Solved

Fedora 9:  Selinux policy is preventing the ftp deamon from writing to apublic directory

Posted on 2008-10-19
2
1,492 Views
Last Modified: 2013-12-06
I am trying to upload a file from Windows Vista smart to my fedora server and my server is giving me the message:

SElinux AVC denial:
 Selinux policy is preventing the ftp deamon from writing to a public directory

the I am given more detailed description:

" Summary:

SELinux policy is preventing the ftp daemon from writing to a public directory.

Detailed Description:

SELinux policy is preventing the ftp daemon from writing to a public directory.
If ftpd is not setup to allow anonymous writes, this could signal a intrusion
attempt.

Allowing Access:

If the ftp daemon should be allowed to write to this directory you need to turn
on the allow_ftpd_anon_write boolean and change the file context of the public
directory to public_content_rw_t. Read the ftpd_selinux man page for further
information: "setsebool -P allow_ftpd_anon_write=1; chcon -t public_content_rw_t
"

Fix Command:

setsebool -P allow_ftpd_anon_write=1

Additional Information:

Source Context                system_u:system_r:ftpd_t:s0
Target Context                unconfined_u:object_r:public_content_t:s0
Target Objects                ./incoming [ dir ]
Source                        vsftpd
Source Path                   /usr/sbin/vsftpd
Port                          <Unknown>
Host                          ftpserver
Source RPM Packages           vsftpd-2.0.6-3.fc9
Target RPM Packages          
Policy RPM                    selinux-policy-3.3.1-42.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_ftpd_anon_write
Host Name                     ftpserver
Platform                      Linux ftpserver 2.6.25-14.fc9.i686 #1 SMP Thu May
                              1 06:28:41 EDT 2008 i686 i686
Alert Count                   472
First Seen                    Sun 19 Oct 2008 01:06:35 PM EDT
Last Seen                     Sun 19 Oct 2008 02:12:36 PM EDT
Local ID                      ba87e2e0-138c-4c42-bdf5-a34101005af8
Line Numbers                  

         
"


Where should I enable this function ?????

0
Comment
Question by:iskibinska
2 Comments
 
LVL 5

Expert Comment

by:ifreq
ID: 22753385
Run it from the commandline on your Fedora server as Root-user:

setsebool -P allow_ftpd_anon_write=1



setsebool(8)          SELinux Command Line documentation          setsebool(8)

NAME
       setsebool - set SELinux boolean value

SYNOPSIS
       setsebool [ -P ] boolean value | bool1=val1 bool2=val2 ...

DESCRIPTION
       setsebool  sets the current state of a particular SELinux boolean or a list of booleans to a
       given value. The value may be 1 or true or on to enable the boolean, or 0 or false or off to
       disable it.

       Without  the  -P  option,  only the current boolean value is affected; the boot-time default
       settings are not changed.

       If the -P option is given, all pending values are written to the policy  file  on  disk.  So
       they will be persistant across reboots.

AUTHOR
       This  manual  page was written by Dan Walsh <dwalsh@redhat.com>.  The program was written by
       Tresys Technology.

SEE ALSO
       getsebool(8), booleans(8), togglesebool(8)
0
 
LVL 12

Accepted Solution

by:
hfraser earned 500 total points
ID: 22754208
Be certain this is what you want to do. From a security standpoint, anonymous FTP access is usually limited to read only; write acces requires an authenticated user, both to control access to resources on your server, and to provide an audit trail for the access. Hence the standard FTP policy.

If you decide to do authenticated access, there are plenty of ways create an environment where both the Linux systems and the Windows Vista share a single user space (one set of accounts for all systems) so that you don't have to worry about managing separate accounts on different platforms.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OMD/Nagios not working after fresh install 12 269
Linux Login using LDAP or Active Directory 4 127
need a quick help to fix the script logic 4 71
linux redhat 7.2 10 74
Users are often faced with high disk consumption without really knowing where the largest amount of data resides. Disk Usage Analyzer (aka Baobab) is is a graphical, menu-driven application to analyse disk usage in any Gnome environment and can e…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question