Here's a semi-common issue that you'll see when setting up vsftpd. The particular case where I ran into the issue was one where I wanted to setup anonymous FTP upload (but not download). Plus I wanted to allow local users the ability to read/write the FTP upload folder.
The primary mistakes here were two-fold:
1. The ftp directory should not be owned by the 'ftp' user.
2. The ftp user must not be a member of the group that owns the directory.
It's generally not a vsftpd.conf file issue, just a permissions issue.
(Note that SELinux will not allow anonymous uploads by default, you must change the boolean. See: setsebool -P allow_ftpd_anon_write=1. Also, you will need to change the directory to have a different file context such as "public_content_rw_t " using "semanage fcontext" and "restorecon -vv -F -R". )
And if you absolutely, positively, need to allow anonymous FTP uploads, then you'll have to do it with a subdirectory off of the anon's root folder. So if you have pointed "anon_root=/var/ftp/anon", then create a world-writable subdirectory below that point for uploads.
Tuesday, March 15, 2011
Subscribe to:
Posts (Atom)
Posts
