Solved

Fedora 9:  Selinux policy is preventing the ftp deamon from writing to apublic directory

Posted on 2008-10-19
2
1,491 Views
Last Modified: 2013-12-06
I am trying to upload a file from Windows Vista smart to my fedora server and my server is giving me the message:

SElinux AVC denial:
 Selinux policy is preventing the ftp deamon from writing to a public directory

the I am given more detailed description:

" Summary:

SELinux policy is preventing the ftp daemon from writing to a public directory.

Detailed Description:

SELinux policy is preventing the ftp daemon from writing to a public directory.
If ftpd is not setup to allow anonymous writes, this could signal a intrusion
attempt.

Allowing Access:

If the ftp daemon should be allowed to write to this directory you need to turn
on the allow_ftpd_anon_write boolean and change the file context of the public
directory to public_content_rw_t. Read the ftpd_selinux man page for further
information: "setsebool -P allow_ftpd_anon_write=1; chcon -t public_content_rw_t
"

Fix Command:

setsebool -P allow_ftpd_anon_write=1

Additional Information:

Source Context                system_u:system_r:ftpd_t:s0
Target Context                unconfined_u:object_r:public_content_t:s0
Target Objects                ./incoming [ dir ]
Source                        vsftpd
Source Path                   /usr/sbin/vsftpd
Port                          <Unknown>
Host                          ftpserver
Source RPM Packages           vsftpd-2.0.6-3.fc9
Target RPM Packages          
Policy RPM                    selinux-policy-3.3.1-42.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_ftpd_anon_write
Host Name                     ftpserver
Platform                      Linux ftpserver 2.6.25-14.fc9.i686 #1 SMP Thu May
                              1 06:28:41 EDT 2008 i686 i686
Alert Count                   472
First Seen                    Sun 19 Oct 2008 01:06:35 PM EDT
Last Seen                     Sun 19 Oct 2008 02:12:36 PM EDT
Local ID                      ba87e2e0-138c-4c42-bdf5-a34101005af8
Line Numbers                  

         
"


Where should I enable this function ?????

0
Comment
Question by:iskibinska
2 Comments
 
LVL 5

Expert Comment

by:ifreq
ID: 22753385
Run it from the commandline on your Fedora server as Root-user:

setsebool -P allow_ftpd_anon_write=1



setsebool(8)          SELinux Command Line documentation          setsebool(8)

NAME
       setsebool - set SELinux boolean value

SYNOPSIS
       setsebool [ -P ] boolean value | bool1=val1 bool2=val2 ...

DESCRIPTION
       setsebool  sets the current state of a particular SELinux boolean or a list of booleans to a
       given value. The value may be 1 or true or on to enable the boolean, or 0 or false or off to
       disable it.

       Without  the  -P  option,  only the current boolean value is affected; the boot-time default
       settings are not changed.

       If the -P option is given, all pending values are written to the policy  file  on  disk.  So
       they will be persistant across reboots.

AUTHOR
       This  manual  page was written by Dan Walsh <dwalsh@redhat.com>.  The program was written by
       Tresys Technology.

SEE ALSO
       getsebool(8), booleans(8), togglesebool(8)
0
 
LVL 12

Accepted Solution

by:
hfraser earned 500 total points
ID: 22754208
Be certain this is what you want to do. From a security standpoint, anonymous FTP access is usually limited to read only; write acces requires an authenticated user, both to control access to resources on your server, and to provide an audit trail for the access. Hence the standard FTP policy.

If you decide to do authenticated access, there are plenty of ways create an environment where both the Linux systems and the Windows Vista share a single user space (one set of accounts for all systems) so that you don't have to worry about managing separate accounts on different platforms.
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This document is written for Red Hat Enterprise Linux AS release 4 and ORACLE 10g.  Earlier releases can be installed using this document as well however there are some additional steps for packages to be installed see Metalink. Disclaimer: I hav…
The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now