Allowing vsftpd access for user's home directory
Thomas Bleher
bleher at informatik.uni-muenchen.de
Thu May 11 08:57:51 UTC 2006
* Thomas Bleher <bleher at informatik.uni-muenchen.de> [2006-05-11 09:16]:
> * Ketut Mahaindra <kmahaindra at axalto.com> [2006-05-11 07:19]:
> > - I have the following AVC error messages:
> > avc: denied { dac_override } for pid=9099 comm="vsftpd" capability=1
> > scontext=system_u:system_r:ftpd_t:s0 tcontext=system_u:system_r:ftpd_t:s0
> > tclass=capability
> > avc: denied { dac_read_search } for pid=9099 comm="vsftpd" capability=2
> > scontext=system_u:system_r:ftpd_t:s0 tcontext=system_u:system_r:ftpd_t:s0
> > tclass=capability
>
> This means that vsftpd can't access some files or directories because it
> does not have DAC rights on it. Probably some home directory is mode
> 0700. Either you change the rights on the directory or you allow the
> capabilities as discussed in this thread.
BTW: Is there some way to get more information out of the kernel about
which file is being accessed? This would be really helpful in debugging
why an application needs dac_override.
Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060511/d43587e6/attachment.sig>
More information about the fedora-selinux-list
mailing list