废话不多说,先贴出我们强大的man文档:
- FILE_CONTEXTS
- SELinux requires files to have a file type. File types may be specified
- with semanage and are restored with restorecon. Policy governs the
- access that daemons have to files.
-
- Allow ftp servers to read the /var/ftp directory by adding the public_content_t file type to the directory and by restoring the file
- type.
-
- semanage fcontext -a -t public_content_t "/var/ftp(/.*)?"
-
- restorecon -R -v /var/ftp
-
- Allow ftp servers to read and write /var/tmp/incoming by adding the
- public_content_rw_t type to the directory and by restoring the file
- type. This also requires the allow_ftpd_anon_write boolean to be set.
-
- semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?"
- /× chcon -Rt public_content_rw_t /var/ftp/ 一样的!!×/
- restorecon -R -v /var/ftp/incoming
-
-
- BOOLEANS
- SELinux policy is based on least privilege required and may also be
- customizable by setting a boolean with setsebool.
-
- Allow ftp servers to read and write files with the public_content_rw_t
- file type.
-
- setsebool -P allow_ftpd_anon_write on
-
- Allow ftp servers to read or write files in the user home directories.
-
- setsebool -P ftp_home_dir on
-
- Allow ftp servers to read or write all files on the system.
-
- setsebool -P allow_ftpd_full_access on
-
- Allow ftp servers to use cifs for public file transfer services.
-
- setsebool -P allow_ftpd_use_cifs on
-
- Allow ftp servers to use nfs for public file transfer services.
-
- setsebool -P allow_ftpd_use_nfs on
参考上面的文档,在vsftpd本身配置没有问题的情况下,只需要如下两个命令就搞定ftp上传咯:
root@local# setsebool -P allow_ftpd_anon_write on
root@local# chcon -Rt public_content_rw_t /var/ftp/
本文出自 “追求卓越,成功迎面而来” 博客,请务必保留此出处http://rilee.blog.51cto.com/467020/407800
|
