Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

4.4. Configuration Examples

4.4.1. Uploading to an FTP site
링크 복사

The following example creates an FTP site that allows a dedicated user to upload files. It creates the directory structure and the required SELinux configuration changes:
  1. Run the setsebool ftp_home_dir=1 command as the root user to enable access to FTP home directories.
  2. Run the mkdir -p /myftp/pub command as the root user to create a new top-level directory.
  3. Set Linux permissions on the /myftp/pub/ directory to allow a Linux user write access. This example changes the owner and group from root to owner user1 and group root. Replace user1 with the user you want to give write access to: 
    ~]# chown user1:root /myftp/pub
~]# chmod 775 /myftp/pub
    Copy to Clipboard Toggle word wrap
    The chown command changes the owner and group permissions. The chmod command changes the mode, allowing the user1 user read, write, and execute permissions, and members of the root group read, write, and execute permissions. Everyone else has read and execute permissions, which allows the Apache HTTP Server to read files from this directory.
  4. When running SELinux, files and directories must be labeled correctly to allow access. Setting Linux permissions is not enough. Files labeled with the public_content_t type allow them to be read by FTP, Apache HTTP Server, Samba, and rsync. Files labeled with the public_content_rw_t type can be written to by FTP. Other services, such as Samba, require Booleans to be set before they can write to files labeled with the public_content_rw_t type. Label the top-level directory (/myftp/) with the public_content_t type, to prevent copied or newly-created files under /myftp/ from being written to or modified by services. Run the following command as the root user to add the label change to file-context configuration: 
    ~]# semanage fcontext -a -t public_content_t /myftp
    Copy to Clipboard Toggle word wrap
  5. Run the restorecon -R -v /myftp/ command to apply the label change: 
    ~]# restorecon -R -v /myftp/
restorecon reset /myftp context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0
    Copy to Clipboard Toggle word wrap
  6. Confirm /myftp is labeled with the public_content_t type, and /myftp/pub/ is labeled with the default_t type: 
    ~]$ ls -dZ /myftp/
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 /myftp/
~]$ ls -dZ /myftp/pub/
drwxrwxr-x. user1 root unconfined_u:object_r:default_t:s0 /myftp/pub/
    Copy to Clipboard Toggle word wrap
  7. FTP must be allowed to write to a directory before users can upload files via FTP. SELinux allows FTP to write to directories labeled with the public_content_rw_t type. This example uses /myftp/pub/ as the directory FTP can write to. Run the following command as the root user to add the label change to file-context configuration: 
    ~]# semanage fcontext -a -t public_content_rw_t "/myftp/pub(/.*)?"
    Copy to Clipboard Toggle word wrap
  8. Run the restorecon -R -v /myftp/pub command as the root user to apply the label change: 
    ~]# restorecon -R -v /myftp/pub
restorecon reset /myftp/pub context system_u:object_r:default_t:s0->system_u:object_r:public_content_rw_t:s0
    Copy to Clipboard Toggle word wrap
  9. The allow_ftpd_anon_write Boolean must be on to allow vsftpd to write to files that are labeled with the public_content_rw_t type. Run the following command as the root user to enable this Boolean: 
    ~]# setsebool -P allow_ftpd_anon_write on
    Copy to Clipboard Toggle word wrap
    Do not use the -P option if you do not want changes to persist across reboots.
The following example demonstrates logging in via FTP and uploading a file. This example uses the user1 user from the previous example, where user1 is the dedicated owner of the /myftp/pub/ directory:
  1. Run the cd ~/ command to change into your home directory. Then, run the mkdir myftp command to create a directory to store files to upload via FTP.
  2. Run the cd ~/myftp command to change into the ~/myftp/ directory. In this directory, create an ftpupload file. Copy the following contents into this file: 
    File upload via FTP from a home directory.
    Copy to Clipboard Toggle word wrap
  3. Run the getsebool allow_ftpd_anon_write command to confirm the allow_ftpd_anon_write Boolean is on: 
    ~]$ getsebool allow_ftpd_anon_write
allow_ftpd_anon_write --> on
    Copy to Clipboard Toggle word wrap
    If this Boolean is off, run the setsebool -P allow_ftpd_anon_write on command as the root user to enable it. Do not use the -P option if you do not want the change to persist across reboots.
  4. Run the service vsftpd start command as the root user to start vsftpd: 
    ~]# service vsftpd start
Starting vsftpd for vsftpd:                                [  OK  ]
    Copy to Clipboard Toggle word wrap
  5. Run the ftp localhost command. When prompted for a user name, enter the user name of the user who has write access, then, enter the correct password for that user: 
    ~]$ ftp localhost
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.1.0)
Name (localhost:username):
331 Please specify the password.
Password: Enter the correct password
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd myftp
250 Directory successfully changed.
ftp> put ftpupload 
local: ftpupload remote: ftpupload
227 Entering Passive Mode (127,0,0,1,241,41).
150 Ok to send data.
226 File receive OK.
ftp> 221 Goodbye.
    Copy to Clipboard Toggle word wrap
    The upload succeeds as the allow_ftpd_anon_write Boolean is enabled.
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2026 Red Hat맨 위로 이동