How to set up a shared folder with FTP connection

I have a printer with scanner capability. I’ve always used samba to send the scans from the printer to my computer, but every time the printer is replaced for some reasons (I’m in an office) I have to configure it again and each time there’s a new problem. So I’d like to say goodbye to Samba and try FTP.

I’ve installed vsftpd and I’m trying to understand how to configure the shared folder.
It’s not easy because the tutorials I found on the Internet seem quite out-of-date; same for the man page (for example, the SElinux contexts suggested to allow anonymous write in a directory do not exist, IIUC).

I don’t have much time to invest and I’d be happy to get some help. Do you know some good tutorial on vsftpd? Or maybe similar tools?
Thanks in advance

Have you looked into it

Thanks, it’s a good article. It helped me to get started.
I don’t like the complex way suggested to disable SSH. IIUC creating a user with the option -s /bin/false of useradd is enough.

SElinux is not covered at all, unfortunately. And I think I’ve just hit a problem with SElinux… or maybe just permissions in general? Here the logs from journalctl:

mar 10 17:19:56 federico audit[56139]: USER_AUTH pid=56139 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="scan" exe="/usr/sbin/vsftpd" hostname=::ffff:10.0.20.160 addr=::ffff:10.0.20.160 terminal=ftp res=failed'

10.0.20.160 is the IP of the printer.
scan is the new user I created with this command:

useradd -m -s /bin/false -d /var/scan scan

Current SElinux context is:

drwx------. 1 scan scan system_u:object_r:var_t:s0                 80  9 mar 19.20 scan

Above message is suggesting that it expects to find system_u:system_r:ftpd_t:s0?
I’ll try changing SElinux contexts and see if it helps.

I first tried setting SElinux to permissive mode, but I got the same error:

mar 10 18:47:56 federico audit[67661]: USER_AUTH pid=67661 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="scan" exe="/usr/sbin/vsftpd" hostname=::ffff:10.0.20.160 addr=::ffff:10.0.20.160 terminal=ftp res=failed'

system_r and ftpd_t don’t seem to be part of SElinux policies.

semanage fcontext -l | grep system_r doesn’t return anything.
ftpd_t doesn’t exist either:

# semanage fcontext -l | grep ftpd    
/etc/(x)?inetd\.d/tftp                             regular file       system_u:object_r:tftpd_etc_t:s0 
/etc/cron\.monthly/proftpd                         regular file       system_u:object_r:ftpd_exec_t:s0 
/etc/proftpd\.conf                                 regular file       system_u:object_r:ftpd_etc_t:s0 
/etc/rc\.d/init\.d/proftpd                         regular file       system_u:object_r:ftpd_initrc_exec_t:s0 
/etc/rc\.d/init\.d/vsftpd                          regular file       system_u:object_r:ftpd_initrc_exec_t:s0 
/tftpboot                                          directory          system_u:object_r:tftpdir_t:s0 
/tftpboot/.*                                       all files          system_u:object_r:tftpdir_t:s0 
/usr/bin/ftpd                                      regular file       system_u:object_r:publicfile_exec_t:s0 
/usr/bin/ftpdctl                                   regular file       system_u:object_r:ftpdctl_exec_t:s0 
/usr/kerberos/sbin/ftpd                            regular file       system_u:object_r:ftpd_exec_t:s0 
/usr/lib/systemd/system/proftpd.*                  regular file       system_u:object_r:iptables_unit_file_t:s0 
/usr/lib/systemd/system/vsftpd.*                   regular file       system_u:object_r:iptables_unit_file_t:s0 
/usr/libexec/webmin/vsftpd/webalizer/xfer_log      regular file       system_u:object_r:xferlog_t:s0 
/usr/sbin/atftpd                                   regular file       system_u:object_r:tftpd_exec_t:s0 
/usr/sbin/ftpwho                                   regular file       system_u:object_r:ftpd_exec_t:s0 
/usr/sbin/in\.ftpd                                 regular file       system_u:object_r:ftpd_exec_t:s0 
/usr/sbin/in\.tftpd                                regular file       system_u:object_r:tftpd_exec_t:s0 
/usr/sbin/muddleftpd                               regular file       system_u:object_r:ftpd_exec_t:s0 
/usr/sbin/proftpd                                  regular file       system_u:object_r:ftpd_exec_t:s0 
/usr/sbin/vsftpd                                   regular file       system_u:object_r:ftpd_exec_t:s0 
/var/lib/tftpboot(/.*)?                            all files          system_u:object_r:tftpdir_rw_t:s0 
/var/lock/subsys/*.ftpd                            regular file       system_u:object_r:ftpd_lock_t:s0 
/var/log/muddleftpd\.log.*                         regular file       system_u:object_r:xferlog_t:s0 
/var/log/proftpd(/.*)?                             all files          system_u:object_r:xferlog_t:s0 
/var/log/proftpd\.log                              regular file       system_u:object_r:xferlog_t:s0 
/var/log/vsftpd.*                                  regular file       system_u:object_r:xferlog_t:s0 
/var/run/proftpd.*                                 all files          system_u:object_r:ftpd_var_run_t:s0 

I’m always confused about SElinux.
Should I install some selinux policy packages?

It could help

  1. vsftpd installation on CentOS 7 / RedHat 7 with selinux – tuxfixer.com

  2. Setup vsftp with SELinux - Knowledgebase - Hostodo

Thanks, these guides seem useful. However, now I’m stuck with this error:

$ sudo passwd ftp
Changing password for user ftp.
passwd: Authentication token manipulation error

I read this tutorial, but didn’t help much.

I guess I’ll have to use another user.

Try to go in to root first with su and then try to change that if it works by that way.

It doesn’t help:

[fede@fedora ~]$ sudo -i
[root@fedora ~]# passwd ftp
Changing password for user ftp.
passwd: Authentication token manipulation error

I’m on Fedora Silverblue (OStree based), in case it matters.

I tried creating a new user and following the tuxfixer.com guide you linked above, but I suspect it requires the ftp user to be used.

Here’s what I did.

First, let’s add the new user:

sudo useradd -m -s /sbin/nologin -d /var/scan scan
sudo passwd scan
chown -R scan:scan /var/scan
semanage fcontext -a -t public_content_rw_t /var/scan
restorecon -Rvv /var/scan
sudo chmod -R 755 /var/scan
sudo usermod -a -G scan $USER

Let’s configure vsftpd:

echo scan >> /etc/vsftpd/user_list

then change userlist_deny in vsftpd.conf from YES to NO.
The conf file now looks like this:

# grep ^[^#] /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_file=/etc/vsftpd/user_list
userlist_deny=NO

Let’s start the service:

sudo systemctl start vsftpd

ftp is not available in Silverblue, so I had to use a toolbox container to test the ftp connection:

⬢[fede@toolbox ~]$ ftp localhost
Trying ::1...
Connected to localhost (::1).
220 (vsFTPd 3.0.3)
Name (localhost:fede): scan
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp> 
221 Goodbye.

I tried also to send a scan from the printer and journalctl shows a SElinux error:

audit[66706]: USER_AUTH pid=66706 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="scan" exe="/usr/sbin/vsftpd" hostname=::ffff:10.0.20.160 addr=::ffff:10.0.20.160 terminal=ftp res=failed'

I’m giving up. My assumption that FTP could have been easier than Samba was obviously wrong.
I’ll use Samba.

I think this is actually a good call — ftp is a really old protocol, and has a lot of weird quirks. Not quite sure what’s going on, but my memory vsftpd config is quite vintage at this point. :classic_smiley:

Since you’re on Silverblue, things might be a little strange. Depending on your system’s resources, one approach would be to set up Fedora Server in a VM, and use the new Cockpit GUI for file sharing.