Relationship between vsFTPd servers, firewalls, and SELINUX

The relationship between vsFTPd servers and firewalls and SELINUX-Linux Enterprise Application-Linux server application information. For more information, see the following. 1. Relationship between vsFTPd server and firewall and SELINUX

On the forum, I saw some brothers saying that the vsFTPd server was started normally but could not be accessed or users could not upload files. I felt like a firewall or SELINUX thing; the FTPD server may be protected by the firewall or SELINUX security mechanism. Therefore, you must have the firewall over ftp, and SELINUX over the ftp server;

In Fedora/Redhat/CentOS, you need to set up a firewall, you can turn off the firewall, or in the custom, let the ftp "through" firewall;

[Root @ localhost ~] # System-config-securitylevel-tui

Or run the following command to clear firewall rules (common );

[Root @ localhost beinan] # iptables-F

The explanation of SELINUX server may be difficult for veteran or novice users. We recommend that you use SELINUX or allow the vsFTPd server to skip SELINUX startup; this is effective when the vsFTPd server is started in Fedora/Redhat/CentOS;

Of course, you can also disable SELINUX. The configuration file in/etc/selinux/config is as follows;

/Etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX = can take one of these three values:
# Enforcing-SELinux security policy is enforced.
# Permissive-SELinux prints warnings instead of enforcing.
# Disabled-SELinux is fully disabled.
SELINUX = Disabled # in this way, The SELINUX server is turned off. restart the system;
# SELINUXTYPE = type of policy in use. Possible values are:
# Targeted-Only targeted network daemons are protected.
# Strict-Full SELinux protection.
SELINUXTYPE = targeted

2.500 OOPS: vsftpd: refusing to run with writable anonymous root

If we have started the vsFTPd server, but the logon test will show a message similar to the following;

500 OOPS: vsftpd: refusing to run with writable anonymous root

This indicates that the permissions on the home directory of the ftp user are incorrect and should be changed;

[Root @ localhost ~] # More/etc/passwd | grep ftp
Ftp: x: 1000: 1000: FTP User:/var/ftp:/sbin/nologin

We found that the ftp user's home directory is in/var/ftp, which is caused by incorrect/var/ftp permissions. the permissions of this directory cannot be opened; it is because you have run chmod 777/var/ftp. If you do not have an ftp user's home directory, you must create one by yourself;

The Home Directory of the following FTP users cannot be fully open to all users, user groups, and other user groups;

[Root @ localhost ~] # Ls-ld/var/ftp
Drwxrwxrwx 3 root 4096 2005-03-23/var/ftp

The following method should be used to correct this error;

[Root @ localhost ~] # Chown root: root/var/ftp
[Root @ localhost ~] # Chmod 755/var/ftp

Some may say, What should I do if anonymous users are readable, downloadable, and uploadable? This is also simple. You can create a directory under/var/ftp and set the permission to 777. Then you can change vsftpd. conf to OK. There is no difficulty;

For security considerations, vsFTPd does not allow ftp users' home directory permissions to be completely unrestricted. You can read the vsFTPd documentation to understand it; otherwise, it cannot be called the safest FTP server, right?