Turn off the SELinux feature1. First check the status of the SELinux , command:getenforce[Email protected] ~]# Getenforce Disabled2. view selinux config file, command: cat/etc/selinux/config #thisfilecontrolsthestateof Selinuxonthesystem.#selinux=cantakeoneofthesethre
Code code as follows:
Getsebool-a|grep-i Httpd_can_network_connect
Httpd_can_network_connect--> off
Now I see, it turns out that SELinux restricts httpd's access to the outside world. Turn it on:
Copy Code code as follows:
Setsebool-p httpd_can_network_connect=1
If you are unfamiliar with SELinux, you can also directly modify the system configuration file/etc/sysconfig/
to specify the FTP user name in chroot_list one by one. It is also prone to omissions. We recommend that you use chroot_local_user.
2. Next, the problem arises. After SELinux is enabled, SELinux will prevent FTP daemon from reading the user's home directory. Therefore, FTP will output "500 Oops: cannot change directory ". Unable to enter directory, error exited.
There are two solutions:
1. Reduce
Disable selinux in CentOS7
Selinux must be disabled when Cobbler and Puppet are installed. However, after CentOS7 is downloaded and installed, SElinux is enabled by default,
As follows:[Csharp] view plaincopy
[Root @ rdo ~] # Sestatus
SELinuxstatus: enabled
SELinuxfsmount:/sys/fs/selinux
SELinuxrootdirectory:/etc/
Turning off SELinux should be replaced with user input variables, but that's fine.==========================================#! Bin/bashClearecho "--------------------"Echo-e "\033[34mthis file controls the state of SELinux on the system.\033[0m"Echo-e "\033[33m selinux\033[0m = can take one of these three values:"ECHO-E "\033[4me\033[0mnforcing-
Third-party libraries cannot be opened due to increased selinux privilege levels, which can be confirmed if Setenforce 0 is used. You need to add the appropriate permissions. Modify the Te permissions.To view the SELinux status:1,/usr/sbin/sestatus-v # #如果SELinux The status parameter is enabled is turned onSELinux status:enabled2. Getenforce # #也可以用这个命令检查To turn
Tags: System not root int isa method SYS spec COM1, vi/etc/vsftpd/vsftpd.conf# Specify an explicit list of the Local users to Chroot () to their home# directory. If Chroot_local_user is YES and then this list becomes a list of# users to not Chroot ().Chroot_local_user=yes# Chroot_list_enable=yes# (default follows)# chroot_list_file=/etc/vsftpd/chroot_list# Of course you can use the Chroot_list_enable=yes method. However, it is cumbersome to specify the FTP user name one by one in Chroot_list. Al
started in Fedora/Redhat/CentOS;
Of course, you can also disable SELINUX. The configuration file in/etc/selinux/config is as follows;
/Etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX = can take one of these three values:
# Enforcing-
; that is to say, the general method of 4.1 and vsFTPd server startup and shutdown is required; this is effective in Fedora/Redhat/CentOS to start vsFTPd server;
Of course, you can also disable SELINUX. The configuration file in/etc/selinux/config is as follows;
/Etc/selinux/config
# This file controls the state of SELinux
process UID to system, and then need to sign platform certificate for it, and I signed the relevant signature. Back with a full of information to debug when found there are new permissions anomalies, followed by the Adnroid5.1 introduced SELinux related permissions debugging, filtering the effective log as follows:avc:denied {net_admin} for capability=12 Scontext=u:r:system_app:s0 tcontext=u:r:system_app:s0Tclass=capability
vsFTPd server to skip SELINUX startup; this is effective when the vsFTPd server is started in Fedora/Redhat/CentOS;
Of course, you can also disable SELINUX. The configuration file in/etc/selinux/config is as follows;
/Etc/selinux/config# This file controls the state of SELinux
View SELinux Status: 1,/usr/sbin/sestatus-v # #如果SELinux The status parameter is enabled is on, SELinux Status:enabled2, Getenf Orce # #也可以用这个命令检查关闭SELinux: 1, temporary shutdown (without restarting the machine): Setenforce 0 # #设置SELinux become
To view the SELinux status:1,/usr/sbin/sestatus-v # #如果SELinux The status parameter is enabled is turned onSELinux status:enabled2. Getenforce # #也可以用这个命令检查To turn off SELinux:1, temporarily shut down (do not restart the machine):Setenforce 0 # #设置SELinux become permissive m
1, the root user login to the Linux system, and then enter the command after the prompt sestatus, you can see that the current SELinux function is in the open state.
2, enter the Vi/etc/sysconfig/selinux command after the prompt, enter the SELinux configuration file.
3, in the SELinux configuration file
To view the SELinux status:1,/usr/sbin/sestatus-v # #如果SELinux The status parameter is enabled is turned onSELinux status:enabled2. Getenforce # #也可以用这个命令检查To turn off SELinux:1, temporarily shut down (do not restart the machine):Setenforce 0 # #设置SELinux become permissive m
9 06:08:51 [localhost] mongod:about to fork child process, waiting until the server is ready for connections.
Nov 9 06:08:51 [localhost] mongod:forked process:18218
Nov 9 06:08:51 [localhost] mongod:child process STA RTed successfully, parent exiting
P.S. In addition to the above by prompting information to solve the problem, there is a more violent way, directly close the SELinux, but not very recommended.
# Setenforce 0
# getenforce
First, modify the file/etc/sysconfig/selinux as follows.# This file controls the state of SELinux in the system.# selinux= can take one of the these three values:# Enforcing-se Linux security Policy is enforced.# permissive-selinux prints warnings instead of enforcing.# disa
To view the SELinux status:1,/usr/sbin/sestatus-v | grep "SELinux Status:" # #如果SELinux the status parameter is enabled2, Getenforce # #除了上面的命令还可以使用这个命令, the output is permissive to close, enforcing to open.To turn off SELinux:1, temporary shutdown (do not restart the system
/selinux/config selinux= can take one Of these three values:enforcing default SELinux on run permissive selinux shutdown warning message disabled SELinux completely shut down selinux=
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.