I've got an FTP server running FC5 (2.6.15-1_2054) and VSFTPD. I built it ages ago but it wasn't required until now so hadn't been fully tested. But now I'm having some issues with SELinux that I'd like to get to the bottom of. It works, in as much as I can log in and shuffle files around happily but I had to set SELinux to permissive and I'd like to get to the bottom of the warning messages. It is a web-facing server (albeit behind a couple of firewalls) so I would like to have SELinux enforcing policy.
When I log on via FTP, the console shows:
Code:
audit(1185428245.177:189): avc: denied {write } for pid=3236 comm="vsftpd"
name="user1" dev=sdb2 ino=6062081 scontext=system_u:system_r:ftpd_t:s0
tcontext=root:object_r:file_t:s0 tclass=dir
When I 'put' a file onto the server, the console shows:
Code:
audit(1185426425.063:177): avc: denied { append } for pid=3092 comm="vsftpd"
name="myfile.txt" dev=sdb2 ino=6062083 scontext=system_u:system_r:ftpd_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=file
Code:
audie(1185426425.075:178): avc" denied {write } for pid=3092 comm="vsftpd"
name="myfile.txt" dev=sdb2 ino=6062083 scontext=system_u:system_r:ftpd_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=file
When I try to delete the file, I get a message like the second one above.
FTP is configured to lock users into their home directories, which exist under /ftp (which is actually a seperate hard disk /dev/sdb2 mounted under /mnt but I don't think that matters?). An 'ls -allZ' for /ftp shows:
Code:
drwxr-xr-x root root system_u:object_r:ftpd_t ftp
(I tried changing the owner of the FTP directory to ftp:ftp but it made no difference.)
I've tried to read up on SELinux but .... well .... I get the principle of it but a lot of the actual workings are going whoooosh! over my head at the moment.
Can anyone offer any advice?