Allowing vsftpd access for user's home directory
Daniel J Walsh
dwalsh at redhat.com
Thu May 11 17:08:11 UTC 2006
Ketut Mahaindra wrote:
> Hello all,
>
> I have installation of FC5.
> I want to make vsftpd run with chroot environment of user home directory.
> So far it does not work because SELinux prevents the vsftpd to access the
> home directory.
>
> What's the best way to configure SELinux for this purpose?
> I don't want to disable it.
> I have been googling it around but so far has not came up with any easy
> solution.
>
> Any help will be appreciated.
>
> P.S.
> - I have the following AVC error messages:
> avc: denied { dac_override } for pid=9099 comm="vsftpd" capability=1
> scontext=system_u:system_r:ftpd_t:s0 tcontext=system_u:system_r:ftpd_t:s0
> tclass=capability
> avc: denied { dac_read_search } for pid=9099 comm="vsftpd" capability=2
> scontext=system_u:system_r:ftpd_t:s0 tcontext=system_u:system_r:ftpd_t:s0
> tclass=capability
>
>
I added these to policy when homedirs are used.
You might want to look at man ftpd_selinux.
IF you want to share files between ftp and html you might want to label
them public_content_t.
More information about the fedora-selinux-list
mailing list