎么才能?/span>Log4jclasspathLog4jjarcommons-loggingLog4jcommons-logging注意Q配|文?/span>log4j.propertiesLog4jclasspath Log4jlog4j.propertiesJavalog4j.propertiesJavalog4j.propertieslog4j.properties
LOG4J的配|之单它遍?qing)于来多的应用中了(jin)?x)Log4J配置文g实现?jin)输出到控制台、文件?/span> 回滚文g、发送日志邮件、输出到数据库日志表、自定义标签{全套功能。择其一二用就够用?/span> log4j.rootLogger=DEBUG,CONSOLE,A1,im # 应用于控制台 Trackback: http://tb.blog.csdn.net/TrackBack.aspx?PostId=1545873关于Log4j比较全面的配|?/h5>
log4j.addivity.org.apache=true
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.Threshold=DEBUG
log4j.appender.CONSOLE.Target=System.out
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern=[framework] %d - %c -%-4r [%t] %-5p %c %x - %m%n
#log4j.appender.CONSOLE.layout.ConversionPattern=[start]%d{DATE}[DATE]%n%p[PRIORITY]%n%x[NDC]%n%t[THREAD] n%c[CATEGORY]%n%m[MESSAGE]%n%n
#应用于文?/font>
log4j.appender.FILE=org.apache.log4j.FileAppender
log4j.appender.FILE.File=file.log
log4j.appender.FILE.Append=false
log4j.appender.FILE.layout=org.apache.log4j.PatternLayout
log4j.appender.FILE.layout.ConversionPattern=[framework] %d - %c -%-4r [%t] %-5p %c %x - %m%n
# Use this layout for LogFactor 5 analysis
# 应用于文件回?/font>
log4j.appender.ROLLING_FILE=org.apache.log4j.RollingFileAppender
log4j.appender.ROLLING_FILE.Threshold=ERROR
log4j.appender.ROLLING_FILE.File=rolling.log
log4j.appender.ROLLING_FILE.Append=true
log4j.appender.ROLLING_FILE.MaxFileSize=10KB
log4j.appender.ROLLING_FILE.MaxBackupIndex=1
log4j.appender.ROLLING_FILE.layout=org.apache.log4j.PatternLayout
log4j.appender.ROLLING_FILE.layout.ConversionPattern=[framework] %d - %c -%-4r [%t] %-5p %c %x - %m%n
#应用于socket
log4j.appender.SOCKET=org.apache.log4j.RollingFileAppender
log4j.appender.SOCKET.RemoteHost=localhost
log4j.appender.SOCKET.Port=5001
log4j.appender.SOCKET.LocationInfo=true
# Set up for Log Facter 5
log4j.appender.SOCKET.layout=org.apache.log4j.PatternLayout
log4j.appender.SOCET.layout.ConversionPattern=[start]%d{DATE}[DATE]%n%p[PRIORITY]%n%x[NDC]%n%t[THREAD]%n%c[CATEGORY]%n%m[MESSAGE]%n%n
# Log Factor 5 Appender
log4j.appender.LF5_APPENDER=org.apache.log4j.lf5.LF5Appender
log4j.appender.LF5_APPENDER.MaxNumberOfRecords=2000
# 发送日志给邮g
log4j.appender.MAIL=org.apache.log4j.net.SMTPAppender
log4j.appender.MAIL.Threshold=FATAL
log4j.appender.MAIL.BufferSize=10
log4j.appender.MAIL.From=web@www.wuset.com
log4j.appender.MAIL.SMTPHost=www.wusetu.com
log4j.appender.MAIL.Subject=Log4J Message
log4j.appender.MAIL.To=web@www.wusetu.com
log4j.appender.MAIL.layout=org.apache.log4j.PatternLayout
log4j.appender.MAIL.layout.ConversionPattern=[framework] %d - %c -%-4r [%t] %-5p %c %x - %m%n
# 用于数据?/font>
log4j.appender.DATABASE=org.apache.log4j.jdbc.JDBCAppender
log4j.appender.DATABASE.URL=jdbc:mysql://localhost:3306/test
log4j.appender.DATABASE.driver=com.mysql.jdbc.Driver
log4j.appender.DATABASE.user=root
log4j.appender.DATABASE.password=
log4j.appender.DATABASE.sql=INSERT INTO LOG4J (Message) VALUES ('[framework] %d - %c -%-4r [%t] %-5p %c %x - %m%n')
log4j.appender.DATABASE.layout=org.apache.log4j.PatternLayout
log4j.appender.DATABASE.layout.ConversionPattern=[framework] %d - %c -%-4r [%t] %-5p %c %x - %m%n
log4j.appender.A1=org.apache.log4j.DailyRollingFileAppender
log4j.appender.A1.File=SampleMessages.log4j
log4j.appender.A1.DatePattern=yyyyMMdd-HH'.log4j'
log4j.appender.A1.layout=org.apache.log4j.xml.XMLLayout
#自定义Appender
log4j.appender.im = net.cybercorlin.util.logger.appender.IMAppender
log4j.appender.im.host = mail.cybercorlin.net
log4j.appender.im.username = username
log4j.appender.im.password = password
log4j.appender.im.recipient = corlin@cybercorlin.net
log4j.appender.im.layout=org.apache.log4j.PatternLayout
log4j.appender.im.layout.ConversionPattern =[framework] %d - %c -%-4r [%t] %-5p %c %x - %m%n
select room_seq.currval from dual则选出room_seq的当前|取值后不会(x)自动增长
另外QOracle不像其他数据库,NVARCHAR2的数据类型的取值居然是'abcd'Q单引号Q,既不是双引号Q也不是无引受?/p>