二.基于ftp的selinux配置
[root@localhost ~]# yum install vsftpd -y
添加用户如下
[root@localhost Server]# useradd u1
[root@localhost Server]# passwd u1
[root@localhost ~]# cd /home/u1
[root@localhost u1]# vim u1.txt #创建文件用于测试
U1登录
[root@localhost Server]# ftp 127.0.0.1
ftp> dir
227 Entering Passive Mode (127,0,0,1,49,10)
150 Here comes the directory listing.
226 Directory send OK.
ftp> pwd
257 "/home/u1"
并没有发现u1.txt这个文件
查看日志:
Dec 22 21:52:18 localhost setroubleshoot: SELinux is preventing the ftp daemon from reading users home directories (/home/u1/u1.txt). For complete SELinux messages. run sealert -l f4d80bc3-3352-46c7-8aed-882c00493214 #selinux拒绝访问自己的家目录文件
图形化解决
[root@localhost ~]# system-config-selinux
可以设置如下:把标准的选项勾选上就ok了
也可以通过命令设置
[root@localhost ~]# getsebool -a
ftp_home_dir --> off
ftpd_connect_db --> off
ftpd_disable_trans --> off
ftpd_is_daemon --> on
将有关选项设置为ON
[root@localhost ~]# setsebool -P ftp_home_dir=ON
设置完以后就可以进行访问了
查看如下:
[root@localhost ~]# getsebool -a |grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
allow_tftp_anon_write --> off
ftp_home_dir --> on