Vsftp Anonymous User Configuration under Linux

Configuration of Vsftp Anonymous user uploads and downloads under Linux

Configuration to pay attention to three parts, please one by one carefully control:

1. Configuration of vsftpd.conf files (vi/etc/vsftpd/vsftpd.conf)

# Allow anonymous users to log on to FTP

Anonymous_enable=yes

# Set the login directory for anonymous users (if required, add and modify them yourself)

Anon_root=/var/ftp/pub

# Open Upload permissions for anonymous users

Anon_upload_enable=yes

# Open Anonymous user permissions to create a directory

Anon_mkdir_write_enable=yes

# Open Anonymous user permissions to delete and rename (if required, add it yourself)

Anon_other_write_enable=yes

#匿名用户的掩码 (if necessary, add it yourself, meaning: If Umask is 022, then create a file with permission 666, the actual permissions of the file is 666-022=644)

anon_umask=022

2, the FTP directory permissions settings

By default, the FTP root directory is/var/ftp, for security, this directory by default does not allow the set to 777 permissions, otherwise FTP will not be accessible. But we want to upload files anonymously, need "other" user's write permission, the correct way:

In the/var/ftp set up a upload (the name of their own) folder, set the folder permissions to 777 (depending on the need to set their own), in upload this folder, anonymous users can upload files, create folders, delete files and so on.

In general, the implementation of VSFTPD anonymous users upload and download. If not, it is the following question.

3. SELinux Configuration

SELinux (security-enhanced Linux) is the United States National Security Agency (NAS) for the implementation of mandatory access control, Linux is the most outstanding new security subsystem. The NSA, with the help of the Linux community, has developed an access control system that, under the constraints of the access control system, can access only those files that are needed in his tasks. SELinux is installed on Fedora and Red Hat Enterprise Linux By default and can also be used as an easy-to-install package on other distributions.

The simplest way to close selinux

Method 1: Modify the Selinux= "" in the/etc/selinux/config file to Disabled, and then restart.

Method 2: Use the command Setenforce 0 without rebooting. (Format of Setenforce: Setenforce [Enforcing | Permissive | 1 | 0])

Method 3: Add in Lilo or grub boot parameters: selinux=0, or you can turn selinux off.

Use Getenforce to see if the current SELinux is running.

If you do not turn off SELinux, you should set the SELinux FTP permissions.

1. Using Getsebool-a | grep FTP View FTP Related settings state, we want to set Allow_ftpd_anon_write to on.

2, use Setsebool-p to set. Example: Setsebool-p allow_ftpd_anon_write=on.

or use Togglesebool to reverse bool values, such as Togglesebool Allow_ftpd_anon_write.

3, modify the SELinux security context, first introduce two commands:

Command 1, ls-z ps-z id-z # can see the SELinux properties of files, processes and users respectively

Command 2, #chcon change the SELinux security context

chcon-u [User] Object

-R [Role]

-T [Type]

-R recursion

--reference source file Destination File # Copy security context

How to use:

Step 1, ls-zd/var/ftp/upload/will usually see:

Drwxr-xr-x FTP root system_u:object_r:public_content_t/var/ftp/upload/

Step 2, Chcon-r-T public_content_rw_t/var/ftp/upload/

Step 3, ls-zd/var/ftp/upload/if you see the following information is OK:

Drwxr-xr-x FTP root system_u:object_r:public_content_rw_t/var/ftp/upload/

Finally, restart the SELinux and vsftpd, do not restart in fact it does not matter. Re-login to FTP, you should be able to solve the problem.

In addition, the SELinux graphical interface can be accessed by the System-config-selinux command.

In this respect, I hope to help you.

Vsftp Anonymous User Configuration under Linux