Shulou(Shulou.com)06/03 Report--

About the configuration of uploading and downloading of vsftp anonymous users under Linux

There are three parts to pay attention to in the configuration. Please compare them carefully:

1. Configuration of vsftpd.conf file (vi / etc/vsftpd/vsftpd.conf)

# allow anonymous users to log in to FTP anonymous_enable=YES # set the login directory for anonymous users (add and modify it yourself if necessary) anon_root=/var/ftp/pub # turn on the upload permission of anonymous users anon_upload_enable=YES # turn on the permission of anonymous users to create directories anon_mkdir_write_enable=YES # turn on the rights of anonymous users to delete and rename (if necessary Need to add your own) anon_other_write_enable=YES # the mask of anonymous users (add it yourself if necessary, meaning: for example, if umask is 022, create a file with permissions of 666. The actual permissions of the file are 666-022. 644) anon_umask=022

2. Permission settings of ftp directory

By default, the root directory of ftp is / var/ftp. For security, this directory is not allowed to be set to 777 permissions by default, otherwise ftp will not be able to access it. But if we want to upload files anonymously, we need the write permission of "other" user. The correct way to do this is:

Create a upload folder in / var/ftp and set the permissions of each folder to 777. in the upload folder, anonymous users can upload files, create folders, delete files, etc.

Generally at this point, the upload and download of vsftpd anonymous users has been realized. If it doesn't work, it's the following problem.

3. Configuration of selinux

SELinux (Security-Enhanced Linux) is the implementation of mandatory access control by the National Security Agency (NAS), and it is the most outstanding new security subsystem on Linux. NSA developed an access control system with the help of the Linux community. Under the restriction of this access control system, the process can only access the files needed in his task. SELinux is installed by default on Fedora and Red Hat Enterprise Linux, and is also available as a package that is easy to install on other distributions.

The easiest way to do this is to shut down selinux

Method 1: change the SELINUX= "" in the / etc/selinux/config file to disabled, and then restart.

Method 2: use the command setenforce 0 without restarting. (format of setenforce: setenforce [Enforcing | Permissive | 1 | 0])

Method 3: add: selinux=0 to the startup parameters of lilo or grub, or you can turn off selinux.

Use getenforce to see if the current selinux is running.

If you do not turn off selinux, you will set the ftp permission for selinux.

1. Use getsebool-a | grep ftp to check the status of ftp-related settings. We need to set allow_ftpd_anon_write to on.

2. Use setsebool-P to set up. Example: setsebool-P allow_ftpd_anon_write=on.

Or use togglesebool to reverse the Bool value, such as togglesebool allow_ftpd_anon_write.

3. To modify the selinux security context, introduce two commands:

Command 1, ls-Z ps-Z id-Z # can see the file, respectively Process and user SELinux attribute commands 2, # chcon change SELinux security context chcon-u [user] object-r [role]-t [type]-R recursion-reference source file target file # copy security context

How to use it:

Step 1. Ls-Zd / var/ftp/upload/ will usually see:

Drwxr-xr-x ftp root system_u:object_r:public_content_t / var/ftp/upload/

Step 2. Chcon-R-t public_content_rw_t / var/ftp/upload/

Step 3. Ls-Zd / var/ftp/upload/ will OK if you see the following information:

Drwxr-xr-x ftp root system_u:object_r:public_content_rw_t / var/ftp/upload/

Finally, restart selinux and vsftpd. It doesn't matter if you don't restart. Logging back into ftp should solve the problem.

In addition, the graphical interface of selinux can be accessed by the system-config-selinux command.

These are the details of what to do if linux cannot be downloaded. Please pay more attention to other related articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.