vsftpd and ~/public_html

Daniel J Walsh dwalsh at redhat.com
Mon Aug 29 17:04:42 UTC 2005


Dawid Gajownik wrote:

> Hi!
>
>     I have silly problem: I'm not able to enter ~/public_html 
> directory using ftp client. I found this AVC messages in 
> /var/log/audit/audit.log:
>
> type=AVC msg=audit(1125243640.479:279): avc:  denied  { search } for 
> pid=10731 comm="vsftpd" name="public_html" dev=hda6 ino=229557 
> scontext=root:system_r:ftpd_t 
> tcontext=system_u:object_r:httpd_sys_content_t tclass=dir
> type=SYSCALL msg=audit(1125243640.479:279): arch=40000003 syscall=12 
> success=no exit=-13 a0=8927908 a1=0 a2=fd2524 a3=bfbfa5bc items=1 
> pid=10731 auid=4294967295 uid=500 gid=100 euid=500 suid=500 fsuid=500 
> egid=100 sgid=100 fsgid=100 comm="vsftpd" exe="/usr/sbin/vsftpd"
> type=CWD msg=audit(1125243640.479:279):  cwd="/home/y4kk0"
> type=PATH msg=audit(1125243640.479:279): item=0 name="public_html" 
> flags=3  inode=229557 dev=03:06 mode=040777 ouid=500 ogid=100 rdev=00:00
>
> [y4kk0 at X ~]$ ls -Zd public_html/
> drwxrwxrwx  y4kk0    users    system_u:object_r:httpd_user_content_t 
> public_html/
> [y4kk0 at X ~]$
>
> selinux-policy-targeted-1.25.4-10
> system: Fedora Core 4
>
> Maybe default policy should allow ftp server to enter this directory 
> so users would be able to upload their WWW stuff via ftp?
>
> Regards,
>     Dawid Gajownik
>
Sounds reasonable,  I will add it.

-- 





More information about the fedora-selinux-list mailing list