Shulou(Shulou.com)06/01 Report--

This article mainly shows you "how to configure vsftpd anonymous user upload and download", the content is simple and easy to understand, organized clearly, I hope to help you solve doubts, let Xiaobian lead you to study and learn "how to configure vsftpd anonymous user upload and download" this article bar.

1. Configuration of vsftpd.conf file (vi /etc/vsftpd/vsftpd.conf)

#Allow anonymous users to log in to FTP anonymous_enable=YES #Turn on upload permissions for anonymous users anon_upload_enable=YES #Turn on create directories permissions for anonymous users anon_mkdir_write_enable=YES #Turn on delete and rename permissions for anonymous users anon_other_write_enable=YES #Mask of anonymous user (if necessary, add it yourself, meaning: if umask is 022, then create a file with permission 666, the actual permission of the file is 666-022=644) anon_umask=022

2. Permission settings for ftp directory

By default, the root directory of ftp is/var/ftp. For security reasons, this directory is not allowed to be set to 777 permissions by default, otherwise ftp will not be accessible. But we want to upload files anonymously, we need the write permission of the "other" user, the correct way:

Create an upload folder in/var/ftp and set the folder permissions to 777 (set them as needed). In this upload folder, anonymous users can upload files, create folders, delete files, etc.

vsftpd has enhanced security checks so that if a user is restricted to his home directory, the user's home directory can no longer have write permissions.

The command chmod a-w /var/ftp can be used to remove write permissions from a user's home directory

At this point, the upload and download of vsftpd anonymous users are generally realized. If not, then the following question.

3. Selinux configuration

SELinux(Security-Enhanced Linux) is the National Security Agency's (NAS) implementation of mandatory access control and is the most prominent new security subsystem on Linux. NSA developed an access control system with the help of the Linux community, under which a process can access only those files it needs for its task. SELinux is installed by default on Fedora and Red Hat Enterprise Linux and is also available as an easy-to-install package on other distributions.

The easiest way is to shut down selinux.

Method 1: Use the command setenforce 0 without restarting. (Format of setenforce: setenforce [Enforcement])| Permissive | 1 | 0 ]）

Method 2: Add selinux=0 to the startup parameters of lilo or grub, or turn selinux off.

Use getenforce to see if selinux is currently running.

If you don't turn selinux off, you have to set ftp permissions for selinux.

1. Use getsebool -a| grep ftp To check the status of ftp related settings, we want to set allow_ftpd_anon_write to on.

2. Use setsebool -P to set it. setsebool -P allow_ftpd_anon_write= on.

Or use togglesbool to negate the bool value, such as togglesbool allow_ftpd_anon_write.

3. To modify the selinux security context, first introduce two commands:

Command 1, ls -Zps -Zid -Z#can see SELinux properties of files, processes and users respectively

Command 2,#chcon Change SELinux Security Context

chcon -u [user] object-r [role] -t [type] -R recursion--reference source file destination file #copy security context

How to use:

The requested URL/ftp/upload/index.php was not found on this server.

drwxr-xr-x ftp root system_u:object_r:public_content_t /var/ftp/upload/

The requested URL/ftp/upload/index.php was not found on this server.

The requested URL/ftp/upload/index.php was not found on this server.

drwxr-xr-x ftp root system_u:object_r:public_content_rw_t /var/ftp/upload/

Finally or restart under selinux and vsftpd bar, do not restart actually does not matter. Re-logging into ftp should fix the problem.

Also, the graphical interface for selinux can be accessed with the system-config-selinux command.

The above is "how to configure vsftpd anonymous user upload and download" all the content of this article, thank you for reading! I believe that everyone has a certain understanding, hope to share the content to help everyone, if you still want to learn more knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.