Bug 157873 - Can't login with ftp client to users home directories
Can't login with ftp client to users home directories
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-05-16 13:12 EDT by David Bentley
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 1.25.4-10.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-15 11:58:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description David Bentley 2005-05-16 13:12:18 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7.8) Gecko/20050512 Fedora/1.0.4-2 Firefox/1.0.4

Description of problem:
Having read the man ftpd_selinux page I can get
anonymous ftp to work (only tested read only mode so
far) by typing what is suggested in a terminal window.
 
chcon -R -t ftpd_anon_t /var/ftp 

But what I cant get to work with selinux protection on
is ftp access to a users home directory just by either

using the system-config-securitylevel tool to enable
acces to home directories or by typing the following
command in a terminal window.

setsebool -P ftp_home_dir 1

When I try to login as a user with a home directory I 
get this error message at the client end after the
password is entered

Error sending status request (Operation not permitted)
Login failed.

Do you also have to use chcon to appropriatly label a 
users home directory.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.14-2

How reproducible:
Always

Steps to Reproduce:
See description

Actual Results:  See description

Expected Results:  Successful login the same as is possible when selinux protection is disabled for vsftpd.

Additional info:

Ther is an inconsistancy in the man page for ftpd_selinux as follows :-

The line after "setsebool -P ftpd_disable_trans 1"
reads "system vsftpd restart" but this when typed
produces an error.

The line should be "service vsftpd restart" presumably.
Comment 1 Daniel Walsh 2005-05-18 14:05:00 EDT
Fixed in selinux-policy-*-1.23.16-4

Note You need to log in before you can comment on or make changes to this bug.