flyinweb's blog

症状：

在脚本进行FTP远程数据传输时，老是出现如下错误：ftp: bind: Address already in use

解决办法：

1) 防火墙原因（测试不成功）

最初检查发现好几个vsftpd进程，以为是这个原因，杀掉所有相关进程，重启，问题依旧

ftp:500 Illegal PORT command.
ftp: bind: Address already in use
主要是由于Iptables防火墙不支持（lsmod | grep 来检查）
ip_nat_ftp
ip_conntrack_ftp
在linux的ftp服务器上执行下列命令即可解决

modprobe ip_nat_ftp  
modprobe ip_conntrack_ftp 

2）selinux原因

测试1）不成功，便查日志，在日志中发现如下信息：

Dec 16 19:29:04 hostnamed setroubleshoot: SELinux is preventing the ftp daemon from reading users home directories (/korea_liangdb.tar.gz.20091216). For complete SELinux messages. run sealert -l b93e4f93-f554-4d79-b095-3e791ff2f6e1
Dec 16 19:29:05 hostnamed setroubleshoot: SELinux is preventing the ftp daemon from reading users home directories (/korea_liangdb.tar.gz.20091216). For complete SELinux messages. run sealert -l dbdd78f5-786c-4e89-8006-d07e63a72c0a
Dec 16 19:29:05 hostnamed setroubleshoot: SELinux is preventing the ftp daemon from reading users home directories (./korea_liangdb.tar.gz.20091216). For complete SELinux messages. run sealert -l 726e861a-9cd8-4df9-8435-e3ae2117b133
Dec 16 19:29:05 hostnamed setroubleshoot: SELinux is preventing the ftp daemon from reading users home directories (/korea_liangdb.tar.gz.20091216). For complete SELinux messages. run sealert -l 2b5c7159-3642-4c71-81eb-4c62f88f4e8d
Dec 17 12:38:26 hostnamed setroubleshoot: SELinux is preventing the ftp daemon from reading users home directories (./home). For complete SELinux messages. run sealert -l 60fef9a6-c90a-41c7-9bb8-93f1a671df16
Dec 17 12:41:12 hostnamed setroubleshoot: SELinux is preventing the ftp daemon from reading users home directories (./backup). For complete SELinux messages. run sealert -l 6f7d5696-3403-4229-9773-0e0cb92d527d
Dec 17 12:41:12 hostnamed setroubleshoot: SELinux is preventing the ftp daemon from reading users home directories (/korea_liangdb.tar.gz.20091217). For complete SELinux messages. run sealert -l 9d56a99e-007d-4fbe-9a52-a8e1799d3fe5
Dec 17 12:41:12 hostnamed setroubleshoot: SELinux is preventing the ftp daemon from reading users home directories (/korea_liangdb.tar.gz.20091217). For complete SELinux messages. run sealert -l 1bd2fe0e-2417-4108-b412-b04b23cf070b
Dec 17 12:41:12 hostnamed setroubleshoot: SELinux is preventing the ftp daemon from reading users home directories (./korea_liangdb.tar.gz.20091217). For complete SELinux messages. run sealert -l 161aaded-64b5-428a-a80e-0c1e25081c82
Dec 17 12:41:12 hostnamed setroubleshoot: SELinux is preventing the ftp daemon from reading users home directories (/korea_liangdb.tar.gz.20091217). For complete SELinux messages. run sealert -l 5d1200be-ef10-4e22-a675-2642d8b8e10d

重启之后，仍然不正常

3) 脚本原因：

BACKUPNAME="korea_liangdb.tar.gz"  
TIMESTAMP_TODAY="$(date +%Y%m%d)"  
FTPSERVER="ftpserver"  
FTPUSER="ftpuser"  
FTPPWD='93$#^Xahi>(b2'  
#FTPPWD="93$#^Xahi>(b2" # 不正常的赋值，因为密码中包含了$# 
ROMOTEPATH="/"  
LOCALPATH="/usr/mysqlbackup"  
ftp -n -d << !  
open ${FTPSERVER}  
user ${FTPUSER} ${FTPPWD}  
bin  
prompt  
cd ${ROMOTEPATH}  
lcd ${LOCALPATH}  
put ${BACKUPNAME}.${TIMESTAMP_TODAY}  
close  
bye  
! 

使用调试模式运行，发现：

[root@ryang2 adminshell]# sh -x ff.sh
+ BACKUPNAME=korea_liangdb.tar.gz
++ date +%Y%m%d
+ TIMESTAMP_TODAY=20091218
+ FTPSERVER=121.189.9.133
+ FTPUSER=gamebackup
+ FTPPWD='930^Xahi>(b2' # 注意此处密码与上面脚本代码之间的差别，原来在脚本中，将$#解析为了参数个数了，即将密码中的$#转换成了数字0
+ ROMOTEPATH=/
+ LOCALPATH=/usr/mysqlbackup
+ ftp -n -d
ftp: setsockopt: Bad file descriptor
---> AUTH GSSAPI
Please login with USER and PASS.
---> AUTH KERBEROS_V4
Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
cmds.c:276: verbose=0 debug=1 overbose=0
---> SYST
Please login with USER and PASS.
---> USER gamebackup
---> PASS XXXX
Login incorrect.
Login failed.
---> TYPE I
Please login with USER and PASS.
Interactive mode off.
---> CWD /
Please login with USER and PASS.
Local directory now /usr/mysqlbackup
---> PASV
Please login with USER and PASS.
Passive mode refused.  Turning off passive mode.
---> PORT 121,189,9,134,131,18
Please login with USER and PASS.
ftp: bind: Address already in use
---> QUIT

结论：如果在脚本中变量赋值中包含特殊意义的组合的话，用单引号来进行赋值