This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 625498 - ftpd_selinux man page anonymous upload does not work
ftpd_selinux man page anonymous upload does not work
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.4
All Linux
low Severity medium
: rc
: ---
Assigned To: Miroslav Grepl
Milos Malik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-19 12:13 EDT by David Duffey
Modified: 2011-01-13 16:50 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The ftpd_selinux manual page describes how to allow FTP servers to read from and write to the /var/ftp/incoming/ directory. However, these instructions contained an error, and running the restorecon command with the recommended command line options did not produce the expected results. With this update, the manual page has been corrected, and no longer contains misleading information.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-01-13 16:50:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Duffey 2010-08-19 12:13:06 EDT
Description of problem:

to enable anonymous uploads, the
man ftpd_selinux says to update the file says to update the file context
database, and then run restorecon.  If run as suggested, the restorecon
command will not set the type to "public_content_rw_t" because the
"/var/ftp/incoming" directory already has a customizable type.

Steps to Reproduce:
1. Install vsftpd
2. Edit vsftpd.conf to enable anonymous uploads
3. mkdir /var/ftp/incoming
4. read and follow the ftpd_selinux man page
   (set a boolean, semanage fcontext, restorecon)

Actual results:

/var/ftp/incoming remain "public_content_t"

Expected results:

/var/ftp/incoming should be "public_content_rw_t"

The fix:

add the "-F" option to restorecon in ftpd_selinux man page
to force it to set to public_content_rw_t.
Comment 2 Miroslav Grepl 2010-09-09 09:06:35 EDT
Fixed in selinux-policy-2.4.6-283.el5.noarch
Comment 5 Jaromir Hradilek 2011-01-05 11:19:18 EST
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The ftpd_selinux manual page describes how to allow FTP servers to read from and write to the /var/ftp/incoming/ directory. However, these instructions contained an error, and running the restorecon command with the recommended command line options did not produce the expected results. With this update, the manual page has been corrected, and no longer contains misleading information.
Comment 7 errata-xmlrpc 2011-01-13 16:50:17 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0026.html

Note You need to log in before you can comment on or make changes to this bug.