Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: Selinux an vsftp: msg#00092
|
Subject: |
Re: Selinux an vsftp |
Tomas Larsson wrote:
-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh@xxxxxxxxxx]
Sent: Wednesday, September 21, 2005 2:34 PM
To: Tomas Larsson
Cc: fedora-selinux-list@xxxxxxxxxx
Subject: Re: Selinux an vsftp
Tomas Larsson wrote:
I am getting 500 OOPS: failed to open xferlog log
file:/var/log/vsftpd.log, so I'm gessing that its something wrong in
the selinux-setup
Ls -Z looks lime this
-rw-r--r-- root root system_u:object_r:var_log_t
vsftpd.log
And in audit log
type=AVC msg=audit(1127260722.483:14084097): avc: denied {
append }
for pid=622 comm="vsftpd" name="vsftpd.log" dev=dm-0 ino=1143798
scontext=system_u:system_r:ftpd_t
tcontext=system_u:object_r:var_log_t
tclass=file
I'm guessing that I've got something wrong, but cant find what to do
With best regards
Tomas Larsson
Sweden
Verus Amicus Est Tamquam Alter Idem
--
fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Looks like a bug in file context.
chcon -t xferlog_t /var/log/vsftpd.log
should fix it.
I will update policy
--
I've got that one sorted, deleted the logfile and restarted vsftpd.
Now got other problems:
Need anonymous ftp, configured ftpd correct (I think).
Created a user "ftpuser" for anoymous ftp in /var
ls -Z looks like this:
drwxrwsrwx ftpuser ftpuser system_u:object_r:ftpd_anon_t ftp
In ftp I have
drwxrwsrwx ftpuser ftpuser system_u:object_r:ftpd_anon_t pub
If you are trying to write to the directory you need ftpd_anon_rw_t and
boolean allow_ftpd_anon_write=1
And get 553 errors,
TYPE I
200 Switching to Binary mode.
PORT 192,168,0,2,6,45
200 PORT command successful. Consider using PASV.
STOR 465_v6.pdf
553 Could not create file.
Transfer request completed with status: Failed, 1 SubItem(s) failed
The audit log look like this
type=AVC msg=audit(1127307868.846:713105): avc: denied { write } for
pid=9357 comm="vsftpd" name="ftp" dev=dm-0 ino=1143637
scontext=root:system_r:ftpd_t tcontext=system_u:object_r:ftpd_anon_t
tclass=dir
type=SYSCALL msg=audit(1127307868.846:713105): arch=40000003 syscall=5
success=no exit=-13 a0=96b08c0 a1=84c1 a2=1b6 a3=84c1 items=1 pid=9357
auid=0 uid=501 gid=500 euid=501 suid=501 fsuid=501 egid=500 sgid=500
fsgid=500 comm="vsftpd" exe="/usr/sbin/vsftpd"
type=CWD msg=audit(1127307868.846:713105): cwd="/"
type=PATH msg=audit(1127307868.846:713105): item=0 name="465_v6.pdf"
flags=310 inode=1143637 dev=fd:00 mode=042777 ouid=501 ogid=500 rdev=00:00
type=AVC msg=audit(1127307868.880:713157): avc: denied { getattr } for
pid=9357 comm="vsftpd" name="pub" dev=dm-0 ino=1143638
scontext=root:system_r:ftpd_t tcontext=system_u:object_r:ftpd_anon_rw_t
tclass=dir
type=SYSCALL msg=audit(1127307868.880:713157): arch=40000003 syscall=196
success=no exit=-13 a0=96b0aa0 a1=96b0ab0 a2=66cff4 a3=cc1eec items=1
pid=9357 auid=0 uid=501 gid=500 euid=501 suid=501 fsuid=501 egid=500
sgid=500 fsgid=500 comm="vsftpd" exe="/usr/sbin/vsftpd"
type=AVC_PATH msg=audit(1127307868.880:713157): path="/pub"
type=CWD msg=audit(1127307868.880:713157): cwd="/"
type=PATH msg=audit(1127307868.880:713157): item=0 name="pub" flags=0
inode=1143638 dev=fd:00 mode=042777 ouid=501 ogid=500 rdev=00:00
type=AVC msg=audit(1127308017.113:730070): avc: denied { write } for
pid=9357 comm="vsftpd" name="ftp" dev=dm-0 ino=1143637
scontext=root:system_r:ftpd_t tcontext=system_u:object_r:ftpd_anon_t
tclass=dir
type=SYSCALL msg=audit(1127308017.113:730070): arch=40000003 syscall=5
success=no exit=-13 a0=96b08c0 a1=84c1 a2=1b6 a3=84c1 items=1 pid=9357
auid=0 uid=501 gid=500 euid=501 suid=501 fsuid=501 egid=500 sgid=500
fsgid=500 comm="vsftpd" exe="/usr/sbin/vsftpd"
type=CWD msg=audit(1127308017.113:730070): cwd="/"
type=PATH msg=audit(1127308017.113:730070): item=0 name="465_v6.pdf"
flags=310 inode=1143637 dev=fd:00 mode=042777 ouid=501 ogid=500 rdev=00:00
With best regards
Tomas Larsson
Sweden
Verus Amicus Est Tamquam Alter Idem
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
|
| |
