Red Hat Bugzilla – Bug 625498
ftpd_selinux man page anonymous upload does not work
Last modified: 2011-01-13 16:50:17 EST
Description of problem:
to enable anonymous uploads, the
man ftpd_selinux says to update the file says to update the file context
database, and then run restorecon. If run as suggested, the restorecon
command will not set the type to "public_content_rw_t" because the
"/var/ftp/incoming" directory already has a customizable type.
Steps to Reproduce:
1. Install vsftpd
2. Edit vsftpd.conf to enable anonymous uploads
3. mkdir /var/ftp/incoming
4. read and follow the ftpd_selinux man page
(set a boolean, semanage fcontext, restorecon)
/var/ftp/incoming remain "public_content_t"
/var/ftp/incoming should be "public_content_rw_t"
add the "-F" option to restorecon in ftpd_selinux man page
to force it to set to public_content_rw_t.
Fixed in selinux-policy-2.4.6-283.el5.noarch
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
The ftpd_selinux manual page describes how to allow FTP servers to read from and write to the /var/ftp/incoming/ directory. However, these instructions contained an error, and running the restorecon command with the recommended command line options did not produce the expected results. With this update, the manual page has been corrected, and no longer contains misleading information.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.