Bug 625498 - ftpd_selinux man page anonymous upload does not work
Summary: ftpd_selinux man page anonymous upload does not work
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy
Version: 5.4
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: Milos Malik
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-19 16:13 UTC by David Duffey
Modified: 2011-01-13 21:50 UTC (History)
3 users (show)

(edit)
The ftpd_selinux manual page describes how to allow FTP servers to read from and write to the /var/ftp/incoming/ directory. However, these instructions contained an error, and running the restorecon command with the recommended command line options did not produce the expected results. With this update, the manual page has been corrected, and no longer contains misleading information.
Clone Of:
(edit)
Last Closed: 2011-01-13 21:50:17 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0026 normal SHIPPED_LIVE selinux-policy bug fix and enhancement update 2011-01-12 16:11:15 UTC

Description David Duffey 2010-08-19 16:13:06 UTC
Description of problem:

to enable anonymous uploads, the
man ftpd_selinux says to update the file says to update the file context
database, and then run restorecon.  If run as suggested, the restorecon
command will not set the type to "public_content_rw_t" because the
"/var/ftp/incoming" directory already has a customizable type.

Steps to Reproduce:
1. Install vsftpd
2. Edit vsftpd.conf to enable anonymous uploads
3. mkdir /var/ftp/incoming
4. read and follow the ftpd_selinux man page
   (set a boolean, semanage fcontext, restorecon)

Actual results:

/var/ftp/incoming remain "public_content_t"

Expected results:

/var/ftp/incoming should be "public_content_rw_t"

The fix:

add the "-F" option to restorecon in ftpd_selinux man page
to force it to set to public_content_rw_t.

Comment 2 Miroslav Grepl 2010-09-09 13:06:35 UTC
Fixed in selinux-policy-2.4.6-283.el5.noarch

Comment 5 Jaromir Hradilek 2011-01-05 16:19:18 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The ftpd_selinux manual page describes how to allow FTP servers to read from and write to the /var/ftp/incoming/ directory. However, these instructions contained an error, and running the restorecon command with the recommended command line options did not produce the expected results. With this update, the manual page has been corrected, and no longer contains misleading information.

Comment 7 errata-xmlrpc 2011-01-13 21:50:17 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0026.html


Note You need to log in before you can comment on or make changes to this bug.