Bug 625498

Summary: ftpd_selinux man page anonymous upload does not work
Product: Red Hat Enterprise Linux 5 Reporter: David Duffey <david.duffey>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: low    
Version: 5.4CC: david.duffey, ghacker, mmalik
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
The ftpd_selinux manual page describes how to allow FTP servers to read from and write to the /var/ftp/incoming/ directory. However, these instructions contained an error, and running the restorecon command with the recommended command line options did not produce the expected results. With this update, the manual page has been corrected, and no longer contains misleading information.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-01-13 21:50:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Duffey 2010-08-19 16:13:06 UTC 
Description of problem:

to enable anonymous uploads, the
man ftpd_selinux says to update the file says to update the file context
database, and then run restorecon.  If run as suggested, the restorecon
command will not set the type to "public_content_rw_t" because the
"/var/ftp/incoming" directory already has a customizable type.

Steps to Reproduce:
1. Install vsftpd
2. Edit vsftpd.conf to enable anonymous uploads
3. mkdir /var/ftp/incoming
4. read and follow the ftpd_selinux man page
   (set a boolean, semanage fcontext, restorecon)

Actual results:

/var/ftp/incoming remain "public_content_t"

Expected results:

/var/ftp/incoming should be "public_content_rw_t"

The fix:

add the "-F" option to restorecon in ftpd_selinux man page
to force it to set to public_content_rw_t.
Comment 2 Miroslav Grepl 2010-09-09 13:06:35 UTC 
Fixed in selinux-policy-2.4.6-283.el5.noarch
Comment 5 Jaromir Hradilek 2011-01-05 16:19:18 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The ftpd_selinux manual page describes how to allow FTP servers to read from and write to the /var/ftp/incoming/ directory. However, these instructions contained an error, and running the restorecon command with the recommended command line options did not produce the expected results. With this update, the manual page has been corrected, and no longer contains misleading information.
Comment 7 errata-xmlrpc 2011-01-13 21:50:17 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0026.html