Setting SELinux for vsftpd

Rick Stevens ricks at nerd.com
Tue Jan 6 19:02:26 UTC 2009 

Mark Haney wrote:
> I've got a server that we use to do speed testing of our upstreams (and
> customers links) using FTP.  This is a fresh F10 install and I'm getting
> what seems to be a very common selinux ftp error (226 Failed to open
> directory). I've googled up a couple of forum posts on how to fix it,
> but most say just to disable selinux.  That I'd not like to do.
> However, one of the options says to do this:
> 
> setsebool -P ftpd_disable_trans 1
> 
> But I get an error:
> 
> [root at noc5 speedtest]# setsebool -P ftpd_disable_trans 1
> libsemanage.dbase_llist_set: record not found in the database
> libsemanage.dbase_llist_set: could not set record value
> Could not change boolean ftpd_disable_trans
> Could not change policy booleans
> 
> I have seen the GUI method of doing this, but since I don't run X on
> this server that's not much help.  What's the correct method of setting
> selinux up for this?

I don't believe that's a legit SELinux boolean for F10.  A default
SELinux config on F10 shows:

	[root at prophead ~]# getsebool -a | grep ftp
	allow_ftpd_anon_write --> off
	allow_ftpd_full_access --> off
	allow_ftpd_use_cifs --> off
	allow_ftpd_use_nfs --> off
	ftp_home_dir --> off
	httpd_enable_ftp_server --> off
	tftp_anon_write --> off

as the only legit booleans having to do with ftp.  A check of the
SELinux logs would be far more useful, but my guess is that SELinux is
blocking access to home directories.  In that case, try

	[root at prophead ~]# setsebool -P ftp_home_dir 1

wait a minute or so after issuing that command before you try an FTP
login and transfer again...some stuff needs relabeling after that
command and it takes a bit of time to do that.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-     If one is what one eats, then I am fast, cheap and greasy!     -
----------------------------------------------------------------------

More information about the fedora-list mailing list