Red Hat Summit Red Hat SummitSupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

2.2.6.2. Anonymous Access

The presence of the /var/ftp/ directory activates the anonymous account.
The easiest way to create this directory is to install the vsftpd package. This package establishes a directory tree for anonymous users and configures the permissions on directories to read-only for anonymous users.
By default the anonymous user cannot write to any directories.

Warning

If enabling anonymous access to an FTP server, be aware of where sensitive data is stored.

Procedure 2.1. Anonymous Upload

  1. To allow anonymous users to upload files, it is recommended to create a write-only directory within the /var/ftp/pub/ directory. Run the following command as root to create such directory named /upload/: 
    ~]# mkdir /var/ftp/pub/upload
    Copy to Clipboard Toggle word wrap
  2. Next, change the permissions so that anonymous users cannot view the contents of the directory: 
    ~]# chmod 730 /var/ftp/pub/upload
    Copy to Clipboard Toggle word wrap
    A long format listing of the directory should look like this: 
    ~]# ls -ld /var/ftp/pub/upload
drwx-wx---. 2 root ftp 4096 Nov 14 22:57 /var/ftp/pub/upload
    Copy to Clipboard Toggle word wrap

    Note

    Administrators who allow anonymous users to read and write in directories often find that their servers become a repository of stolen software.
  3. Under vsftpd, add the following line to the /etc/vsftpd/vsftpd.conf file: 
    anon_upload_enable=YES
    Copy to Clipboard Toggle word wrap
  4. In Red Hat Enterprise Linux, the SELinux is running in Enforcing mode by default. Therefore, the allow_ftpd_anon_write Boolean must be enabled in order to allow vsftpd to upload files: 
    ~]# setsebool -P allow_ftpd_anon_write=1
    Copy to Clipboard Toggle word wrap
  5. Label the /upload/ directory and its files with the public_content_rw_t SELinux context: 
    ~]# semanage fcontext -a -t public_content_rw_t '/var/ftp/pub/upload(/.*)'
    Copy to Clipboard Toggle word wrap

    Note

    The semanage utility is provided by the policycoreutils-python package, which is not installed by default. To install it, use the following command as root: 
    ~]# yum install policycoreutils-python
    Copy to Clipboard Toggle word wrap
  6. Use the restorecon utility to change the type of /upload/ and its files: 
    ~]# restorecon -R -v /var/ftp/pub/upload
    Copy to Clipboard Toggle word wrap
    The directory is now properly labeled with public_content_rw_t so that SELinux in Enforcing mode allows anonymous users to upload files to it: 
    ~]$ ls -dZ /var/ftp/pub/upload
drwx-wx---. root root unconfined_u:object_r:public_content_t:s0 /var/ftp/pub/upload/
    Copy to Clipboard Toggle word wrap
    For further information about using SELinux, see the Security-Enhanced Linux User Guide and Managing Confined Services guides.
Retour au début
Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2025 Red Hat