搜索

此内容没有您所选择的语言版本。

2.2.6.2. Anonymous Access

download PDF
The presence of the /var/ftp/ directory activates the anonymous account.
The easiest way to create this directory is to install the vsftpd package. This package establishes a directory tree for anonymous users and configures the permissions on directories to read-only for anonymous users.
By default the anonymous user cannot write to any directories.

Warning

If enabling anonymous access to an FTP server, be aware of where sensitive data is stored.

Procedure 2.1. Anonymous Upload

  1. To allow anonymous users to upload files, it is recommended to create a write-only directory within the /var/ftp/pub/ directory. Run the following command as root to create such directory named /upload/:
    ~]# mkdir /var/ftp/pub/upload
  2. Next, change the permissions so that anonymous users cannot view the contents of the directory:
    ~]# chmod 730 /var/ftp/pub/upload
    A long format listing of the directory should look like this:
    ~]# ls -ld /var/ftp/pub/upload
    drwx-wx---. 2 root ftp 4096 Nov 14 22:57 /var/ftp/pub/upload

    Note

    Administrators who allow anonymous users to read and write in directories often find that their servers become a repository of stolen software.
  3. Under vsftpd, add the following line to the /etc/vsftpd/vsftpd.conf file:
    anon_upload_enable=YES
  4. In Red Hat Enterprise Linux, the SELinux is running in Enforcing mode by default. Therefore, the allow_ftpd_anon_write Boolean must be enabled in order to allow vsftpd to upload files:
    ~]# setsebool -P allow_ftpd_anon_write=1
  5. Label the /upload/ directory and its files with the public_content_rw_t SELinux context:
    ~]# semanage fcontext -a -t public_content_rw_t '/var/ftp/pub/upload(/.*)'

    Note

    The semanage utility is provided by the policycoreutils-python package, which is not installed by default. To install it, use the following command as root:
    ~]# yum install policycoreutils-python
  6. Use the restorecon utility to change the type of /upload/ and its files:
    ~]# restorecon -R -v /var/ftp/pub/upload
    The directory is now properly labeled with public_content_rw_t so that SELinux in Enforcing mode allows anonymous users to upload files to it:
    ~]$ ls -dZ /var/ftp/pub/upload
    drwx-wx---. root root unconfined_u:object_r:public_content_t:s0 /var/ftp/pub/upload/
    
    For further information about using SELinux, see the Security-Enhanced Linux User Guide and Managing Confined Services guides.
Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.