It programmer development must-all kinds of resources download list, the most complete IT resources in history, personal collection summary.
Linux Open FTP (with: FTP Upload file error: Permission denied)
RHEL5 Open FTP
Vi/etc/xinetd.d/gssftp
The following:
# Default:off
# description:the kerberized FTP server accepts FTP connections \
# that can is authenticated with Kerberos 5.
Service FTP
{
Flags = Reuse
Socket_type = Stream
wait = no
user = root
Server =/USR/KERBEROS/SBIN/FTPD
Server_args =-l-a
Log_on_failure + + USERID
Disable = yes
}
of which
Server_args =-l-a changed to Server_args =-L
Restart FTP service after saving exit: Service xinetd restart
Disable = yes change to No
Upload file after landing error permission denied
Workaround:
Setsebool-p Ftpd_disable_trans 1 0752 2091936
The Setsebool command queried the relevant information.
is a selinux-related setup item
This is the SELinux set command.
In fact, man Setsebool also know:
Setsebool–set SELinux Boolean value
It is OK to turn off the selinux before you are unfamiliar with selnux. Have time to study the SELinux.
Redhat started with the FC3 and used SELinux to enhance security, but it was sometimes too cumbersome to close it, but it was hard to find a place to turn off if the server started without a graphical interface.
The correct approach is as follows: Modify the selinux= "" in the/etc/selinux/config file as disabled, and then reboot.
Here are some of the set commands collected
===ftp===
If you are want to share files anonymously
Chcon-r-T Public_content_t/var/ftp
If you are want to setup a directory where you can upload files
Chcon-t public_content_rw_t/var/ftp/incoming
You are must also turn on the Boolean allow_ftpd_anon_write
Setsebool-p allow_ftpd_anon_write=1
If you are are setting up this machine as a FTPD server and wish to allow users to access their home directorories
Setsebool-p Ftp_home_dir 1
If you are want to run ftpd as a daemon
Setsebool-p Ftpd_is_daemon 1
Can disable SELinux protection for the ftpd daemon
Setsebool-p Ftpd_disable_trans 1
===httpd===
If you are want a particular domain to write to the public_content_rw_t domain
Setsebool-p allow_httpd_anon_write=1
Or
Setsebool-p allow_httpd_sys__anon_write=1
HTTPD can be the setup to allow CGI s. executed
Setsebool-p httpd_enable_cgi 1
If you are want to allow access to users home directories
Setsebool-p Httpd_enable_homedirs 1
Chcon-r-T httpd_sys_content_t ~user/public_html
HTTPD is allowed access to the controling terminal
Setsebool-p Httpd_tty_comm 1
such that one httpd service can not interfere with another
Setsebool-p httpd_unified 0
Loadable modules run under the same context as httpd
Setsebool-p httpd_builtin_ing 0
httpd s are allowed to connect out to the network
Setsebool-p Httpd_can_network_connect 1
You can disable suEXEC transition
Setsebool-p Httpd_suexec_disable_trans 1
Can disable SELinux protection for the httpd daemon by executing
Setsebool-p Httpd_disable_trans 1
Service httpd Restart
===named===
If you are want to have named update the master zone files
Setsebool-p Named_write_master_zones 1
Can disable SELinux protection for the named daemon by executing
Setsebool-p Named_disable_trans 1
Service named restart
===nfs===
If you want to the setup this machine to share NFS partitions read only
Setsebool-p Nfs_export_all_ro 1
If you are want to share files Read/write
Setsebool-p NFS_EXPORT_ALL_RW 1
If you are want to use a sqlremote NFS server for the "Home directories on" This machine
Setsebool-p Use_nfs_home_dirs 1
===samba===
If you are want to share files other than home Directorie
Chcon-t samba_share_t/directory
If you are want to share the files with multiple domains
Setsebool-p allow_smbd_anon_write=1
If you are are setting up this machine as a Samba server and wish to share the home directories
Setsebool-p Samba_enable_home_dirs 1
If you have want to use a remote Samba server for the "Home directories on" This machine
Setsebool-p Use_samba_home_dirs 1
Can disable SELinux protection for the samba daemon by executing
Setsebool-p Smbd_disable_trans 1
Service SMB Restart
===rsync===
If you are want to share files using the rsync daemon
Chcon-t public_content_t/directories
If you are want to share the files with multiple domains
Setsebool-p allow_rsync_anon_write=1
Can disable SELinux protection for the rsync daemon by executing
Setsebool-p Rsync_disable_trans 1
===kerberos===
Allow your system to work properly in a Kerberos environment
Setsebool-p Allow_kerberos 1
If you are running Kerberos daemons kadmind or KRB5KDC
Setsebool-p Krb5kdc_disable_trans 1
Service KRB5KDC Restart
Setsebool-p Kadmind_disable_trans 1
Service Kadmind Restart
===nis===
Allow your system to work properly in a NIS environment
Setsebool-p Allow_ypbind 1