Chapter 15. File Transfer Protocol
File Transfer Protocol (FTP) is one of the oldest and most commonly used protocols found on the Internet today. Its purpose is to reliably transfer files between computer hosts on a network without requiring the user to log directly into the remote host or have knowledge of how to use the remote system. It allows users to access files on remote systems using a standard set of simple commands.
The Very Secure FTP Daemon (
vsftpd
) is designed from the ground up to be fast, stable, and, most importantly, secure. Its ability to handle large numbers of connections efficiently and securely is why vsftpd
is the only stand-alone FTP distributed with Red Hat Enterprise Linux.
In Red Hat Enterprise Linux, the vsftpd package provides the Very Secure FTP daemon. Enter the following command to see if vsftpd is installed:
~]$ rpm -q vsftpd
package vsftpd is not installed
If you want an FTP server and the vsftpd package is not installed, use the
yum
utility as the root user to install it:
~]# yum install vsftpd
15.1. Types
The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
By default, anonymous users have read access to files in the
/var/ftp/
directory when they log in using FTP. This directory is labeled with the public_content_t
type, allowing only read access, even if write access is configured in /etc/vsftpd/vsftpd.conf
. The public_content_t
type is accessible to other services, such as Apache HTTP Server, Samba, and NFS.
Use one of the following types to share files through FTP:
public_content_t
- Label files and directories you have created with the
public_content_t
type to share them read-only throughvsftpd
. Other services, such as Apache HTTP Server, Samba, and NFS, also have access to files labeled with this type. Files labeled with thepublic_content_t
type cannot be written to, even if Linux permissions allow write access. If you require write access, use thepublic_content_rw_t
type. public_content_rw_t
- Label files and directories you have created with the
public_content_rw_t
type to share them with read and write permissions throughvsftpd
. Other services, such as Apache HTTP Server, Samba, and NFS, also have access to files labeled with this type. Remember that Booleans for each service must be enabled before they can write to files labeled with this type.