# 1.
先
处
理好所需要的目
录数
据
[root@study ~]#
mkdir /srv/gogogo
[root@study ~]#
chgrp ftptest /srv/gogogo
[root@study ~]#
echo "test" > /srv/gogogo/test.txt
# 2.
开
始直½使用
ftp
观
察一下
数
据!
[root@study ~]#
curl ftp://ftptest:myftp123@localhost//srv/gogogo/test.txt
curl: (78) RETR response: 550
#
有
问题
喔!
来
瞧瞧登
录档
怎么
说
!
[root@study ~]#
grep sealert /var/log/messages | tail
Aug 9 04:23:12 station3
-
39 setroubleshoot: SELinux is preventing /usr/sbin/vsftpd from
read access on the file test.txt. For complete SELinux messages. run sealert
-
l
08d3c0a2
-
5160
-
49ab
-
b199
-
47a51a5fc8dd
[root@study ~]#
sealert
-
l 08d3c0a2
-
5160
-
49ab
-
b199
-
47a51a5fc8dd
SELinux is preventing /usr/sbin/vsftpd from read access on the file test.txt.
#
虽
然
这个
可信度比
½
高~不
过
,因
为会
全部放行
FTP
,所以不太考
虑
!
***** Plugin catchall_boolean (57.6
confidence) suggests ******************
If you want to allow ftpd to full access
Then you must tell SELinux about this by enabling the 'ftpd_full_access' boolean.
You can read 'None' man page for more details.
Do
setsebool
-
P ftpd_full_access 1
#
因
为
是非正
规
目
录
的使用,所以
这边
加上
预设
SELinux type
恐怕
会
是比
½
正确的
选择
!
***** Plugin catchall_labels (36.2 confidence) suggests *******************
If you want to allow vsftpd to have read access on the test.txt file
Then you need to change the label on test.txt
Do
#
semanage fcont
ext
-
a
-
t FILE_TYPE 'test.txt'
where FILE_TYPE is one of the following: NetworkManager_tmp_t, abrt_helper_exec_t, abrt_tmp_t,
abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_run_t, admin_crontab_tmp_t, afs_cache_t,
alsa_home_t, alsa_tmp_t, amanda_tmp
_t, antivirus_home_t, antivirus_tmp_t, apcupsd_tmp_t, ...
Then execute:
restorecon
-
v 'test.txt'
***** Plugin catchall (7.64 confidence) suggests **************************
If you believe that vsftpd should be allowed read access on the test.txt file
by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
