On Tue, Mar 3, 2015 at 2:33 PM, Les Mikesell <lesmikesell at gmail.com> wrote: > On Mon, Mar 2, 2015 at 4:43 PM, Tim Dunphy <bluethundr at gmail.com> wrote: > >> > >> errr, I meant, sftp, not rscp > > > > > > Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow > > regular ol' FTP using SELinux? Or does that just defeat the purpose of > > having a secure SELlinux server entirely? > > What is the context here? The big problem with ftp is that it passes > the user credentials in the clear. There is nothing particularly wrong > with an anonymous ftp download area where the files are put in place > with something more secure - but it is usually easier to use http for > that and you'll have less trouble with firewalls. > > -- > Les Mikesell > lesmikesell at gmail.com > Enough about FTP vs SFTP. This is exactly the kind of unhelpful discussion that I was referring to last month about the conversations on this list. CentOS is an *enterprise* distribution and as such it would be expected that people are either bound by corporate restrictions, or have some other requirements that you're not aware of. A single helpful comment reminding someone that they should be using SFTP instead of FTP is the only appropriate thing to be saying here, not this dead-horse-beating. So to actually address the stated problem... I don't know about proftpd, but there's a page here that discusses getting it working with selinux: http://selinuxproject.org/page/FTPRecipes and I'm sure that clicking this link will lead you to other helpful documents: https://www.google.com/search?q=proftpd+selinux+centos+7 It does require that you have an understanding of selinux, and are not just looking for a magic incantation to make it work. You can look at the audit log in /var/log/audit to get an idea of what is failing, and also the 'audit2why' and 'audit2allow' commands can help to suggest what selinux settings need to be changed or are getting in the way. P.S. FTP is not secure, so you should try to use SFTP if you are able to influence the requirements. ❧ Brian Mathis @orev