LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-24-2006, 11:27 AM   #1
swpr
LQ Newbie
 
Registered: Jun 2006
Posts: 5

Rep: Reputation: 0
selinux with vsftpd and httpd


Hi,

I'm setting up a FedoraCore5 server and I want to give my friends access to their own virtual web sites.

I've configured httpd okay, serving out of their home directories. I want to also give them FTP access so they can upload their content.

I've installed vsftpd and had it working okay with chroot jail to prevent them going outside their home dir. I've also set their shell to /sbin/nologin so they cannot ssh onto the box.

My problem is getting httpd and vsftpd working at the same time.

I've done
setsebool -P ftp_home_dir 1
so that I can make dirs when ftping.

I've done
chcon -R -h -t httpd_sys_content_t /home/myuser/public_html
so that httpd can serve the html content.

I think though that this last step stops me from being able to FTP now. Is there an easy way to give httpd and vsftpd access to the same directory at the same time?

(I don't know much about SELinux)
 
Old 06-24-2006, 12:53 PM   #2
w3bd3vil
Senior Member
 
Registered: Jun 2006
Location: Hyderabad, India
Distribution: Fedora
Posts: 1,189

Rep: Reputation: 49
I am assuming you have only two users on the system. Ones you.

You could just enable "local_enable=YES" in the vsftpd.conf file and set the virtual host directory in the httpd.conf as the home directory of the user.
So whenever the guy logson he goes to /home/us3r/ but cannot login into shell as he has /sbin/nologin.
 
Old 06-26-2006, 07:13 AM   #3
swpr
LQ Newbie
 
Registered: Jun 2006
Posts: 5

Original Poster
Rep: Reputation: 0
Thanks for the response, but I have the web server and ftp server set up fine - the web root is the <user home directory>/public_html and the ftp server chroot() jails them to their home.

My problem has been with SELinux and allowing both httpd and ftpd access to the content in the user home at the same time.

I can do it independently. i.e I can get vsftpd working okay, but then when I give httpd access using
chcon -R -h -t httpd_sys_content_t /home/blah/public_html
then vsftpd is denied.

and visa versa.

The only solution I have for now is to disable SELinux for ftpd using
setsebool -P ftpd_disable_trans 1

Then I can get both working at the same time.

Not knowing SELinux I would have thought I could cumulatively add permissions to a directory. That is, permit httpd and then add ftpd so they both had access.

Thanks.
 
Old 06-26-2006, 04:34 PM   #4
vimal
Red Hat India
 
Registered: Nov 2004
Location: Kerala/Pune,india
Distribution: RedHat, Fedora
Posts: 260

Rep: Reputation: 34
Hello swpr,

You don't need to enable SELinux for your configuration to work. Your configuration will work fine and all the restrictions will get imposed. The FTP default login directory can be set in the vsftpd.conf file and the HTTP login folder can be done as you have configured.

Thanks..
 
Old 06-28-2006, 05:49 AM   #5
swpr
LQ Newbie
 
Registered: Jun 2006
Posts: 5

Original Poster
Rep: Reputation: 0
I know I don't *need* SELinux, but I can get them both running one at a time, but not both together - am I not explaining this clearly enough.

I shouldn't have to fully disable SELinux to allow ftpd and httpd access to the same directory should I? It should be real simple to allow both process access to this one directory.

I've seen a lot of comments on the web about how hard SELinux is, and how everyone just seems to turn it off because they can't figure out how to make it play nice, so thats what I'm going to have to do.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd and SELinux HelplessNewbie Linux - Software 6 08-28-2007 10:54 AM
Trying to enable SSL security to vsftpd/httpd, buti have no idea where to start. CodeWarriorFX Linux - Security 1 12-14-2005 10:20 AM
httpd-selinux. Real pleasure. Who can explain this? mazonka Linux - Software 2 11-24-2005 03:26 PM
httpd and vsftpd problems running maximyus Linux - Networking 3 01-24-2005 12:24 AM
service httpd status, results in httpd dead but subsys locked squadja Red Hat 2 09-11-2004 10:31 PM


All times are GMT -5. The time now is 03:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration