vsftpd using mysql
Paul Howarth
paul at city-fan.org
Tue Feb 10 16:17:46 UTC 2009
Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Paul Howarth wrote:
>> Daniel J Walsh wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Maria Iano wrote:
>>>> My vsftpd server needs to talk to my mysql server, and is being denied.
>>>> Before I use audit2allow to make special rules I wanted to ask whether
>>>> there is a boolean out there that I am missing. Here is what audit2allow
>>>> gives me:
>>>>
>>>> allow ftpd_t mysqld_db_t:dir search;
>>>> allow ftpd_t mysqld_t:unix_stream_socket connectto;
>>>> allow ftpd_t mysqld_var_run_t:sock_file write;
>>>>
>>>> I notice there is a boolean for httpd to talk to mysql, which makes me
>>>> think there might be one for vsftpd. Does anyone know if such a one
>>>> exists?
>>>>
>>>> Thanks,
>>>> Maria
>>>>
>>>> --
>>>> fedora-selinux-list mailing list
>>>> fedora-selinux-list at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>> Why does ftpd talk to mysqld?
>> To use a database backend for virtual users I'd guess.
>>
>> http://www.niraj.info/vsftpd-mysql
>>
>> Paul.
> Learn something new every day...
>
> Miroslav, can you add the following snippets to F9 and F10 policy.
>
>
> ## <desc>
> ## <p>
> ## Allow ftp servers to use connect to mysql database
> ## </p>
> ## </desc>
> gen_tunable(ftpd_connect_db, false)
>
> ## <desc>
> ## <p>
>
> ....
>
> optional_policy(`
> tunable_policy(`ftpd_connect_db',`
> mysql_stream_connect(ftpd_t)
> ')
> ')
It's not just vsftpd that can do this btw - proftpd supports postgresql
and LDAP backends for this purpose.
Paul.
More information about the fedora-selinux-list
mailing list