[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Setting SELinux for vsftpd

Mark Haney wrote:
I've got a server that we use to do speed testing of our upstreams (and
customers links) using FTP.  This is a fresh F10 install and I'm getting
what seems to be a very common selinux ftp error (226 Failed to open
directory). I've googled up a couple of forum posts on how to fix it,
but most say just to disable selinux.  That I'd not like to do.
However, one of the options says to do this:

setsebool -P ftpd_disable_trans 1

But I get an error:

[root noc5 speedtest]# setsebool -P ftpd_disable_trans 1
libsemanage.dbase_llist_set: record not found in the database
libsemanage.dbase_llist_set: could not set record value
Could not change boolean ftpd_disable_trans
Could not change policy booleans

I have seen the GUI method of doing this, but since I don't run X on
this server that's not much help.  What's the correct method of setting
selinux up for this?

I don't believe that's a legit SELinux boolean for F10.  A default
SELinux config on F10 shows:

	[root prophead ~]# getsebool -a | grep ftp
	allow_ftpd_anon_write --> off
	allow_ftpd_full_access --> off
	allow_ftpd_use_cifs --> off
	allow_ftpd_use_nfs --> off
	ftp_home_dir --> off
	httpd_enable_ftp_server --> off
	tftp_anon_write --> off

as the only legit booleans having to do with ftp.  A check of the
SELinux logs would be far more useful, but my guess is that SELinux is
blocking access to home directories.  In that case, try

	[root prophead ~]# setsebool -P ftp_home_dir 1

wait a minute or so after issuing that command before you try an FTP
login and transfer again...some stuff needs relabeling after that
command and it takes a bit of time to do that.
- Rick Stevens, Systems Engineer                      ricks nerd com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-     If one is what one eats, then I am fast, cheap and greasy!     -

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]