Home  >  Article  >  Operation and Maintenance  >  What should I do if linux cannot be downloaded?

What should I do if linux cannot be downloaded?

藏色散人
藏色散人Original
2020-05-21 11:51:044791browse

What should I do if linux cannot be downloaded?

What should I do if Linux cannot download?

About the configuration of vsftp anonymous user upload and download under Linux

The configuration should pay attention to three parts, please compare them carefully one by one:

1. Configuration of the vsftpd.conf file (vi /etc/vsftpd/vsftpd.conf)

#允许匿名用户登录FTP
  anonymous_enable=YES
  #设置匿名用户的登录目录(如需要,需自己添加并修改)
  anon_root=/var/ftp/pub
  #打开匿名用户的上传权限
  anon_upload_enable=YES
  #打开匿名用户创建目录的权限
  anon_mkdir_write_enable=YES
  #打开匿名用户删除和重命名的权限(如需要,需自己添加)
  anon_other_write_enable=YES
  #匿名用户的掩码(如需要,需自己添加,含义:如umask是022,这时创建一个权限为666的文件,文件的实际权限为666-022=644)
  anon_umask=022

2. Permission settings of the ftp directory

By default, the root directory of ftp is /var /ftp, for security reasons, this directory is not allowed to be set to 777 permissions by default, otherwise ftp will not be accessible. But if we want to upload files anonymously, we need the write permissions of the "other" user. The correct way is:

Create an upload (name it yourself) folder in /var/ftp and change the folder permissions Set to 777 (set it according to specific needs). In the upload folder, anonymous users can upload files, create folders, delete files, etc.

Generally, at this point, the upload and download of anonymous users of vsftpd are realized. If it still doesn't work, here's the problem below.

3. Selinux configuration

SELinux (Security-Enhanced Linux) is the implementation of mandatory access control by the US National Security Agency (NAS) and is the most outstanding new security subsystem on Linux. NSA developed an access control system with the help of the Linux community. Under the restrictions of this access control system, a process can only access those files required for its task. SELinux is installed by default on Fedora and Red Hat Enterprise Linux, and is also available as an easily installable package on other distributions.

The simplest way is to turn off selinux

Method 1: Modify SELINUX="" in the /etc/selinux/config file to disabled, and then restart.

Method 2: Use the command setenforce 0 without restarting. (Format of setenforce: setenforce [ Enforcing | Permissive | 1 | 0 ])

Method 3: Add: selinux=0 to the startup parameters of lilo or grub, or turn off selinux.

Use getenforce to check whether selinux is currently running.

If you do not close selinux, you must set the ftp permissions of selinux.

1. Use getsebool -a | grep ftp to view the ftp related setting status. We need to set allow_ftpd_anon_write to on.

2. Use setsebool -P to set. Example: setsebool -P allow_ftpd_anon_write=on.

Or use togglesebool to invert the bool value, such as toggleseboolallow_ftpd_anon_write.

3. Modify the selinux security context. First introduce two commands:

   命令1、ls -Z  ps -Z  id -Z  # 分别可以看到文件,进程和用户的SELinux属性
   命令2、#chcon 改变SELinux安全上下文
   chcon -u [user] 对象
       -r [role]
       -t [type]
       -R 递归
       --reference 源文件 目标文件 # 复制安全上下文

Usage:

Step 1. ls -Zd /var/ftp/upload/ usually See:

drwxr-xr-x ftp root system_u:object_r:public_content_t /var/ftp/upload/

Step 2, chcon -R -t public_content_rw_t /var/ftp/upload/

Step 3. ls -Zd /var/ftp/upload/ OK if you see the following information:

drwxr-xr-x ftp root system_u:object_r:public_content_rw_t /var/ftp /upload/

Finally, restart selinux and vsftpd. It doesn’t matter if you don’t restart. Log in to ftp again and the problem should be solved.

In addition, the graphical interface of selinux can be entered through the system-config-selinux command.

Recommended: "linux tutorial"

The above is the detailed content of What should I do if linux cannot be downloaded?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn