vsftpd cannot access home directories
Colin Walters
walters at redhat.com
Wed Oct 13 14:22:32 UTC 2004
On Mon, 2004-10-11 at 15:32 -0700, Ryan Graham wrote:
> What am I looking at here?
>
> This is a mostly default install on FC2. There were some other changes
> to vsftpd.conf, but they didnt seem relevant.
>
> chroot_local_user=YES
> pam_service_name=vsftpd
> userlist_enable=YES
> #enable for standalone mode
> listen=YES
> tcp_wrappers=YES
>
> Response: 500 OOPS: cannot change directory:/home/media
> Response: 500 OOPS: child died
>
> audit(1097532459.593:0): avc: denied { getattr } for pid=2281
> exe=/usr/sbin/vsftpd path=/proc/2281/mounts dev= ino=149487632
> scontext=system_u:system_r:ftpd_t tcontext=system_u:system_r:ftpd_t
> tclass=file
This looks to be fixed in the latest policy.
> audit(1097532459.653:0): avc: denied { search } for pid=2285
> exe=/usr/sbin/vsftpd name=media dev=hda2 ino=5210119
> scontext=system_u:system_r:ftpd_t
> tcontext=system_u:object_r:user_home_dir_t tclass=dir
There is a policy boolean ftp_home_dir which you'd think, if turned on,
would allow access, but it appears to be broken. Try inserting
allow ftpd_t user_home_dir_type:dir { search getattr };
rw_dir_create_file(ftpd_t,user_home_type);
inside the if (ftp_home_dir) {}.
More information about the selinux
mailing list