SELinux, vsftpd and httpd

SELinux, vsftpd and httpd

Published on: November 12, 2016 / Category: Linux / Comments: 1 Comment

SELinux will protect you but will always fight you.

To harmonize vsftpd and httpd with SELinux breathing down its neck you will need to follow some steps to make sure everything works together.

Service httpd:
Firstly as FTP and Apache services will be running in a shared directory (on CentOS thats usually: /var/www/html/ ) you will need to allow one of them to have complete read/write access. You can set a boolean for SELinux to allow httpd full access by using the following command:

setsebool -P allow_httpd_anon_write=1

 

Service vsftpd:
Lastly you can now set a SELinux context label on the directories to allow the FTP service (vsftpd) access to these files:

sudo chcon -R -t public_content_rw_t /var/www/html/

1 Comment » for SELinux, vsftpd and httpd
  1. Orsiris de Jong says:
    March 14, 2018 at 9:02 am

    Thanks for your post.
    You may also reverse the setup by leaving /var/www context httpd_sys_content_t, and allow ftp anon write with setsebool -P ftpd_anon_write 1.

    Best regards.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*