vsftpd cannot access home directories
Justin Conover
justin.conover at gmail.com
Tue Oct 12 05:20:56 UTC 2004
On Mon, 11 Oct 2004 15:32:46 -0700, Ryan Graham <ryan.graham at gmail.com> wrote:
> What am I looking at here?
>
> This is a mostly default install on FC2. There were some other changes
> to vsftpd.conf, but they didnt seem relevant.
>
> chroot_local_user=YES
> pam_service_name=vsftpd
> userlist_enable=YES
> #enable for standalone mode
> listen=YES
> tcp_wrappers=YES
>
> Response: 500 OOPS: cannot change directory:/home/media
> Response: 500 OOPS: child died
>
> audit(1097532459.593:0): avc: denied { getattr } for pid=2281
> exe=/usr/sbin/vsftpd path=/proc/2281/mounts dev= ino=149487632
> scontext=system_u:system_r:ftpd_t tcontext=system_u:system_r:ftpd_t
> tclass=file
> audit(1097532459.653:0): avc: denied { search } for pid=2285
> exe=/usr/sbin/vsftpd name=media dev=hda2 ino=5210119
> scontext=system_u:system_r:ftpd_t
> tcontext=system_u:object_r:user_home_dir_t tclass=dir
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
If you want your local users to access the server, you will need:
# Uncomment this to allow local users to log in.
local_enable=YES
If you want them to write/upload:
# Uncomment this to enable any form of FTP write command.
write_enable=YES
The:
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=YES
Will keep your user "jailed" so that if someone is snooping your ftp
(clear text) they can't get any further than your users dir.
More information about the selinux
mailing list