LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Why is SELinux blocking my FTP uploads?
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
Page 1 of 2 1 2
  Search this Thread
Old 01-14-2013, 02:12 PM   #1
fakefake
LQ Newbie
 
Registered: Jan 2013
Posts: 11

Rep: Reputation: Disabled
Why is SELinux blocking my FTP uploads?

I've set up a box with CentOS 6.3, Apache, PHP, MySQL, and Vsftpd to learn on in a LAN in my home.

Here's my problem:

When I try to upload a test file to the /var/www/html/ folder via ftp, FileZilla reports: "553 could not create file. Critical file transfer error".

However, when I disable SELinux with
Code:
setenforce 0
, my upload works fine. When I re-enable it with
Code:
setenforce 1
, I get the same error message.

It may help to note that I can write to this folder when logged in locally to CentOS using the same user/password combo for Terminal/GNOME that I use with FileZilla remotely, I just can't do it via FTP if SELinux is enabled.

Any idea how I can keep SELinux enabled and still allow me the FTP access I want?

If it helps the diagnosis, here is my
Code:
sestatus
when SELinux enabled:

Code:
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
and my
Quote:
getsebool -a
status when enabled:

Code:
abrt_anon_write --> off
abrt_handle_event --> off
allow_console_login --> on
allow_cvs_read_shadow --> off
allow_daemons_dump_core --> on
allow_daemons_use_tcp_wrapper --> off
allow_daemons_use_tty --> on
allow_domain_fd_ use --> on
allow_execheap --> off
allow_execmem --> on
allow_execmod --> on
allow_execstack --> on
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
allow_gssd_read_tmp --> on
allow_guest_exec_content --> off
allow_httpd_anon_write --> off
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
allow_java_execstack --> off
allow_kerberos --> on
allow_mount_anyfile --> on
allow_mplayer_execstack --> off
allow_nsplugin_execmem --> on
allow_polyinstantiation --> off
allow_postfix_local_write_mail_spool --> on
allow_ptrace --> off
allow_rsync_anon_write --> off
allow_saslauthd_read_shadow --> off
allow_smbd_anon_write --> off
allow_ssh_keysign --> off
allow_staff_exec_content --> on
allow_sysadm_exec_content --> on
allow_unconfined_nsplugin_transition --> off
allow_user_exec_content --> on
allow_user_mysql_connect --> off
allow_user_postgresql_connect --> off
allow_write_xshm --> off
allow_xguest_exec_content --> off
allow_xserver_execmem --> off
allow_ypbind --> off
allow_zebra_write_config --> on
authlogin_radius --> off
cdrecord_read_content --> off
clamd_use_jit --> off
cobbler_anon_write --> off
cobbler_can_network_connect --> off
cobbler_use_cifs --> off
cobbler_use_nfs --> off
condor_domain_can_network_connect --> off
cron_can_relabel --> off
dhcpc_exec_iptables --> off
domain_kernel_load_modules --> off
exim_can_connect_db --> off
exim_manage_user_files --> off
exim_read_user_files --> off
fcron_crond --> off
fenced_can_network_connect --> off
fenced_can_ssh --> off
ftp_home_dir --> on
ftpd_connect_db --> off
ftpd_use_passive_mode --> off
git_cgit_read_gitosis_content --> off
git_session_bind_all_unreserved_ports --> off
git_system_enable_homedirs --> off
git_system_use_cifs --> off
git_system_use_nfs --> off
global_ssp --> off
gpg_agent_env_file --> off
gpg_web_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> on
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_manage_ipa --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_tmp_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_verify_dns --> off
icecast_connect_any --> off
init_upstart --> on
irssi_use_full_network --> off
logging_syslogd_can_sendmail --> off
mmap_low_allowed --> off
mozilla_read_content --> off
mysql_connect_any --> off
named_write_master_zones --> off
ncftool_read_user_content --> off
nscd_use_shm --> on
nsplugin_can_network --> on
openvpn_enable_homedirs --> on
piranha_lvs_can_network_connect --> off
pppd_can_insmod --> off
pppd_for_user --> off
privoxy_connect_any --> on
puppet_manage_all_files --> off
puppetmaster_use_db --> off
qemu_full_network --> on
qemu_use_cifs --> on
qemu_use_comm --> off
qemu_use_nfs --> on
qemu_use_usb --> on
racoon_read_shadow --> off
rgmanager_can_network_connect --> off
rsync_client --> off
rsync_export_all_ro --> off
rsync_use_cifs --> off
rsync_use_nfs --> off
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_fusefs --> off
sanlock_use_nfs --> off
sanlock_use_samba --> off
secure_mode --> off
secure_mode_insmod --> off
secure_mode_policyload --> off
sepgsql_enable_users_ddl --> on
sepgsql_unconfined_dbadm --> on
sge_domain_can_network_connect --> off
sge_use_nfs --> off
smartmon_3ware --> off
spamassassin_can_network --> off
spamd_enable_home_dirs --> on
squid_connect_any --> on
squid_use_tproxy --> off
ssh_chroot_rw_homedirs --> off
ssh_sysadm_login --> off
telepathy_tcp_connect_generic_network_ports --> off
tftp_anon_write --> off
tor_bind_all_unreserved_ports --> off
unconfined_login --> on
unconfined_mmap_zero_ignore --> off
unconfined_mozilla_plugin_transition --> off
use_fusefs_home_dirs --> off
use_lpd_server --> off
use_nfs_home_dirs --> on
use_samba_home_dirs --> off
user_direct_dri --> on
user_direct_mouse --> off
user_ping --> on
user_rw_noexattrfile --> on
user_setrlimit --> on
user_tcp_server --> off
user_ttyfile_stat --> off
varnishd_connect_any --> off
vbetool_mmap_zero_ignore --> off
virt_use_comm --> off
virt_use_fusefs --> off
virt_use_nfs --> off
virt_use_samba --> off
virt_use_sanlock --> off
virt_use_sysfs --> on
virt_use_usb --> on
virt_use_xserver --> off
webadm_manage_user_files --> off
webadm_read_user_files --> off
wine_mmap_zero_ignore --> off
xdm_exec_bootloader --> off
xdm_sysadm_login --> off
xen_use_nfs --> off
xguest_connect_network --> on
xguest_mount_media --> on
xguest_use_bluetooth --> on
xserver_object_manager --> off
When researching this issue, it seems like many solutions suggest just disabling SELinux, but I'm guessing that wouldn't be a good idea...

Any suggestions?
 
Old 01-14-2013, 02:17 PM   #2
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604

Rep: Reputation: 415Reputation: 415Reputation: 415Reputation: 415Reputation: 415
Well it's going to come down to the selinux attributes of the directory/files you are trying to upload to or overwrite.

run an ls -z to see its attributes. Then we can work from there and turn on or off the attributes that are causing the problems

---------- Post added 01-14-13 at 01:17 PM ----------

http://docs.fedoraproject.org/en-US/...ing_Files.html

http://www.centos.org/docs/5/html/De...pter-0017.html
 
Old 01-14-2013, 02:25 PM   #3
fakefake
LQ Newbie
 
Registered: Jan 2013
Posts: 11

Original Poster
Rep: Reputation: Disabled
[QUOTE=Kustom42;4869918]Run an ls -z to see its attributes. Then we can work from there and turn on or off the attributes that are causing the problems[COLOR="Silver"]

Here are the permissions for /var/www/ folder

Code:
drwxrwxr-x.  6 apache apache 4096 Jan 12 06:40 .
drwxr-xr-x. 23 root   root   4096 Jan 13 15:19 ..
drwxrwxr-x.  2 apache apache 4096 Feb 13  2012 cgi-bin
drwxrwxr-x.  3 apache apache 4096 Jan 12 06:40 error
drwxrwxr-x.  2 apache apache 4096 Jan 14 12:04 html
drwxrwxr-x.  3 apache apache 4096 Jan 12 13:02 icons
and for the html /var/www/html folder which is my desired target for files

Code:
drwxrwxr-x. 2 apache apache 4096 Jan 14 12:04 .
drwxrwxr-x. 6 apache apache 4096 Jan 12 06:40 ..
-rwxrwxr-x. 1 apache apache   21 Jan 12 14:45 info.php
Does the above help? Thanks for the advice...
 
Old 01-14-2013, 03:23 PM   #4
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604

Rep: Reputation: 415Reputation: 415Reputation: 415Reputation: 415Reputation: 415
That is your file permissions output, not your selinux context output. I believe it is a capital -Z so that was my mistake in original post.


Post the output of an ls passing the -Z option to see the selinux context.
 
Old 01-14-2013, 03:33 PM   #5
fakefake
LQ Newbie
 
Registered: Jan 2013
Posts: 11

Original Poster
Rep: Reputation: Disabled
Here is [root@localhost www]# ls -Z

Code:
drwxrwxr-x. apache apache system_u:object_r:httpd_sys_content_t:s0 cgi-bin
drwxrwxr-x. apache apache system_u:object_r:httpd_sys_content_t:s0 error
drwxrwxr-x. apache apache system_u:object_r:httpd_sys_content_t:s0 html
drwxrwxr-x. apache apache system_u:object_r:httpd_sys_content_t:s0 icons
and [root@localhost html]# ls -Z

Code:
-rwxrwxr-x. apache  apache  system_u:object_r:httpd_sys_content_t:s0 info.php
 
Old 01-14-2013, 04:32 PM   #6
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604

Rep: Reputation: 415Reputation: 415Reputation: 415Reputation: 415Reputation: 415
You can do some searching for "vsftpd selinux content" and I would highly recommend it before changing anything so you can understand what you're dealing with here but if you run this command in the directory you should be ok to access it via FTP with selinux enabled.

Code:
/usr/sbin/setsebool  -P ftp_home_dir=1
 
Old 01-14-2013, 05:17 PM   #7
fakefake
LQ Newbie
 
Registered: Jan 2013
Posts: 11

Original Poster
Rep: Reputation: Disabled
Actually, I did come across

Code:
/usr/sbin/setsebool  -P ftp_home_dir=1
in my previous research, but it didn't seem to help the situation.

I've also seen
Quote:
getsebool -a | grep ftp
paired with
Code:
/usr/sbin/setsebool  -P ftp_home_dir= on
but that also gives me the same "553 Could Not Complete Error" - assuming I leave SELinux enabled.

I also tried rebooting in case SELinux needed to restart after changes, but no joy.

What next? (I really appreciatye your time by the way...)
 
Old 01-14-2013, 05:46 PM   #8
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604

Rep: Reputation: 415Reputation: 415Reputation: 415Reputation: 415Reputation: 415
Code:
setsebool -P allow_ftpd_full_access=1

This will give FULL access to the ftp daemon throughout the file system. Since the directories are running your apache sites it's best not to mess with the user context as it could prevent apache from having proper access to the files.

---------- Post added 01-14-13 at 04:47 PM ----------

The previous suggestion about the ftp_home_dir allows the ftp connection for the user to reach thier home directory, so unless your user has a home directory of /var/www/ it wouldnt work, I just wanted to make sure that wasnt apart of the issue.
 
Old 01-14-2013, 06:15 PM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
I would first look at what VsFTPd logs error-wise, then check /var/log/messages and /var/log/audit/audit.log (if you have it) for related errors and see the actual FileZilla debug log entries. A very quick way to diagnose would be to run 'audit2allow < /var/log/audit/audit.log | tee /tmp/report.txt' then attach "/tmp/report.txt" as plain text.
 
Old 01-14-2013, 06:32 PM   #10
fakefake
LQ Newbie
 
Registered: Jan 2013
Posts: 11

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Kustom42 View Post

[/COLOR]The previous suggestion about the ftp_home_dir allows the ftp connection for the user to reach thier home directory, so unless your user has a home directory of /var/www/ it wouldnt work, I just wanted to make sure that wasnt apart of the issue.
You are correct. /var/www/html/ isn't in a home directory. Note: As expected, I can rw in my home directories fine even with SELinux enabled.

My end goal is to be able to rw into /var/www/html/ and any future recursive (I think that's the term) while SELinux is enabled.
 
Old 01-14-2013, 07:49 PM   #11
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,360

Rep: Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751
I think you're going to need
Code:
chcon -t public_content_rw_t <target_dir>
If it works, to make it a permanent change you'll need the semanage cmd http://linux.die.net/man/8/semanage

Something like
Code:
semanage fcontext -a -t public_content_rw_t <target_dir>
 
Old 01-14-2013, 08:26 PM   #12
fakefake
LQ Newbie
 
Registered: Jan 2013
Posts: 11

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
I would first look at what VsFTPd logs error-wise, then check /var/log/messages and /var/log/audit/audit.log (if you have it) for related errors and see the actual FileZilla debug log entries. A very quick way to diagnose would be to run 'audit2allow < /var/log/audit/audit.log | tee /tmp/report.txt' then attach "/tmp/report.txt" as plain text.
OK, I did a reboot to clear some of the log files and at start up /var/log/audit/audit had 43 lines, I closed it and attempted some ftp uploads and they all errored out of course and that added another dozen or so lines to the log, so I know audit.log captures something in regards to my problem. I also replaced my username with MYUSERNAME in the text below. Please let me know if you can find something I should edit out if it shouldn't be made available to the world.

Code:
type=DAEMON_START msg=audit(1358212978.897:2943): auditd start, ver=2.2 format=raw kernel=2.6.32-279.19.1.el6.i686 auid=4294967295 pid=1310 subj=system_u:system_r:auditd_t:s0 res=success
type=CONFIG_CHANGE msg=audit(1358212979.030:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1
type=USER_AUTH msg=audit(1358213013.781:5): user pid=2222 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="MYUSERNAME" exe="/usr/libexec/gdm-session-worker" hostname=? addr=? terminal=:0 res=success'
type=USER_ACCT msg=audit(1358213013.788:6): user pid=2222 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="MYUSERNAME" exe="/usr/libexec/gdm-session-worker" hostname=? addr=? terminal=:0 res=success'
type=CRED_ACQ msg=audit(1358213013.800:7): user pid=2222 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="MYUSERNAME" exe="/usr/libexec/gdm-session-worker" hostname=? addr=? terminal=:0 res=success'
type=LOGIN msg=audit(1358213013.801:8): pid=2222 uid=0 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 old auid=4294967295 new auid=500 old ses=4294967295 new ses=1
type=USER_ROLE_CHANGE msg=audit(1358213014.127:9): user pid=2222 uid=0 auid=500 ses=1 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/gdm-session-worker" hostname=? addr=? terminal=:0 res=success'
type=USER_START msg=audit(1358213014.355:10): user pid=2222 uid=0 auid=500 ses=1 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="MYUSERNAME" exe="/usr/libexec/gdm-session-worker" hostname=? addr=? terminal=:0 res=success'
type=USER_LOGIN msg=audit(1358213014.355:11): user pid=2222 uid=0 auid=500 ses=1 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=500 exe="/usr/libexec/gdm-session-worker" hostname=? addr=? terminal=/dev/tty1 res=success'
type=AVC msg=audit(1358213014.837:12): avc:  denied  { read write } for  pid=2242 comm="gdm-session-wor" name="MYUSERNAME" dev=dm-2 ino=2359297 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
type=SYSCALL msg=audit(1358213014.837:12): arch=40000003 syscall=33 success=no exit=-13 a0=9405a08 a1=7 a2=93b1a4 a3=940c8f0 items=0 ppid=2222 pid=2242 auid=500 uid=500 gid=501 euid=500 suid=500 fsuid=500 egid=501 sgid=501 fsgid=501 tty=(none) ses=1 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=USER_AUTH msg=audit(1358213051.215:13): user pid=2640 uid=500 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success'
type=USER_ACCT msg=audit(1358213051.221:14): user pid=2640 uid=500 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success'
type=USER_START msg=audit(1358213051.966:15): user pid=2640 uid=500 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success'
type=CRED_ACQ msg=audit(1358213051.966:16): user pid=2640 uid=500 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success'
type=USER_AUTH msg=audit(1358213143.684:17): user pid=2683 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="MYUSERNAME" exe="/usr/sbin/vsftpd" hostname=192.168.15.6 addr=192.168.15.6 terminal=ftp res=success'
type=USER_ACCT msg=audit(1358213143.690:18): user pid=2683 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="MYUSERNAME" exe="/usr/sbin/vsftpd" hostname=192.168.15.6 addr=192.168.15.6 terminal=ftp res=success'
type=CRED_ACQ msg=audit(1358213143.690:19): user pid=2683 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="MYUSERNAME" exe="/usr/sbin/vsftpd" hostname=192.168.15.6 addr=192.168.15.6 terminal=ftp res=success'
type=USER_AUTH msg=audit(1358213190.982:20): user pid=2690 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="MYUSERNAME" exe="/usr/sbin/vsftpd" hostname=192.168.15.6 addr=192.168.15.6 terminal=ftp res=success'
type=USER_ACCT msg=audit(1358213190.988:21): user pid=2690 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="MYUSERNAME" exe="/usr/sbin/vsftpd" hostname=192.168.15.6 addr=192.168.15.6 terminal=ftp res=success'
type=CRED_ACQ msg=audit(1358213190.989:22): user pid=2690 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="MYUSERNAME" exe="/usr/sbin/vsftpd" hostname=192.168.15.6 addr=192.168.15.6 terminal=ftp res=success'
type=AVC msg=audit(1358213191.015:23): avc:  denied  { write } for  pid=2695 comm="vsftpd" name="html" dev=dm-0 ino=394516 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1358213191.015:23): arch=40000003 syscall=5 success=no exit=-13 a0=1781290 a1=8c41 a2=1b6 a3=1b6 items=0 ppid=2690 pid=2695 auid=4294967295 uid=500 gid=501 euid=500 suid=500 fsuid=500 egid=501 sgid=501 fsgid=501 tty=(none) ses=4294967295 comm="vsftpd" exe="/usr/sbin/vsftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=USER_AUTH msg=audit(1358213394.035:24): user pid=2708 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="MYUSERNAME" exe="/usr/sbin/vsftpd" hostname=192.168.15.6 addr=192.168.15.6 terminal=ftp res=success'
type=USER_ACCT msg=audit(1358213394.041:25): user pid=2708 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="MYUSERNAME" exe="/usr/sbin/vsftpd" hostname=192.168.15.6 addr=192.168.15.6 terminal=ftp res=success'
type=CRED_ACQ msg=audit(1358213394.041:26): user pid=2708 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="MYUSERNAME" exe="/usr/sbin/vsftpd" hostname=192.168.15.6 addr=192.168.15.6 terminal=ftp res=success'
type=AVC msg=audit(1358213394.067:27): avc:  denied  { write } for  pid=2713 comm="vsftpd" name="html" dev=dm-0 ino=394516 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1358213394.067:27): arch=40000003 syscall=5 success=no exit=-13 a0=1781290 a1=8c41 a2=1b6 a3=1b6 items=0 ppid=2708 pid=2713 auid=4294967295 uid=500 gid=501 euid=500 suid=500 fsuid=500 egid=501 sgid=501 fsgid=501 tty=(none) ses=4294967295 comm="vsftpd" exe="/usr/sbin/vsftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=USER_ACCT msg=audit(1358213401.146:28): user pid=2714 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_ACQ msg=audit(1358213401.146:29): user pid=2714 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=LOGIN msg=audit(1358213401.169:30): pid=2714 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2
type=USER_START msg=audit(1358213401.175:31): user pid=2714 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_DISP msg=audit(1358213401.302:32): user pid=2714 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_END msg=audit(1358213401.302:33): user pid=2714 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_AUTH msg=audit(1358213760.650:34): user pid=2734 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="MYUSERNAME" exe="/usr/sbin/vsftpd" hostname=192.168.15.6 addr=192.168.15.6 terminal=ftp res=success'
type=USER_ACCT msg=audit(1358213760.657:35): user pid=2734 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="MYUSERNAME" exe="/usr/sbin/vsftpd" hostname=192.168.15.6 addr=192.168.15.6 terminal=ftp res=success'
type=CRED_ACQ msg=audit(1358213760.657:36): user pid=2734 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="MYUSERNAME" exe="/usr/sbin/vsftpd" hostname=192.168.15.6 addr=192.168.15.6 terminal=ftp res=success'
type=AVC msg=audit(1358213762.092:37): avc:  denied  { append } for  pid=2739 comm="vsftpd" name="fat.jpg" dev=dm-0 ino=395426 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file
type=SYSCALL msg=audit(1358213762.092:37): arch=40000003 syscall=5 success=no exit=-13 a0=1781290 a1=8c41 a2=1b6 a3=1b6 items=0 ppid=2734 pid=2739 auid=4294967295 uid=500 gid=501 euid=500 suid=500 fsuid=500 egid=501 sgid=501 fsgid=501 tty=(none) ses=4294967295 comm="vsftpd" exe="/usr/sbin/vsftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1358213779.585:38): avc:  denied  { write } for  pid=2739 comm="vsftpd" name="html" dev=dm-0 ino=394516 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1358213779.585:38): arch=40000003 syscall=5 success=no exit=-13 a0=1781290 a1=8c41 a2=1b6 a3=1b6 items=0 ppid=2734 pid=2739 auid=4294967295 uid=500 gid=501 euid=500 suid=500 fsuid=500 egid=501 sgid=501 fsgid=501 tty=(none) ses=4294967295 comm="vsftpd" exe="/usr/sbin/vsftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1358213785.775:39): avc:  denied  { write } for  pid=2739 comm="vsftpd" name="html" dev=dm-0 ino=394516 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1358213785.775:39): arch=40000003 syscall=5 success=no exit=-13 a0=1781290 a1=8c41 a2=1b6 a3=1b6 items=0 ppid=2734 pid=2739 auid=4294967295 uid=500 gid=501 euid=500 suid=500 fsuid=500 egid=501 sgid=501 fsgid=501 tty=(none) ses=4294967295 comm="vsftpd" exe="/usr/sbin/vsftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
As far as /var/log/messages, attempting to ftp (successfully or not) doesn't seem to log any new info or lines to the log so I'm not uploading it.

It is too long for this post, but I'll list the contents of a FileZilla log in another one.

Lastly, you suggested I:

Code:
audit2allow < /var/log/audit/audit.log | tee /tmp/report.txt
Unfortunately, I'm unfamiliar with audit2allow. Is it a package? If so, I don't seem to have it installed or at least I don't know how to execute it. If it is a package and not a default command within the shell, can you point me to a repository and I'll install it and post the results of report.txt

I hope some of the above helps.
 
Old 01-14-2013, 08:29 PM   #13
fakefake
LQ Newbie
 
Registered: Jan 2013
Posts: 11

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by fakefake View Post
I'll list the contents of the FileZilla log in another post...
I wiped the FileZilla's log and then attempted two unsuccessful ftp uploads (UploadTest1.txt and UploadTest2.txt) which it kindly recorded in verbose mode:

Code:
2013-01-14 21:04:03 1716 3 Status: Connecting to 192.168.15.5:21...
2013-01-14 21:04:03 1716 3 Status: Connection established, waiting for welcome message...
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:03 1716 3 Response: 220 Welcome to the MY FTP service.
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:03 1716 3 Command: USER MYUSERNAME
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:03 1716 3 Response: 331 Please specify the password.
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:03 1716 3 Command: PASS **************
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:03 1716 3 Response: 230 Login successful.
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:03 1716 3 Command: SYST
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:03 1716 3 Response: 215 UNIX Type: L8
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:03 1716 3 Command: FEAT
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:03 1716 3 Response: 211-Features:
2013-01-14 21:04:03 1716 3 Response:  EPRT
2013-01-14 21:04:03 1716 3 Response:  EPSV
2013-01-14 21:04:03 1716 3 Response:  MDTM
2013-01-14 21:04:03 1716 3 Response:  PASV
2013-01-14 21:04:03 1716 3 Response:  REST STREAM
2013-01-14 21:04:03 1716 3 Response:  SIZE
2013-01-14 21:04:03 1716 3 Response:  TVFS
2013-01-14 21:04:03 1716 3 Response:  UTF8
2013-01-14 21:04:03 1716 3 Response: 211 End
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:03 1716 3 Command: OPTS UTF8 ON
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:03 1716 3 Response: 200 Always in UTF8 mode.
2013-01-14 21:04:03 1716 3 Status: Connected
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:03 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:03 1716 3 Trace: Measured latency of 34 ms
2013-01-14 21:04:03 1716 3 Status: Retrieving directory listing...
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::ChangeDirSend()
2013-01-14 21:04:03 1716 3 Command: PWD
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:03 1716 3 Response: 257 "/home/MYUSERNAME"
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:03 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::ParseSubcommandResult(0)
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::ListSubcommandResult()
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:03 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:03 1716 3 Command: TYPE I
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:04 1716 3 Response: 200 Switching to Binary mode.
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:04 1716 3 Command: PASV
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:04 1716 3 Response: 227 Entering Passive Mode (192,168,15,5,44,80).
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:04 1716 3 Command: LIST
2013-01-14 21:04:04 1716 3 Trace: CTransferSocket::OnConnect
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:04 1716 3 Response: 150 Here comes the directory listing.
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:04 1716 3 Response: 226 Directory send OK.
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:04 1716 3 Trace: CTransferSocket::TransferEnd(1)
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::TransferEnd()
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:04 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::ParseSubcommandResult(0)
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::ListSubcommandResult()
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::ListSend()
2013-01-14 21:04:04 1716 3 Status: Calculating timezone offset of server...
2013-01-14 21:04:04 1716 3 Command: MDTM getsebool
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:04 1716 3 Response: 213 20130114192132
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::ListParseResponse()
2013-01-14 21:04:04 1716 3 Status: Timezone offsets: Server: 0 seconds. Local: -18000 seconds. Difference: -18000 seconds.
2013-01-14 21:04:04 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:04 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:04 1716 3 Status: Directory listing successful
2013-01-14 21:04:15 1716 3 Status: Retrieving directory listing...
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::ChangeDirSend()
2013-01-14 21:04:15 1716 3 Command: CWD /
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:15 1716 3 Response: 250 Directory successfully changed.
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::ChangeDirSend()
2013-01-14 21:04:15 1716 3 Command: PWD
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:15 1716 3 Response: 257 "/"
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:15 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::ParseSubcommandResult(0)
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::ListSubcommandResult()
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:15 1716 3 Command: PASV
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:15 1716 3 Response: 227 Entering Passive Mode (192,168,15,5,133,249).
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:15 1716 3 Command: LIST
2013-01-14 21:04:15 1716 3 Trace: CTransferSocket::OnConnect
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:15 1716 3 Response: 150 Here comes the directory listing.
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:15 1716 3 Response: 226 Directory send OK.
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:15 1716 3 Trace: CTransferSocket::TransferEnd(1)
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::TransferEnd()
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:15 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::ParseSubcommandResult(0)
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::ListSubcommandResult()
2013-01-14 21:04:15 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:15 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:15 1716 3 Status: Directory listing successful
2013-01-14 21:04:20 1716 3 Status: Retrieving directory listing...
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::ChangeDirSend()
2013-01-14 21:04:20 1716 3 Command: CWD /var
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:20 1716 3 Response: 250 Directory successfully changed.
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::ChangeDirSend()
2013-01-14 21:04:20 1716 3 Command: PWD
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:20 1716 3 Response: 257 "/var"
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:20 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::ParseSubcommandResult(0)
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::ListSubcommandResult()
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:20 1716 3 Command: PASV
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:20 1716 3 Response: 227 Entering Passive Mode (192,168,15,5,176,83).
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:20 1716 3 Command: LIST
2013-01-14 21:04:20 1716 3 Trace: CTransferSocket::OnConnect
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:20 1716 3 Response: 150 Here comes the directory listing.
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:20 1716 3 Trace: CTransferSocket::TransferEnd(1)
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:20 1716 3 Response: 226 Directory send OK.
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::TransferEnd()
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:20 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::ParseSubcommandResult(0)
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::ListSubcommandResult()
2013-01-14 21:04:20 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:20 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:20 1716 3 Status: Directory listing successful
2013-01-14 21:04:23 1716 3 Status: Retrieving directory listing...
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::ChangeDirSend()
2013-01-14 21:04:23 1716 3 Command: CWD /var/www
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:23 1716 3 Response: 250 Directory successfully changed.
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::ChangeDirSend()
2013-01-14 21:04:23 1716 3 Command: PWD
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:23 1716 3 Response: 257 "/var/www"
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:23 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::ParseSubcommandResult(0)
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::ListSubcommandResult()
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:23 1716 3 Command: PASV
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:23 1716 3 Response: 227 Entering Passive Mode (192,168,15,5,218,225).
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:23 1716 3 Command: LIST
2013-01-14 21:04:23 1716 3 Trace: CTransferSocket::OnConnect
2013-01-14 21:04:23 1716 3 Trace: CTransferSocket::TransferEnd(1)
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:23 1716 3 Response: 150 Here comes the directory listing.
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:23 1716 3 Response: 226 Directory send OK.
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::TransferEnd()
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:23 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::ParseSubcommandResult(0)
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::ListSubcommandResult()
2013-01-14 21:04:23 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:23 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:23 1716 3 Status: Directory listing successful
2013-01-14 21:04:24 1716 3 Status: Retrieving directory listing...
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::ChangeDirSend()
2013-01-14 21:04:24 1716 3 Command: CWD /var/www/html
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:24 1716 3 Response: 250 Directory successfully changed.
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::ChangeDirSend()
2013-01-14 21:04:24 1716 3 Command: PWD
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:24 1716 3 Response: 257 "/var/www/html"
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:24 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::ParseSubcommandResult(0)
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::ListSubcommandResult()
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:24 1716 3 Command: PASV
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:24 1716 3 Response: 227 Entering Passive Mode (192,168,15,5,235,92).
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:24 1716 3 Command: LIST
2013-01-14 21:04:24 1716 3 Trace: CTransferSocket::OnConnect
2013-01-14 21:04:24 1716 3 Trace: CTransferSocket::TransferEnd(1)
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:24 1716 3 Response: 150 Here comes the directory listing.
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:24 1716 3 Response: 226 Directory send OK.
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::TransferEnd()
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:24 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::ParseSubcommandResult(0)
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::ListSubcommandResult()
2013-01-14 21:04:24 1716 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:24 1716 3 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:24 1716 3 Status: Directory listing successful
2013-01-14 21:04:31 1716 1 Status: Connecting to 192.168.15.5:21...
2013-01-14 21:04:31 1716 1 Status: Connection established, waiting for welcome message...
2013-01-14 21:04:31 1716 1 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:31 1716 1 Response: 220 Welcome to the Basement FTP service.
2013-01-14 21:04:31 1716 1 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:31 1716 1 Command: USER MYUSERNAME
2013-01-14 21:04:31 1716 1 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:31 1716 1 Response: 331 Please specify the password.
2013-01-14 21:04:31 1716 1 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:31 1716 1 Command: PASS **************
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:32 1716 1 Response: 230 Login successful.
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:32 1716 1 Command: OPTS UTF8 ON
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:32 1716 1 Response: 200 Always in UTF8 mode.
2013-01-14 21:04:32 1716 1 Status: Connected
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:32 1716 1 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:32 1716 1 Trace: Measured latency of 88 ms
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::FileTransfer()
2013-01-14 21:04:32 1716 1 Status: Starting upload of F:\! Test Folder\UploadTest1.txt
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::ChangeDirSend()
2013-01-14 21:04:32 1716 1 Command: CWD /var/www/html
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:32 1716 1 Response: 250 Directory successfully changed.
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::ResetOperation(0)
2013-01-14 21:04:32 1716 1 Trace: CControlSocket::ResetOperation(0)
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::ParseSubcommandResult(0)
2013-01-14 21:04:32 1716 1 Trace: FileTransferSubcommandResult()
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:32 1716 1 Trace: FileTransferSend()
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:32 1716 1 Command: TYPE A
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:32 1716 1 Response: 200 Switching to ASCII mode.
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:32 1716 1 Command: PASV
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:32 1716 1 Response: 227 Entering Passive Mode (192,168,15,5,95,47).
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:32 1716 1 Command: STOR UploadTest1.txt
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:32 1716 1 Response: 553 Could not create file.
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::ResetOperation(2)
2013-01-14 21:04:32 1716 1 Trace: CControlSocket::ResetOperation(2)
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::ParseSubcommandResult(2)
2013-01-14 21:04:32 1716 1 Trace: FileTransferSubcommandResult()
2013-01-14 21:04:32 1716 1 Trace: CFtpControlSocket::ResetOperation(2)
2013-01-14 21:04:32 1716 1 Trace: CControlSocket::ResetOperation(6)
2013-01-14 21:04:32 1716 1 Error: Critical file transfer error
2013-01-14 21:04:36 1716 1 Trace: CFtpControlSocket::FileTransfer()
2013-01-14 21:04:36 1716 1 Status: Starting upload of F:\! Test Folder\UploadTest2.txt
2013-01-14 21:04:36 1716 1 Trace: CFtpControlSocket::ParseSubcommandResult(0)
2013-01-14 21:04:36 1716 1 Trace: FileTransferSubcommandResult()
2013-01-14 21:04:36 1716 1 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:36 1716 1 Trace: FileTransferSend()
2013-01-14 21:04:36 1716 1 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:36 1716 1 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:36 1716 1 Command: PASV
2013-01-14 21:04:36 1716 1 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:36 1716 1 Response: 227 Entering Passive Mode (192,168,15,5,59,176).
2013-01-14 21:04:36 1716 1 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:36 1716 1 Trace: CFtpControlSocket::SendNextCommand()
2013-01-14 21:04:36 1716 1 Trace: CFtpControlSocket::TransferSend()
2013-01-14 21:04:36 1716 1 Command: STOR UploadTest2.txt
2013-01-14 21:04:36 1716 1 Trace: CFtpControlSocket::OnReceive()
2013-01-14 21:04:36 1716 1 Response: 553 Could not create file.
2013-01-14 21:04:36 1716 1 Trace: CFtpControlSocket::TransferParseResponse()
2013-01-14 21:04:36 1716 1 Trace: CFtpControlSocket::ResetOperation(2)
2013-01-14 21:04:36 1716 1 Trace: CControlSocket::ResetOperation(2)
2013-01-14 21:04:36 1716 1 Trace: CFtpControlSocket::ParseSubcommandResult(2)
2013-01-14 21:04:36 1716 1 Trace: FileTransferSubcommandResult()
2013-01-14 21:04:36 1716 1 Trace: CFtpControlSocket::ResetOperation(2)
2013-01-14 21:04:36 1716 1 Trace: CControlSocket::ResetOperation(6)
2013-01-14 21:04:36 1716 1 Error: Critical file transfer error
 
Old 01-14-2013, 08:41 PM   #14
fakefake
LQ Newbie
 
Registered: Jan 2013
Posts: 11

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by chrism01 View Post
I think you're going to need
Code:
chcon -t public_content_rw_t <target_dir>
If it works, to make it a permanent change you'll need the semanage cmd http://linux.die.net/man/8/semanage

Something like
Code:
semanage fcontext -a -t public_content_rw_t <target_dir>
Oops, when I try change file command you suggested above I get:

Code:
[root@localhost ~]# chcon -t public_content_rw_t <target_dir>
-bash: syntax error near unexpected token `newline'
On a whim, I also tried changing your <target_dir> text to my actual target directroy in case that is how it is executed:
Quote:
[root@localhost ~]# chcon -t public_content_rw_t </var/www/html/>
-bash: syntax error near unexpected token `newline'
What am I doing wrong?
 
Old 01-15-2013, 01:15 AM   #15
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,360

Rep: Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751
Don't use < & > chars; that's just a typing format to show you that you should substitute your value there; in other words
Code:
chcon -t public_content_rw_t /var/www/html
You will also need to turn on at least one of those booleans eg post #8.
This may also be useful Chap 44 http://www.linuxtopia.org/online_boo...ion/index.html
 
  


Reply
Page 1 of 2 1 2



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I allow ftp uploads via windows explorer? NirvanaBaby Linux - Server 1 08-31-2011 01:32 AM
FTP uploads hang moodah Linux - Server 4 02-27-2011 11:16 PM
Email Alert for ftp uploads amol0009in_7 Linux - Server 1 09-16-2010 05:57 AM
Is there an ftp program that allows for multi-thread ftp uploads ? Want faster upload brjoon1021 Linux - Software 4 02-04-2009 06:28 PM
ftp guest uploads simon Linux - Networking 2 08-09-2001 03:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:34 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration