On Mon, 11 Oct 2004 15:32:46 -0700, Ryan Graham <ryan.graham@xxxxxxxxx> wrote:
> What am I looking at here?
>
> This is a mostly default install on FC2. There were some other changes
> to vsftpd.conf, but they didnt seem relevant.
>
> chroot_local_user=YES
> pam_service_name=vsftpd
> userlist_enable=YES
> #enable for standalone mode
> listen=YES
> tcp_wrappers=YES
>
> Response: 500 OOPS: cannot change directory:/home/media
> Response: 500 OOPS: child died
>
> audit(1097532459.593:0): avc: denied { getattr } for pid=2281
> exe=/usr/sbin/vsftpd path=/proc/2281/mounts dev= ino=149487632
> scontext=system_u:system_r:ftpd_t tcontext=system_u:system_r:ftpd_t
> tclass=file
> audit(1097532459.653:0): avc: denied { search } for pid=2285
> exe=/usr/sbin/vsftpd name=media dev=hda2 ino=5210119
> scontext=system_u:system_r:ftpd_t
> tcontext=system_u:object_r:user_home_dir_t tclass=dir
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
If you want your local users to access the server, you will need:
# Uncomment this to allow local users to log in.
local_enable=YES
If you want them to write/upload:
# Uncomment this to enable any form of FTP write command.
write_enable=YES
The:
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=YES
Will keep your user "jailed" so that if someone is snooping your ftp
(clear text) they can't get any further than your users dir.
