First install the vsftpd package
#yum install vsftpd
after that edit the /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
ftpd_banner=Welcome to blah FTP service.
listen=YES
local_root=/var/ftp/upload
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
then edit tcpwrappers /etc/hosts.allow
vsftpd: ALL
Lets set the iptables:
#iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT
don’t forget to put
IPTABLES_MODULES=”ip_conntrack_ftp”
into /etc/sysconfig/iptables-config
set rights and user for the upload dir:
#chmod 666 /var/ftp/upload
#chown ftp:ftp /var/ftp/upload
So now we need also a rule for selinux that the anonymous users are allowed to write or upload to my /var/ftp/upload directory
setsebool -P allow_ftpd_anon_write=1
you also need to set the correct filetype for selinux which is:
public_content_t and public_content_rw_t
this can be done with the command:
chcon -t public_content_t /var/ftp/
chcon -t public_content_rw_t /var/ftp/upload
if you messed up to much with the types you could also use the command:
#restorecon /var/ftp/upload
don’t forget to put
IPTABLES_MODULES=”ip_conntrack_ftp”
into /etc/sysconfig/iptables-config
Thanks for the tip
public_content_t is different from public_content_rw_t.
yes public_content_t would be used for /var/ftp. Thank you for that. I corrected the walk thru
Quote
———————————————————
don’t forget to put
IPTABLES_MODULES=”ip_conntrack_ftp”
into /etc/sysconfig/iptables-config
——————————————————–
Thanks a lot. It created lots of troble to me… and here I got the medicine. Thanks again.
hi what is the purpose of ip_conntrack_ftp.
You’ll find the answer here:
http://books.google.com/books?id=PyqjvNNltqYC&pg=PA447&lpg=PA447&dq=%22ip_conntrack_ftp%22+tracks+tcp+connection&source=bl&ots=XDkL7CSDcO&sig=wMnTmiFkVx-4w4FHPkTEIvnj1nY&hl=en&sa=X&ei=QNGiT5HPNoWcgQfQ-pjxCA&ved=0CEEQ6AEwAg#v=onepage&q=%22ip_conntrack_ftp%22%20tracks%20tcp%20connection&f=false