开启SELinux后,vsftp被阻止的解决办法

解决办法有2个:

1. 降低SELinux安全级别,把enforcing降低到permissive

vi /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=permissive

2. 通过设置SELinux选项。

首先查看SELinux中有关FTP的设置状态:

getsebool -a|grep ftp

allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
allow_tftp_anon_write --> off
ftp_home_dir --> off
ftpd_connect_db --> off
ftpd_disable_trans --> on
ftpd_is_daemon --> on
httpd_enable_ftp_server --> off
tftpd_disable_trans --> off

 

 

 

 

 

经过尝试发现,打开ftp_home_dir或者 ftpd_disable_trans。都可以达到在enforcing级别下,允许FTP正常登录的效果。

setsebool -P ftp_home_dir 1
#CentOS6里,是这样
setsebool -P allow_ftpd_full_access 1

service vsftpd restart

 


加-P是保存选项,每次重启时不必重新执行这个命令了。最后别忘了在/etc/sysconfig/selinux中,修改SELINUX=enforcing。

 

 

 



[caption id="attachment_309" align="aligncenter" width="300"]centos centos[/caption]
热门标签