<div class="gmail_quote">On 3 October 2010 11:21, Daniel J Walsh <span dir="ltr"><<a href="mailto:dwalsh@redhat.com" target="_blank">dwalsh@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<div><div></div><div><br>
On 10/02/2010 10:28 PM, Aaron Gray wrote:<br>
> On 3 October 2010 01:35, Sam Sharpe <<a href="mailto:lists.redhat@samsharpe.net" target="_blank">lists.redhat@samsharpe.net</a>> wrote:<br>
><br>
>> On 3 October 2010 00:41, Aaron Gray <<a href="mailto:aaronngray.lists@gmail.com" target="_blank">aaronngray.lists@gmail.com</a>> wrote:<br>
>>> On 2 October 2010 23:58, Aaron Gray <<a href="mailto:aaronngray.lists@gmail.com" target="_blank">aaronngray.lists@gmail.com</a>> wrote:<br>
>>>><br>
>>>> On 2 October 2010 23:56, stan <<a href="mailto:gryt2@q.com" target="_blank">gryt2@q.com</a>> wrote:<br>
>>>>><br>
>>>>> On Sat, 2 Oct 2010 23:37:40 +0100<br>
>>>>> Aaron Gray <<a href="mailto:aaronngray.lists@gmail.com" target="_blank">aaronngray.lists@gmail.com</a>> wrote:<br>
>>>>><br>
>>>>>> I have installed a fresh version of F11, unfortunately I did not<br>
>>>>>> install VSFTPD with it.<br>
>>>>>><br>
>>>>>> On doing a "yum install vsftpd" it install fine but does not seem to<br>
>>>>>> function.<br>
>>>>>><br>
>>>>>> [root@zzz vsftpd]# ftp localhost<br>
>>>>>> Trying ::1...<br>
>>>>>> ftp: connect to address ::1Connection refused<br>
>>>>>> Trying 127.0.0.1...<br>
>>>>>> Connected to localhost (127.0.0.1).<br>
>>>>>> 421 Service not available, remote server has closed connection<br>
>>>>>> ftp> quit<br>
>>>>>><br>
>>>>>> I copied the 'vsftpd.conf' and 'users' directory from my working F11<br>
>>>>>> server this one is supposed to be mirroring, but am getting exactly<br>
>>>>>> the same responce.<br>
>>>>><br>
>>>>> This is probably a problem with the firewall. Did you open ports 20<br>
>>>>> and 21?<br>
>>>>><br>
>>>>> And if you are using passive ftp you should open some ports in the high<br>
>>>>> range, so there is a hole in the firewall for vsftpd to use. You have<br>
>>>>> to tell vsftpd to use those ports in the configuration. I also had to<br>
>>>>> open the service on my router, but that might not be an issue for you.<br>
>>>>><br>
>>>>> If I recall correctly, there is a logging function that can be turned<br>
>>>>> on and it is really useful for decoding where the problem is and what<br>
>>>>> it is too.<br>
>>>>><br>
>>>>> It's been a few years since I used vsftpd, so this is somewhat hazy.<br>
>>>><br>
>>>> My other F11 server is working fine, and that does not have any extras.<br>
>>><br>
>>> Its not iptables, thats exactly the same across the two machines.<br>
>>> Aaron<br>
>><br>
>> I find the best way to deal with this kind of problem is some<br>
>> elementary research. I started with Google:<br>
>><br>
>> <a href="http://www.google.com/search?sourceid=navclient&hl=en-GB&q=vsftpd+421" target="_blank">http://www.google.com/search?sourceid=navclient&hl=en-GB&q=vsftpd+421</a><br>
>><br>
>> The first Search Result might help you immensely.<br>
>><br>
><br>
> Yep its SELinux !<br>
><br>
> Are there any rule files for this I can just load ?<br>
><br>
> Aaron<br>
><br>
><br>
</div></div>What AVC messages are you getting in /var/log/audit/audit.log?<br></blockquote><div><br></div><div>type=AVC msg=audit(1286119627.313:21309): avc: denied { sys_admin } for pid=1903 comm="vsftpd" capability=21 scontext=unconfined_u:system_r:ftpd_t:s0 tcontext=unconfined_u:system_r:ftpd_t:s0 tclass=capability</div>
<div>type=SYSCALL msg=audit(1286119627.313:21309): arch=40000003 syscall=120 success=no exit=-1 a0=28000011 a1=0 a2=6f4334 a3=6f4334 items=0 ppid=1 pid=1903 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="vsftpd" exe="/usr/sbin/vsftpd" subj=unconfined_u:system_r:ftpd_t:s0 key=(null)</div>
<div><br></div><div>Yeah, it works when I turn enforcement off.</div><div><br></div><div>Aaron</div><div> </div></div>