Hello,
Yes, I have tried to do the following as recommended by man ftpd_selinux
# setsebool -P ftp_home_dir 1
# setsebool -P ftpd_is_daemon 1
But I still get the same AVC error messages each time an FTP client attempt
to connect.
Here is what the audit.log give me:
type=USER_AUTH msg=audit(1147327523.025:325): user pid=3608 uid=0 auid=500
msg='PAM: authentication acct=kmahaindra : exe="/usr/sbin/vsftpd"
(hostname=172.27.77.156, addr=172.27.77.156, terminal=? res=success)'
type=USER_ACCT msg=audit(1147327523.025:326): user pid=3608 uid=0 auid=500
msg='PAM: accounting acct=kmahaindra : exe="/usr/sbin/vsftpd"
(hostname=172.27.77.156, addr=172.27.77.156, terminal=? res=success)'
type=CRED_ACQ msg=audit(1147327523.029:327): user pid=3608 uid=0 auid=500
msg='PAM: setcred acct=kmahaindra : exe="/usr/sbin/vsftpd"
(hostname=172.27.77.156, addr=172.27.77.156, terminal=? res=success)'
type=AVC msg=audit(1147327523.029:328): avc: denied { dac_override } for
pid=3612 comm="vsftpd" capability=1 scontext=user_u:system_r:ftpd_t:s0
tcontext=user_u:system_r:ftpd_t:s0 tclass=capability
type=AVC msg=audit(1147327523.029:328): avc: denied { dac_read_search }
for pid=3612 comm="vsftpd" capability=2 scontext=user_u:system_r:ftpd_t:s0
tcontext=user_u:system_r:ftpd_t:s0 tclass=capability
type=SYSCALL msg=audit(1147327523.029:328): arch=40000003 syscall=61
success=no exit=-13 a0=66c6f6 a1=0 a2=6732dc a3=1 items=1 pid=3612 auid=500
uid=0 gid=0 euid=0 suid=500 fsuid=0 egid=0 sgid=500 fsgid=0 comm="vsftpd"
exe="/usr/sbin/vsftpd"
type=CWD msg=audit(1147327523.029:328): cwd="/home/kmahaindra"
type=PATH msg=audit(1147327523.029:328): item=0 name="." flags=3
Any other clues?
Or perhaps I was missing something / some steps?
--
Best regards,
Ketut Mahaindra (Ito)
"The race for perfection has no finish line"
-----Original Message-----
From: Paul Howarth [mailto:paul@city-fan.org]
Sent: Thursday, May 11, 2006 1:52 PM
To: Ketut Mahaindra
Cc: fedora-selinux-list(a)redhat.com
Subject: Re: Allowing vsftpd access for user's home directory
On Thu, 2006-05-11 at 13:17 +0800, Ketut Mahaindra wrote:
Hello all,
I have installation of FC5.
I want to make vsftpd run with chroot environment of user home directory.
So far it does not work because SELinux prevents the vsftpd to access the
home directory.
What's the best way to configure SELinux for this purpose?
I don't want to disable it.
I have been googling it around but so far has not came up with any easy
solution.
Any help will be appreciated.
P.S.
- I have the following AVC error messages:
avc: denied { dac_override } for pid=9099 comm="vsftpd" capability=1
scontext=system_u:system_r:ftpd_t:s0 tcontext=system_u:system_r:ftpd_t:s0
tclass=capability
avc: denied { dac_read_search } for pid=9099 comm="vsftpd"
capability=2
scontext=system_u:system_r:ftpd_t:s0
tcontext=system_u:system_r:ftpd_t:s0
tclass=capability
Have you set the ftp_home_dir boolean as suggested in "man
ftpd_selinux"?
Paul.