Skip to main content

selinux not allowing vsftpd accessing homedir

enabling selinux policy for ftp access

check the current status of selinux policy :
# getenforce

check the ftp policy status :
# getsebool -a | grep ftp

which usually returns the following output :


allow_ftpd_anon_write –> off
allow_ftpd_full_access –> off
allow_ftpd_use_cifs –> off
allow_ftpd_use_nfs –> off
allow_tftp_anon_write –> off
ftp_home_dir --> off                              (change that to on)                                                                      
ftpd_disable_trans –> off
ftpd_is_daemon –> on
httpd_enable_ftp_server –> off
tftpd_disable_trans –> off


to change selinux policy to allow vsftpd accessing homedir
 type the command below in terminal

# setsebool -P ftp_home_dir=1

source :
http://docs.fedoraproject.org/en-US/Fedora/13/html/Managing_Confined_Services/chap-Managing_Confined_Services-File_Transfer_Protocol.html

http://www.gnutoolbox.com/solved-500-oops-change-directoryhomeuser-vsftp-centos/
Labels:

Comments

Post a Comment

Popular posts from this blog

about gigabyte NIC onboard not detected on enterprise linux distribution

on several gigabyte motherboard, onboard network interface card  will not be detected on enterprise linux distribution (e.g. scientific linux, oracle linux server, etc). alternatively you must supply add-on card. or if you insist to use the onboard card, you must install the unofficial nic driver. this is tutorial how to install driver for onboard network interface card GIGABYTE first of all prepare your system. make sure it has package group "Development Tools" installed. if it has not, install it # yum groupinstall “Development Tools” download the source code : https://www.dropbox.com/s/na91bu4az4p9827/AR81Family-linux-v1.0.1.14.tar.gz extract the source code : # tar zxvf AR81Family-linux1.0.1.14.tar.gz the extraction process will make the new directory "AR81Family*", change to the directory # cd AR81Family* compile the source by type on terminal : # make then, # make install wait until the compiling process finish. next make the new scrip...
2 comments
Read more

about getsebool and setsebool

The setsebool is used to set SELinux boolean value i.e. various configurations can be enabled or disabled using this tool. In other words, the setsebool command switches on and off the protection of SELinux. Type getsebool -a to see all such options which can be enabled or disabled at run time: e.g. # getsebool -a The following should give you a complete listing of all the vsftpd switches: e.g.  # getsebool -a | grep ftp  For example, if httpd_disable_trans set to 1, it will disable SELinux protection for  Apache web server. To disable it, enter:  # setsebool -P httpd_can_network_connect=1 To enable it, enter:    # setsebool -P httpd_can_network_connect=0
3 comments
Read more

All certification

Post a Comment
Read more