Re: Setting SELinux for vsftpd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Mark Haney wrote:

I've got a server that we use to do speed testing of our upstreams (and
customers links) using FTP.  This is a fresh F10 install and I'm getting
what seems to be a very common selinux ftp error (226 Failed to open
directory). I've googled up a couple of forum posts on how to fix it,
but most say just to disable selinux.  That I'd not like to do.
However, one of the options says to do this:

setsebool -P ftpd_disable_trans 1

But I get an error:

[root@noc5 speedtest]# setsebool -P ftpd_disable_trans 1
libsemanage.dbase_llist_set: record not found in the database
libsemanage.dbase_llist_set: could not set record value
Could not change boolean ftpd_disable_trans
Could not change policy booleans

I have seen the GUI method of doing this, but since I don't run X on
this server that's not much help.  What's the correct method of setting
selinux up for this?


I don't believe that's a legit SELinux boolean for F10.  A default
SELinux config on F10 shows:

	[root@prophead ~]# getsebool -a | grep ftp
	allow_ftpd_anon_write --> off
	allow_ftpd_full_access --> off
	allow_ftpd_use_cifs --> off
	allow_ftpd_use_nfs --> off
	ftp_home_dir --> off
	httpd_enable_ftp_server --> off
	tftp_anon_write --> off

as the only legit booleans having to do with ftp.  A check of the
SELinux logs would be far more useful, but my guess is that SELinux is
blocking access to home directories.  In that case, try

	[root@prophead ~]# setsebool -P ftp_home_dir 1

wait a minute or so after issuing that command before you try an FTP
login and transfer again...some stuff needs relabeling after that
command and it takes a bit of time to do that.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks@xxxxxxxx -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-     If one is what one eats, then I am fast, cheap and greasy!     -
----------------------------------------------------------------------

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux