vsftpd
) is designed from the ground up to be fast, stable, and, most importantly, secure. Its ability to handle large numbers of connections efficiently and securely is why vsftpd
is the only stand-alone FTP distributed with Red Hat Enterprise Linux.
[33]
rpm -q vsftpd
to see if vsftpd is installed:
$ rpm -q vsftpd
yum install vsftpd
vsftpd
, runs confined by default. SELinux policy defines how vsftpd
interacts with files, processes, and with the system in general. For example, when an authenticated user logs in via FTP, they can not read from or write to files in their home directories: SELinux prevents vsftpd
from accessing user home directories by default. Also, by default, vsftpd
does not have access to NFS or CIFS file systems, and anonymous users do not have write access, even if such write access is configured in /etc/vsftpd/vsftpd.conf
. Booleans can be turned on to allow the previously mentioned access.
rpm -q vsftpd
to see if the vsftpd package is installed. If it is not, run yum install vsftpd
as the root user to install it.
vsftpd
only allows anonymous users to log in by default. To allow authenticated users to log in, edit /etc/vsftpd/vsftpd.conf
as the root user. Uncomment the local_enable=YES
option:
# Uncomment this to allow local users to log in. local_enable=YES
service vsftpd start
as the root user to start vsftpd
. If the service was running before editing vsftpd.conf
, run service vsftpd restart
as the root user to apply the configuration changes:
service vsftpd start Starting vsftpd for vsftpd: [ OK ]
ftp localhost
as the user you are currently logged in with. When prompted for your name, make sure your username is displayed. If the correct username is displayed, press Enter, otherwise, enter the correct username:
$ ftp localhost Connected to localhost (127.0.0.1). 220 (vsFTPd 2.1.0) Name (localhost:username): 331 Please specify the password. Password: Enter your password 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp>
ls
command from the ftp
prompt. With the ftp_home_dir
Boolean off, SELinux prevents vsftpd
access to home directories, resulting in this command failing to return a directory listing:
ftp> ls 227 Entering Passive Mode (127,0,0,1,225,210). 150 Here comes the directory listing. 226 Transfer done (but failed to open directory).
/var/log/messages
:
setroubleshoot: SELinux is preventing the ftp daemon from reading users home directories (username). For complete SELinux messages. run sealert -l c366e889-2553-4c16-b73f-92f36a1730ce
ftp_home_dir
Boolean by running the following command as the root user:
# setsebool -P ftp_home_dir=1
Note
ls
command again from the ftp
prompt. Now that SELinux is allowing home directory browsing via the ftp_home_dir
Boolean, the directory is displayed:
ftp> ls 227 Entering Passive Mode (127,0,0,1,56,215). 150 Here comes the directory listing. -rw-rw-r-- 1 501 501 0 Mar 30 09:22 file1 -rw-rw-r-- 1 501 501 0 Mar 30 09:22 file2 226 Directory Send OK. ftp>