tuxfixer.com/vsftpd-installation-on-centos-7-with-selinux/
yum -y install vsftpd
echo “/sbin/nologin” » /etc/shells
cat > /etc/vsftpd/vsftpd.conf <<EOF
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
allow_writeable_chroot=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
EOF
[root@tux /]# ftp localhost
Trying ::1...
Connected to localhost (::1).
220 (vsFTPd 3.0.2)
Name (localhost:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
layout: post title: “VSFTPD CentOS SELINUX” comments: true date: “2020-05-19 04:46:19.591000+00:00” —
[root@tux ~]# chown -R ftp:ftp /var/ftp
[root@tux ~]# semanage fcontext -a -t public_content_rw_t /var/ftp
[root@tux ~]# restorecon -Rvv /var/ftp
[root@tux ~]# setsebool -P ftp_home_dir 1
[root@tux ~]# setsebool -P ftpd_full_access 1
[root@tux ~]# ls -lZ /var | grep ftp
drwxr-xr-x. ftp ftp system_u:object_r:public_content_rw_t:s0 ftp
ftp localhost
Selinux alerts:
sealert -b
setenforce 0
getenforce
https://serverfault.com/questions/358324/ftp-doesnt-allow-usr-sbin-nologin-user
usermod --home=/another/path <username>
Alter /etc/passwd/
to nologin /sbin/nologin
Add /sbin/nologin
to /etc/shells