[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Allowing vsftpd access for user's home directory



 
Hello,

Thanks a lot, that solves it!
Of course prior to that I need to enable the corresponding boolean
# setsebool -P ftp_home_dir 1
# setsebool -P ftpd_is_daemon 1

-- 
Best regards,
 
Ketut Mahaindra (Ito)
"The race for perfection has no finish line"
 

-----Original Message-----
From: Thomas Bleher
Sent: Thursday, May 11, 2006 3:17 PM
To: Ketut Mahaindra
Cc: fedora-selinux-list redhat com
Subject: Re: Allowing vsftpd access for user's home directory

* Ketut Mahaindra <kmahaindra axalto com> [2006-05-11 07:19]:
> Hello all,
> 
> I have installation of FC5.
> I want to make vsftpd run with chroot environment of user home directory.
> So far it does not work because SELinux prevents the vsftpd to access the
> home directory.
> 
> P.S.
> - I have the following AVC error messages:
>   avc:  denied  { dac_override } for  pid=9099 comm="vsftpd" capability=1
> scontext=system_u:system_r:ftpd_t:s0 tcontext=system_u:system_r:ftpd_t:s0
> tclass=capability
>   avc:  denied  { dac_read_search } for  pid=9099 comm="vsftpd"
capability=2
> scontext=system_u:system_r:ftpd_t:s0 tcontext=system_u:system_r:ftpd_t:s0
> tclass=capability  

This means that vsftpd can't access some files or directories because it
does not have DAC rights on it. Probably some home directory is mode
0700. Either you change the rights on the directory or you allow the
capabilities as discussed in this thread.

Thomas



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]