SELinux restrictions cause vsftp anonymous users to not upload files problem Resolution __linux

To ensure that the other configuration is correct, can not upload, that is selinux restrictions;

Solution steps:

getsebool-a | grep ftp                 //list FTP related rules Boolean open state
setsebool-p allow_ftpd_anon_write on        //Allow anonymous user to write to
ll-z/var/ftp/                         // View the specific properties of the FTP folder, including the security context
chcon-t public_content_rw_t/var/ftp/directory         //Set FTP directory can upload files

Query Boolean value is open:getsebool

Getsebool [-A] [Boolean clause value]

-A: Lists all Boolean clause values on the system set to open or closed values;

To set a Boolean value to turn on or off: Setsebool

Setsebool [-P] Boolean =[0|1]

-P: Writes the setting value directly to the configuration file, the setting data will take effect in the future;

Security context : In simple terms, it is considered to be the SELinux rwx is the necessary;

The subject cannot access the target except for the policy designation, the security context of the subject and the target must be consistent before it can be accessed smoothly; This security context is similar to the rwx of the file system;

The principal program must pass the rules within the SELinux policy before it can compare the security context with the target resource, then the resource cannot be accessed by the comparison failure, and the target will be accessed when the success begins.

Principal (process)-->selinux (profiling policy Rules)--> security Context-

(NO)-->AVC information on denial of access; (yes)--> target (object) data access, (final access, and reference to rwx permission settings)

The security context is mainly divided into three fields: (Available through ls-z view)

Identify:role:type

Identity ID:

Root: Represents the root account identity;

System_u: Identification of system procedures;

User_u: The general user account related identity;

Role:

Object_r: Representing file resources such as documents or directories;

System_r: Represents a process or a general user;

Type:

Types (type fields) are most important, and basically, whether a body process can read this file resource is related to the Type field;

The Type field is not the same as the process definition:

Type: is called types on a file resource (Object);

Domain: In the principal program (Subject), it is called domains;

re-set SELinux Context: Chcon and Restorecon

Chcon [-R] [-t type] [-u user] [r Role] File Chcon [-R]--reference= sample file File

-R: Along with the subdirectory under the same file, modify; -T: The Type field followed by the security context, such as httpd_sys_content_t; -U: Back-up identification, such as System_u; -R: After the role, such as System_r; --reference= sample file: Use a file as an example to modify subsequent file types;

Eg: Change the index.html type to httpd_sys_conten_t chcon-t httpd_sys_content_t/var/www/html/index.html

Chcon is the type data that handles the security context in a directly specified manner

Restorecon [-RV] File or directory

-R: Modified along with subdirectories; -V: Displays the procedure to the screen;

The Restorecon is corrected with the default security context;

Chcon Command Related: Http://man.linuxde.net/chcon