vsftp配置小问题

VSFTP配置——禁止访问上级目录

1.修改/etc/vsftpd.conf,修改以下三个参数

chroot_local_user=NO  
chroot_list_enable=YES  
chroot_list_file=/etc/vsftpd/chroot_list

2.此时可能会出现500 OOPS: vsftpd: refusing to run with writable root inside chroot()这样的错误,
解决方法:
/etc/vsftpd.conf中添加allow_writeable_chroot=YES
参考:500 OOPS: vsftpd: refusing to run with writable root inside chroot() Login failed on debian
3.注意文件夹权限(将文件夹权限改为755OK)
4.SELINUX可能会导致文件无法上传等问题,
解决方法:

1). 降低SELinux安全级别,把enforcing降低到permissive
vi /etc/sysconfig/selinux

\# This file controls the state of SELinux on the system.

\# SELINUX= can take one of these three values:

\#       enforcing - SELinux security policy is enforced.

\#       permissive - SELinux prints warnings instead of enforcing.

\#       disabled - SELinux is fully disabled.
SELINUX=permissive

2).经过研究,又找到了另一个更理想的办法。首先查看SELinux中有关FTP的设置状态:

getsebool -a|grep ftp

allow_ftpd_anon_write --> off

allow_ftpd_full_access --> off

allow_ftpd_use_cifs --> off

allow_ftpd_use_nfs --> off

allow_tftp_anon_write --> off

ftp_home_dir --> off

ftpd_connect_db --> off

ftpd_disable_trans --> on

ftpd_is_daemon --> on

httpd_enable_ftp_server --> off

tftpd_disable_trans --> off

参考:修改SELinux设置,使vsftp在enforcing security enhance模式下正常运行

2014-10-16 09:04179