Solved

Fedora 9:  Selinux policy is preventing the ftp deamon from writing to apublic directory

Posted on 2008-10-19
2
1,494 Views
Last Modified: 2013-12-06
I am trying to upload a file from Windows Vista smart to my fedora server and my server is giving me the message:

SElinux AVC denial:
 Selinux policy is preventing the ftp deamon from writing to a public directory

the I am given more detailed description:

" Summary:

SELinux policy is preventing the ftp daemon from writing to a public directory.

Detailed Description:

SELinux policy is preventing the ftp daemon from writing to a public directory.
If ftpd is not setup to allow anonymous writes, this could signal a intrusion
attempt.

Allowing Access:

If the ftp daemon should be allowed to write to this directory you need to turn
on the allow_ftpd_anon_write boolean and change the file context of the public
directory to public_content_rw_t. Read the ftpd_selinux man page for further
information: "setsebool -P allow_ftpd_anon_write=1; chcon -t public_content_rw_t
"

Fix Command:

setsebool -P allow_ftpd_anon_write=1

Additional Information:

Source Context                system_u:system_r:ftpd_t:s0
Target Context                unconfined_u:object_r:public_content_t:s0
Target Objects                ./incoming [ dir ]
Source                        vsftpd
Source Path                   /usr/sbin/vsftpd
Port                          <Unknown>
Host                          ftpserver
Source RPM Packages           vsftpd-2.0.6-3.fc9
Target RPM Packages          
Policy RPM                    selinux-policy-3.3.1-42.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_ftpd_anon_write
Host Name                     ftpserver
Platform                      Linux ftpserver 2.6.25-14.fc9.i686 #1 SMP Thu May
                              1 06:28:41 EDT 2008 i686 i686
Alert Count                   472
First Seen                    Sun 19 Oct 2008 01:06:35 PM EDT
Last Seen                     Sun 19 Oct 2008 02:12:36 PM EDT
Local ID                      ba87e2e0-138c-4c42-bdf5-a34101005af8
Line Numbers                  

         
"


Where should I enable this function ?????

0
Comment
Question by:iskibinska
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Expert Comment

by:ifreq
ID: 22753385
Run it from the commandline on your Fedora server as Root-user:

setsebool -P allow_ftpd_anon_write=1



setsebool(8)          SELinux Command Line documentation          setsebool(8)

NAME
       setsebool - set SELinux boolean value

SYNOPSIS
       setsebool [ -P ] boolean value | bool1=val1 bool2=val2 ...

DESCRIPTION
       setsebool  sets the current state of a particular SELinux boolean or a list of booleans to a
       given value. The value may be 1 or true or on to enable the boolean, or 0 or false or off to
       disable it.

       Without  the  -P  option,  only the current boolean value is affected; the boot-time default
       settings are not changed.

       If the -P option is given, all pending values are written to the policy  file  on  disk.  So
       they will be persistant across reboots.

AUTHOR
       This  manual  page was written by Dan Walsh <dwalsh@redhat.com>.  The program was written by
       Tresys Technology.

SEE ALSO
       getsebool(8), booleans(8), togglesebool(8)
0
 
LVL 12

Accepted Solution

by:
hfraser earned 500 total points
ID: 22754208
Be certain this is what you want to do. From a security standpoint, anonymous FTP access is usually limited to read only; write acces requires an authenticated user, both to control access to resources on your server, and to provide an audit trail for the access. Hence the standard FTP policy.

If you decide to do authenticated access, there are plenty of ways create an environment where both the Linux systems and the Windows Vista share a single user space (one set of accounts for all systems) so that you don't have to worry about managing separate accounts on different platforms.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This document is written for Red Hat Enterprise Linux AS release 4 and ORACLE 10g.  Earlier releases can be installed using this document as well however there are some additional steps for packages to be installed see Metalink. Disclaimer: I hav…
You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question