LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Why no ftp_home_dir in Fedora ? (https://www.linuxquestions.org/questions/linux-newbie-8/why-no-ftp_home_dir-in-fedora-4175580648/)

mangya 05-25-2016 05:36 AM
Why no ftp_home_dir in Fedora ?
 
Hello

I just installed Fedora 23 and tried to setup vsftpd server. Its surprising fedora doesn't have selinux ftp_home_dir boolen. How come ?

Fedora 23
Code:
# semanage boolean -l | grep '_home_'
samba_create_home_dirs        (off  ,  off)  Allow samba to create home dirs
spamd_enable_home_dirs        (on  ,  on)  Allow spamd to enable home dirs
use_samba_home_dirs            (off  ,  off)  Allow use to samba home dirs
samba_enable_home_dirs        (off  ,  off)  Allow samba to enable home dirs
use_ecryptfs_home_dirs        (off  ,  off)  Allow use to ecryptfs home dirs
use_nfs_home_dirs              (off  ,  off)  Allow use to nfs home dirs
tftp_home_dir                  (off  ,  off)  Allow tftp to home dir
use_fusefs_home_dirs          (off  ,  off)  Allow use to fusefs home dirs
Whereas in CentOS 7,
Code:
# semanage boolean -l | grep '_home_'
ftp_home_dir                  (off  ,  off)  Allow ftp to home dir
use_ecryptfs_home_dirs        (off  ,  off)  Allow use to ecryptfs home dirs
samba_enable_home_dirs        (off  ,  off)  Allow samba to enable home dirs
use_samba_home_dirs            (off  ,  off)  Allow use to samba home dirs
samba_create_home_dirs        (off  ,  off)  Allow samba to create home dirs
spamd_enable_home_dirs        (on  ,  on)  Allow spamd to enable home dirs
tftp_home_dir                  (off  ,  off)  Allow tftp to home dir
use_fusefs_home_dirs          (off  ,  off)  Allow use to fusefs home dirs
use_nfs_home_dirs              (off  ,  off)  Allow use to nfs home dirs
Thanks

Turbocapitalist 05-25-2016 11:09 AM
Fedora is ahead of CentOS, so I expect that is the direction a later version of CentOS will also take.

If you identify the package that supplies the file, then you could find the version control system for it that Fedora uses. Then you could dig through the commits until you find the right one and hopefully the comment will have some clarification.

But just guessing, it could be that is soon finally over for FTP. Anonymous FTP can be replaced by either HTTP or a Torrent. Uploads can be handled by HTTPS (and some server side help) or SFTP. Old FTP with login should not be allowed. Add to that the complexity of setting it up and the permanent, unfixable insecurity and you have to wonder why it was allowed to hang on for so many years.

Habitual 05-25-2016 11:28 AM
Quote:
Originally Posted by mangya (Post 5550533)
Hello

I just installed Fedora 23 and tried to setup vsftpd server. Its surprising fedora doesn't have selinux ftp_home_dir boolen. How come ?
So, try
Code:
setsebool -P ftp_home_dir on
and re-check.

mangya 05-25-2016 11:56 AM
Quote:
Originally Posted by Habitual (Post 5550690)
So, try
Code:
setsebool -P ftp_home_dir on
and re-check.
I Cant. I've disabled anonymous login and allowed only authorized users to access their respective home directory. So unless I set the boolean ftp_home_dir, users wont be allowed to access their home directories.

Code:
# setsebool -P ftp_home_dir on
Boolean ftp_home_dir is not defined
Cause there is no ftp_home_dir boolean in Fedora23 like CentOS.

Fedora23 (no result)
Code:
# semanage boolean -l | grep '^ftp_home_dir'
CentOS
Code:
# semanage boolean -l | grep '^ftp_home_dir'
ftp_home_dir                  (on  ,  on)  Allow ftp to home dir
Temporarily managed to allow users to login to their respective home directories by using
Code:
# setsebool -P ftpd_full_access 1
Don't know how vulnerable it will be. :confused:

Habitual 05-25-2016 11:58 AM
Only Fedora knows for sure.


All times are GMT -5. The time now is 06:35 PM.