Thursday, 29 December 2011

HA Clustering with Windows 2008 and MySQL

Clustering is available in a High Availability mode commonly known as HA and High Performance mode commonly known as NLB. In HA a service or resource is made available across the cluster nodes and its availability is made a resilient as possible. Windows 2008 Enterprise offers fail over clustering. Here I am showing you a HA cluster with a single DB service that will be available across the cluster nodes.

Node Spec:
Windows 2008 Enterprise
Storage:
  • Local Disk - for OS , OS specific
  • Witness Disk / Quorum Disk - iscsi DISK, min 512MB
  • Application and Data Disk - iscsi DISK, App specific
Network Cards:
  • Card 1 for iscis network - static address
  • Card 2 for cluster network - static address
  • Card 3 for cluster service ip which can be accessed by the clients
Application Service: MySQL
Download the MySQL zip.
The iSCSI storage disks should be configured and only add the Quorum disk initially.
The nodes will be AD integrated, I have used the following details.
Using a cheap absolutely free SAN iSCSI, a Windows SAN hot-to is presented here - http://sudhakarbellamkonda.blogspot.com/2012/01/microsoft-windows-iscsi-san-clusters-1.html
Node Specification: 
Node1:
Name: dbclu1
Network Cards: iscsi-network static 192.168.200.1
               cluster-network static 192.168.100.61
               cluster-service dhcp 192.168.1.103 reserved
Storage: iSCSI disk 1 512M, Auto log at boot
         iSCSI disk 2 10G, Auto log at boot           

Node2:
Name: dbclu2
Network Cards: iscsi-network static 192.168.200.2
               cluster-network static 192.168.100.62
               cluster-service dhcp 192.168.1.104 reserved
Storage: iSCSI disk 1 512M, Auto log at boot
         iSCSI disk 2 10G, Auto log at boot           
Node3:

Name: dbclu3
Network Cards: iscsi-network static 192.168.200.3
               cluster-network static 192.168.100.63
               cluster-service dhcp 192.168.1.102 reserved
Storage: iSCSI disk 1 512M, Auto log at boot
         iSCSI disk 2 10G, Auto log at boot           

Cluster Name: db-cl1

  • Add storage disk1 to all the nodes. A how-to is presented here that should be repeated on all nodes - http://sudhakarbellamkonda.blogspot.com/2012/01/microsoft-windows-iscsi-san-clusters-2.html
  • At node1 start the Fail over Cluster Management and click on validate a configuration, add the nodes and wait for the configuration test to get over. All the tests should be passed if not rectify your test issue and then revalidate.
  • From the main page click 'create a cluster' and add the nodes. The MMC will ask for the cluster name, enter db-cl1 or what ever name you would want to give.
  • From the cluster network disable the iscsi-network card so that this network is only used for SAN Storage.
  • Add the second iSCSI disk at all nodes. A how-to is presented here that should be repeated on all nodes - http://sudhakarbellamkonda.blogspot.com/2012/01/microsoft-windows-iscsi-san-clusters-2.html
  • Unzip the MySQL archive to the second disk at node one
  • Add it as a service at all the nodes - Use the below statement to add the service.
    Assuming H: to be the second disk and h:\mysql the program folder,
    H:\mysql\bin>"H:\mysql\bin\mysqld" --install MySQL --defaults-file=h:\mysql\my.cnf 
  • Make sure that the service is stopped at all the nodes and set to automatic start
  • Add the second iSCSI disk to the cluster
  • Right click services and applications and select configure a service/application
  • Select Generic application
  • Add MySQL from the list
  • the Cluster manager will add the service and start it.
  • From the main cluster page, if you have not entered a static ip, obtain the dynamic ip and test the clustered service.
 To test the cluster you can shutdown the node where the DB service is online and see if the service is moved to another node.

Screen shots of this cluster available below.






If you want a cluster which will work if only one node is available with the disks then you can configure the cluster to use the iSCSI Disk1 of 512M as the Quorum disk. The min requirnment of a Quorum disk is 500M.

Tuesday, 27 December 2011

Windows 7 Security with K9 Web Protection, Clam Antivirus and Rapport

Here I am presenting a How To for the installation of K9 Web Protection and Clam AV Antivirus.

Downloads form their website:
K9 Web Protection Get your license which is free
Clamwin AV

After downloading these software in your downloads folder or where ever you choose to save them, open that folder and start with Clamwin setup.



CLAMWIN INSTALLATION:
In Clamwin, the installer presents with the choice to add a Browser bar and you can opt out by unticking the option as in the figure below.
 Click Next, You will see the next figure


In this window you can either choose to keep the Windows Explorer and Outlook Integration or remove it and then click next



If you have a fast internet connection its is ok to keep the tick to download virus batabase, else untick it and click next.

The installation will successful finish and you will have a icon in the system tray as shown here.

Double clicking the tray icon brings up the user interface as shown in this figure and from here you can scan and clean your files and folders and you will additionally have realtime virus protection.



K9 WEB PROTECTION INSTALLATION:
The K9 installation is much more easy and simpler with just two clicks and a reboot. Open the folder where you downloaded the software and doubleclike it. The window show will be displayed


Enter the license that you have obtained from K9 web protection, usually sent to your email that you gave at the download page when you downloaded the software. Additionally a K9 Administrator password is asked, this can be any password that you choose, use a good one. This password is required when you need to change the filtering and parental control parameters. Click install and with successful installation you need to reboot.

Click on and reboot. After rebooting except for the program entry in the start menu there you will not notice it. From the programs menu click on K9 Web Protection. This will open your browser with the user interface. On clicking setup you will need to enter the password given while installation.

Enter the password and browse the K9 Configuration. Leaving the protection configuration at what it is, the default is good enough and you now have realtime protection while browsing the internet and is an added peace of mind.

Adding to the above two there is a solution to keep the online banking transactions secure and protected from phishing / scamming sites. This software is called Rapport and is from a company called Trusteer whose details, information can be found at http://www.trusteer.com/product/trusteer-rapport


- Sudhakar Bellamkonda

Thursday, 22 December 2011

NLB With Windows 2003 and Windows 2008.

NLB is a concept where a bunch of individual servers /services are brought together to make one virtual server /service.  This facilitates high performance and high reliability to critical systems that need be online 24/7.
This image is a of typical NLB cluster. To start with a minimum 2 servers are required and can be scaled to N servers depending on what technology and or appliance is being used to load balance the servers. A cost effective solution is where the NLB does not become the point of failure. NLB can be implemented with the use of OS level driver / software with ease decreasing cost and reducing maintenance.

Windows Enterprise 2003 and 2008 have the NLB feature as standard and can be used to effectively bundle together few servers together for performance and redundancy. TCP services HTTP, HTTPS, FTP, POP, SMTP and other TCP/IP services can be load balanced. 

In 2008 this feature has to be installed using the server manager interface and then using the Load balancer interface nodes are added to the cluster. Th cluster will have a unique cluster name and a virtual ip which is used to present the service. 

In 2003 this feature is installed default. In both servers the actual NLB is as a tick-able service that can be enabled/disabled in the network adapter properties. Performance of the cluster increases with increase of nodes. The performance of the application that is being NLB'ed itself effects the performance of the cluster.


- Belllamkonda Sudhakar



Thursday, 8 December 2011

Securing Windows 7 : Parental Control, Antivirus, Malaware Protection And Web Filtering

Going on the internet is a experience of awe and wonder with its own highs and addiction. Acute blogger's, chatters, Social networker's and IT professionals alike will shamelessly proclaim open addiction to it. From the average joe and jane to that very famous other that you admire, ogle, fantasise or idolise be it that favourite star, that boy/girl in school or the office colleague would have used it. With personal netbooks, laptops to office desktops and workstations internet is every were and along with it the threat of malaware, viruses, porn, adverts and the unseen hacker at large,

Yes, its seems scary, with most personal details and financial transactions being done with the internet. Relax, as today's Operating systems are secure and there are good free utilities that can be used to secure your netbook, laptop, desktop or workstation for free.

Windows 7 has a built-in firewall that is pretty good and can be used with these two utilities to make your computing more safe.

Parental Control / Web Filtering: Blue Coat K9 Web Protection is an excellent software utility for personal use and is very light weight and not in the face kind of software which is very accurate and hassle free. Its only 3 clicks and you will need a license which is free for personal use.

Antivirus: One of the best free and light on resources software is the ClamAV for windows software. IT seamlessly integrate with windows explorer and Outlook. These choices can be selected while install or later. It's interface and user GUI is very easy to use and you will not even notice it as it has a very less level of intervention necessary. Virus signature update if free and so is the software. No license required.

Malaware: Microsoft Security Essentials itself is a very good piece of software and does the job wonderfully, being low on resources it's response time, i.e. when removing malaware is a tad slower but the good side is it can remove existing one's and is absolutely free from Microsoft. It is in real time protection and integrates into the system without any fuss or issue.

Along with these if the UAC (User Access Control) is left ON your hard working computing silicon lump will be a happy bunny or stud based on what your gender is :).


OpenDNS: This is an added level of protection from bad sites and is similar to web filtering / parental control but adds a extra protection level by resolving website names to legit websites so that some web page does not hijack your browser to a phishing or malaware site and that your system along with you remain happy and have fun over the internet with out the worry of unprotected browsing.


- Bellamkonda Sudhakar

Password generator for Linux - Bash Script

Getting on with system administration means to have a constant security aware work flow. I have written a simple script to generate a fairly complex password. By default it creates a 8 character length. If a length is given then it can be between 9-32. Anything above 32 is truncated to 32 characters and anything less than 9 is defaulted to 8.

Download Version 3: http://www.mediafire.com/?eck9ec6b1bzq89e
Download Version 2: http://www.mediafire.com/?s7qdjlq9s4qh2mx
Suggestions are welcome. The script itself.

More utilities in this utility suite can be found at google-code projects and Sourceforge, URL's below.
http://code.google.com/p/linux-easy-admin-utilities/
http://sourceforge.net/projects/lnxesyadmutil/

http://linux-easy-admin-utilities.blogspot.com/
 

#!/bin/bash
##################################################################
#
# Script to generate a fairly complex password
#
##################################################################
#
# Author: Bellamkonda Sudhakar
# License: GNU GPL v3
##################################################################
UVersion=0.2
Version=0.3
License='GNU GPL V3'
Depchk=0
Ln=8
Depopt=$1
##################################################################
function depchkerr {
if [[ "$Depopt" == "-c" ]]
then
echo "Dep check error - $Deperr"
fi
}
##################################################################
function depchk {
Deperr=''
Depchk=0
if [[ -z $(tr --version 2>/dev/null) ]]; then Depchk=1; Deperr='tr'; depchkerr; fi
if [[ -z $(head --version 2>/dev/null) ]]; then Depchk=1; Deperr='head'; depchkerr; fi
if [[ -z $(echo $RANDOM | md5sum 2>/dev/null) ]]; then Depchk=1; Deperr='md5sum'; depchkerr; fi
if [[ -z $(echo $RANDOM | sha512sum 2>/dev/null) ]]; then Depchk=1; Deperr='sha512sum'; depchkerr; fi
exit $Depchk
}
###################################################################
function uerror {
printf "%s\n" "Not root"
exit 1
}
##################################################################
function numerr {
printf "%s\n" "Numbers only"
exit 1
}
##################################################################
function version {
echo "Linux Easy Admin Utilities Version $UVersion - $License License
Author: Bellamkonda Sudhakar"
printf "\n%s\n" "Password Generator $Version - $License License"
exit 0
}
##################################################################
function usage {
echo "Linux Easy Admin Utilities Password Generator Version $UVersion - $License License
Author: Bellamkonda Sudhakar"
printf "\n%s\n" "Password Generator $Version - $License License"
printf "\n%s" "pwgen [ n | -h | -v | -c ]"
printf "\n%s" "Options:"
printf "\n%5s%s" " " " n  where n can be a numeric between 9-32, when not given default is 8"
printf "\n%5s%s" " " " e.g. pwgen 16"
printf "\n%5s%s" " " "-c Displays if a password generation dependency exists or not"
printf "\n%5s%s" " " "-h  displays this usage page"
printf "\n%5s%s\n" " " "-v  displays version information"
exit 0
}
#################################################################
function pgen {
Depchk=$(depchk)
if (( Depchk )) ; then
    Trn=$(echo $RANDOM)
    Ttn=$(date +%N)
    Tsn=$(date +%s)
    Pswd=$(echo $Tsn$Ttn$Trn | md5sum | sha512sum)
    Password=${Pswd:0:Ln}
else
    Password=$(tr -dc A-Za-z0-9_ < /dev/urandom | head -c $Ln)
fi
printf "%s\n" "$Password"
exit 0
}
##################################################################
#Main Program
##################################################################
clear
#
[[ $UID -ne 0 ]] && uerror
#
[[ "$1" == "-h" ]] && usage
#
[[ "$1" == "-v" ]] && version
#
[[ "$1" == "-c" ]] && depchk
#
[[ $# -eq 0 ]] && pgen
#
if [ $1 -eq $1 2>/dev/null ]
then
    Ln=$1
    [[ $1 -gt 32 ]] && Ln=32
    [[ $1 -lt 8 ]]  && Ln=8
    pgen
else
    numerr
fi
exit 0

##################################################
Your work made easy, go on work with it, use it, have fun.

- Bellamkonda Sudhakar

Wednesday, 7 December 2011

Network Firewall Auditor and Checker for Linux - A Bash Script for System Admins

On a day to day work load, starting one with simple task to complex multiple tasks, IT System Administrators and all other personnel who look after the IT Data Centre and IT Infrastructure, sometimes find that they have to run a multiple command set, that to for simple information. In recent times the Desktop GUI and the relative backend tools that make the Linux System have advanced well, but for remote system administration, unlike Windows where RDT can be used, Sysadmin's prefer a shell and a command line interface for its simplicity and speed.

Keeping that in mind this bash script was written to simplify the task where a Linux system needs to be audited and network details and information presented in a readable form. This script brings various aspects of the networking sub-system like firewall, network services, ports open, gateways etc. into a single file in a very readable form set.

net-audit-checker-v05

































The hard working Sysadmin will find this a handy tool as it creates a audit file with additional information along with the above shown screen.

Script Dependencies: The following utils and tools need be available and are usually available in the default install of all current known Linux Distributions.
GREP, NETSTAT, LSOF, WHICH, SED, LSPCI, IP, SS, HOSTNAME, UNAME, AWK

Works beautifully and hard for the Sysadmin and generates easy to comprehend information out of the various network settings.


Compatibility: Was put to test on current right, left and centre popular distributions and found OK with the following.

Debian
OpenSUSE
Ubuntu
CentOS
Fedora
Download: Copy it to your favourite folder and use it as any other bash script.
net-audit-checker-v05 or download the Utils Linux Easy Admin Utils, website at http://linux-easy-admin-utilities.blogspot.com/


Usage: ./netadtchk-v05 -h

Linux is a excellent OS and when scripts and tools like this are in hand work become more fun.


Please let me know how you find it and ask if you have any queries.

- Bellamkonda Sudhakar

Friday, 2 December 2011

PDNSD How To - A DNS caching personal server

PDNSD is a non authoritative Caching DNS server. It maintains a disk cache of the queries that you system performs and subsequent queries will be faster from the cache. It is safe enough to be use on a personal Unix/Linux system as a home Desktop or a Laptop.
Info about its history, current developer Paul Rombouts and other technical info can be see here http://www.phys.uu.nl/~rombouts/pdnsd.html.

Versions and OS:
OS: Fedora 16 x86_64
PDNSD: 1.2.8 RPM

Downloads:
Fedora 12,13,14,15,15. This should also work with RHEL and Cent OS
PDNSD i386 RPM
PDNSD_x86_84 RPM


Source tar:
PDNSD-1.2.8 SRC RPM
PDNSD-1.2.8 SRC TAR BALL

Debian
PDNSD

Free BSD
PDNSD

Gentoo
PDNSD

Network Requirements:
Your system supports the local interface 'lo' with a 127.0.0.1 ip. This is a standard for all computers irrespective of what OS it is.

A query able DNS server, e.g. your ISP's DNS, OpenDNS, or your ADSL Router if it has got a DNS server.

Necessary firewall configuration that allows DNS query from your system to the forwarding or authoritative DNS server

Login to start and stop network services.


Installation:
The Downloaded RPM's can be installed with yum. login as root and use the shell terminal and run the commands below. Yum should take care of any missing dependencies.

#yum localinstall pdnsd-1.2.8-par_el5.x86_64.rpm

If you are using the source tar then

#cd <path to the pdnsd source folder>
#./configure
#make
#make install

The files are installed to /usr/local/bin and a pdnsd.conf is copied to the /etc folder.

Configuration:
Your systems DNS configuration and pdnsd.con require amendments as below.

pdnsd.conf
Use a editor like vi to edit the pdnsd.conf file Two sections need changing for the server to serve DNS queries. Leave the remaining sections as is.


global {
        perm_cache=16384; - this is in kB, increase it if you want more disk cacheing
        server_ip = 127.0.0.1; this is the local 'lo' network interface
        paranoid=on; A security feature to avoid cache poisoning 
}
Let other options be defaults.

server {
        ip = som.eip.add.ress;  Put your ISP's DNS-server address(es) here.
        uptest = query;     Test if the network interface is active. The above DNS is queried with a DNS request
        interface=eth0;     The interface connected to the network.
}

Other options in the config file will be as is and change not required.

resolv.conf
In different Unix / Linux flavours, different files and configuration used. resolv.conf is the most common dns setting in a Unix / Linux system. Comment out all existing nameservers and add

nameserver 127.0.0.1

Start Service and Test:
The installation has installed a service that needs to be started and used. Also set the service to start up a boot.

#chkconfig --levels 3456 pdnsd on
#service start pdnsd

To test
# nslookup google.com
Server:        127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
Name:    google.com
Address: 74.125.230.148
Name:    google.com
Address: 74.125.230.144
Name:    google.com
Address: 74.125.230.146
Name:    google.com
Address: 74.125.230.147
Name:    google.com
Address: 74.125.230.145

If there is a error check is the service status, network connectivity, the up DNS server, pdnsd status with

#pdnsd-ctl status

This is a great software for internal LAN, laptops and desktops where the dns query takes a long time and speeds up internet browsing and limits the network DNS traffic to minimal.

I personally use it with my laptop. Its very nice and has a minimal maintenance. 

-Bellamkonda Sudhakar

VSFTPD Virtual Users creation BASH Script How To

The BASH scripts presented here are for the VSFTPD server that has been setup using the how to article here http://sudhakarbellamkonda.blogspot.com/2011/11/vsftpd-virtual-users-and-shell-users.html

Do these changes before using the scripts assuming that you have root access.

Create the following vuser subfolder in /etc/vsftpd/ if not done already

#cd /etc/vsftpd
#mkdir vuser


Download the scripts bundle and untar then in /etc/vsftpd/vuser folder
Click here to download http://www.mediafire.com/?j9anm89c8v6pt84
Latest versions and info maintained at vsftpd-virtualuser-bash-scripts 

The scripts:
vuserchk - checks the necessary files and folders necessary for these scripts
vuser.conf - the file containing configuration parameters for these scripts
vuseradd - adds a virtual user
vuserdel - delets a virtual user
vuserres - restores a deleted user
vuserpas - changes a virtual user password
vusersho - displays the user password

The scripts are very verbose and will display messages and errors which are self explanatory.


What the scripts not do:
Deleting a user will remove the user from the active list and the ftp home folder is renamed to $USER-deleted and the deleted user details are copied to a user deleted list. A script to archive and move the tarball to an archive folder is on the back burner.

Panic not be Cautious: Use the scripts wisely and carefully. Please backup before any use at production servers. The scripts have been tested and used without any errors or problems.

Six are the scripts: These scripts are very non intrusive and have a simple logic flow. Prerequisites are BASH, GAWK, SED for the scripts to work. I am hoping to introduce more functionality into the scripts and add a local user ftp home sync'er and a deleted folder archiver, once finished will add them here.

Test them, deploy for ease of mind and relax and let the scripts do the work :).

Thursday, 1 December 2011

VSFTPD Virtual Users and Shell Users How To

This How To describes a detailed instruction set which when used enables the virtual user access option within VSFTPD server. This document assumes that you already have a working VSFTPD server which has got local shell user access to it, if you don't then follow the instructions at this link to setup the server. http://sudhakarbellamkonda.blogspot.com/2011/11/vsftpd-how-to-quick-and-dirty.html

The server being used here is a Linux Cent OS Minimal installation build.
Cent OS 6
VSFTPD 2.2.2

The virtual users home folders will be under /var/ftp/. You need to have either 'su' permissions or 'root' access or 'sudo' access.

As authentication will be required pam_userdb is a good option and is installed by default. Check with 

#yum info db4-utils

Install it with

#yum install db4-utils as necessary

 
Create the virtual users:

Now cd to /etc/vsftpd and prepare the .txt user file with the usernames and passwords. This file will have a username in single line and the password in the next as shown. It is good practice to put these in a separate folder.

sudhakar
password1
bellamkonda
password2
#cd /etc/vsftpd/
#mkdir vuser
#cd vuser
A pwd should show /etc/vsftpd/vuser, now create the file
#vim vuser_list

Add your users and save it. This file now needs to be hashed with the DB4-util db_load so that vsftpd along with pam can use it for authentication.

#db_load -T -t hash -f /etc/vsftpd/vuser/vuser_list /etc/vsftpd/vuser/vuser_db.db

A hashed DB file of the vuser_list is created named vuser_db.db. Note that the file has a .db extension and this is necessary.


Enable Authentication with PAM:

Now append to the file /etc/pam.d/vsftpd for this virtual user authentication to work.

#cd /etc/pam.d/
#vi vsftpd
auth     sufficient pam_userdb.so db=/etc/vsftpd/vuser/vuser_db
account  sufficient pam_userdb.so db=/etc/vsftpd/vuser/vuser_db
Put these two lines at the very top of the file just below the #%PAM-1.0 line and save it. PAM_Userdb will automatically append the extension .db to the file specified in the path. This way you can have both real shell users and virtual users using the same instance of the daemon rather than starting two process of vsftpd.


Append Options to vsftpd.conf:

Do the following changes to the vsftpd config file at /etc/vsftpd/vsftpd.conf
guest_enable=YES - activate the virtual users
virtual_use_local_privs=YES -
virtual users have local priveleges
user_sub_token=$USER
local_root=/var/ftp/vuser/$USER -
# specifies a home directory for each virtual userchroot_local_user=YES - Restricting the user to the FTP area and HOME dir's only
 Also disable SELinux in /etc/selinux/config so that the virtual user can write to the virtual directories under /var/ftp/vuser/$USER. Now change to the virtual user folder

Create the Virtual User Folders:

#cd /var/ftp
#mkdir vuser
#mkdir vuser/sudhakar
#mkdir vuser/bellamkonda
#chown -R ftp:ftp /etc/ftp/vuser/

Create system links with ln -s of all the /home/ folders under /var/ftp/vuser/ so that when the users login VSFTPD will chroot to their respective folders.
BASH Scripts and how to article for automation is at http://sudhakarbellamkonda.blogspot.com/2011/12/vsftpd-virtual-users-creation-bash.html
Scripts maintained at vsftpd-virtualuser-bash-scripts.


For Local Users:

In folder /var/ftp/vuser/
#mkdir yourlocaluser
#chown ftp:ftp yourlocaluser
#ln -s /var/ftp/vuser/yourlocaluser /home/yourlocaluser/ftphome


All file uploaded will be owned by the user ftp:ftp.


Starting the server and testing:


Start the service

#service vsftpd start

Or restart it if already started with

#service vsftpd restart

From a different box connect to this server. Go on, you can use either a GUI or a cli client.

All set, go on use the FTP server, it is ready to serve.

Wednesday, 30 November 2011

VSFTPD How To : Quick and Dirty

Vsftpd is the most popular FTP server in the Linux world and is secure and fast. Recently I had to configure a FTP server quickly on to a Cent OS server setup built using the minimal ISO and the server was up and running in a snap.

The server being used here is a Linux Cent OS Minimal installation build.
Cent OS 6
VSFTPD 2.2.2

Follow these:
$su - root

At the root shell

#yum install vsftpd

This installs the daemon from the distributions repository. A default config file is placed with the most basic and necessary options. Now edit the config file at /etc/vsftpd/config using your favourite editor e.g. vi.

#cd /etc/vsftpd/
#vi config

In this file comment/add or uncomment the following and leave the rest as is.

anonymous_enable=NO
This is set to YES by default.

local_enable=YES This is set to NO by default and change when you want the local users to have ftp access.

xferlog_enable=Yes This is set to NO by default. Your logs will be written to /var/log/xferlog.

Common Pitfalls & Panic Areas:
Most Linux's not have SELinux installed by default and this gives an error when the installer does not take care of the Selinux policy's. The error is as follows

500 OOPS: cannot change directory:/home/someuser

This can be fixed by either disabling the selinux or setting the selinux boolean option.

Disabling SELinux do these
#vi /etc/selinux/config
In this file set the option to disabled.
SELINUX=disabled

Setting SELinux for ftp access do these
#getsebool -a | grep ftp
This will list a group of ftp boolean options, ftp_home_dir will by default be off. Set it on by
#setsebool -P ftp_home_dir on
This might take a min or two, wait till the prompt comes back. You can check by using the getsebool command again.
If you need both local and virtual users then use this article http://sudhakarbellamkonda.blogspot.com/2011/11/vsftpd-virtual-users-and-shell-users.html

Starting the server and testing:
Now set the service to start automatically at startup.
#chkconfig --levels 345 vsftpd on
Start the service
#service vsftpd start

From a different box connect to this server. Go on, you can use either a GUI or a cli client.

All set, the FTP server is ready to serve.