I need to allow users to upload files to an FTP server anonymously. They should not be able to see any other files, or download files. It is a CentOS 5.2 server. I have a separate partition for the the upload area (mounted at /ftp).
I have tried to set up vsftpd, followed all the instructions/advice I could find. But, when a user logs in and tries to transfer a file it throws a "553 could not create file." error. If I do a 'pwd' it shows the directory as "/" rather than the anon_root of "/ftp/anonymous". Any attempt to change the remote directory ends with "550 Failed to change directory.". I have a subdirectory "/ftp/anonymous/incoming" that is writable for the uploads
SELinux is in permissive mode.
I am running version 2.0.5 release 16.el5 of vsftpd.
Here is the vsftpd.conf file:
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=002
anon_umask=007
file_open_mode=0666
anon_upload_enable=YES
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=inftpadm
xferlog_std_format=YES
nopriv_user=nobody
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
ftp_username=inftpadm
anon_root=/ftp/anonymous
anon_other_write_enable=NO
anon_mkdir_write_enable=NO
anon_world_readable_only=NO
dirlist_enable=YES
Can anyone help?
-
I know it's a basic question, but did you check directory ownership and permissions? If so, could you show them with an "ls -al"?
Craig : drwxr-xr-x 4 root root 4096 Nov 30 13:34 /ftp drwxr-xr-x 3 root root 4096 Nov 30 15:52 /ftp/anonymous/ drwxrwxrwx 2 root root 4096 Dec 1 14:48 /ftp/anonymous/incoming/Brian : Just to be thorough, did you run "getenforce" and ensure that SELinux is definitely in permissive mode currently (vs say set to permissive for the next reboot). Also ensure that there isn't already a file in the directory with that name because based on the vsftpd.conf settings above anonymous would not be able to upload over an existing file.Craig : It's definately in permissive mode. And, I don't want anonymous to overwrite files. The directory is currently empty.From Brian -
The configuration file is pretty straightforward. Here's where you're going wrong:
anon_mkdir_write_enable=NO listen=YES anon_other_write_enable=NO anon_mkdir_write_enable=NO
You have an entry duplicated (which shouldn't be a big deal), and you have anon_other_write_enable set to NO. Also, if you're going to use the second line, make sure you have the service disabled in inetd/xinetd.
After changing the SELinux context you also need to reboot to relabel the file system. Run sestatus to see the current context.
From RHELAdmin
0 comments:
Post a Comment