RHEL6 vsftp anonymous access selinux

Posted on by laurent

First install the vsftpd package

#yum install vsftpd

after that edit the /etc/vsftpd/vsftpd.conf

anonymous_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
ftpd_banner=Welcome to blah FTP service.
listen=YES
local_root=/var/ftp/upload
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

then edit tcpwrappers /etc/hosts.allow

vsftpd: ALL

Lets set the iptables:

#iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT

don’t forget to put
IPTABLES_MODULES=”ip_conntrack_ftp”
into /etc/sysconfig/iptables-config

set rights and user for the upload dir:

#chmod 666 /var/ftp/upload

#chown ftp:ftp /var/ftp/upload

So now we need also a rule for selinux that the anonymous users are allowed to write or upload to my /var/ftp/upload directory

setsebool -P allow_ftpd_anon_write=1

you also need to set the correct filetype for selinux which is:

public_content_t and public_content_rw_t

this can be done with the command:

chcon -t public_content_t /var/ftp/

chcon -t public_content_rw_t /var/ftp/upload

if you messed up to much with the types you could also use the command:

#restorecon /var/ftp/upload

7 thoughts on “RHEL6 vsftp anonymous access selinux

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Hit Counter provided by laptop reviews