Red Hat Bugzilla – Bug 976697
SELinux is preventing /usr/sbin/vsftpd from 'unlink' accesses on the file title.php.
Last modified: 2013-06-22 07:05:32 EDT
Description of problem: I want to install theme in word press. SELinux is preventing /usr/sbin/vsftpd from 'unlink' accesses on the file title.php. ***** Plugin allow_anon_write (91.4 confidence) suggests ******************* If you want to allow /usr/sbin/vsftpd to be able to write to shared public content Then you need to change the label on title.php to public_content_rw_t, and potentially turn on the allow_httpd_sys_script_anon_write boolean. Do # semanage fcontext -a -t public_content_rw_t title.php # restorecon -R -v title.php # setsebool -P allow_ftpd_anon_write 1 ***** Plugin catchall (9.59 confidence) suggests *************************** If you believe that vsftpd should be allowed unlink access on the title.php file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep vsftpd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:ftpd_t:s0-s0:c0.c1023 Target Context system_u:object_r:public_content_t:s0 Target Objects title.php [ file ] Source vsftpd Source Path /usr/sbin/vsftpd Port <Unknown> Host (removed) Source RPM Packages vsftpd-3.0.0-2.fc17.i686 Target RPM Packages Policy RPM selinux-policy-3.10.0-169.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.8.13-100.fc17.i686.PAE #1 SMP Mon May 13 13:45:03 UTC 2013 i686 i686 Alert Count 1 First Seen 2013-06-21 13:36:04 IST Last Seen 2013-06-21 13:36:04 IST Local ID 293c10dd-de73-4d49-8dd6-3d36eca4bc93 Raw Audit Messages type=AVC msg=audit(1371801964.299:427): avc: denied { unlink } for pid=5567 comm="vsftpd" name="title.php" dev="dm-1" ino=1582023 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:public_content_t:s0 tclass=file type=SYSCALL msg=audit(1371801964.299:427): arch=i386 syscall=unlink success=no exit=EACCES a0=b81a3208 a1=bfdf8398 a2=b774dac8 a3=b774e518 items=0 ppid=5562 pid=5567 auid=4294967295 uid=1001 gid=100 euid=1001 suid=1001 fsuid=1001 egid=100 sgid=100 fsgid=100 ses=4294967295 tty=(none) comm=vsftpd exe=/usr/sbin/vsftpd subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null) Hash: vsftpd,ftpd_t,public_content_t,file,unlink audit2allow #============= ftpd_t ============== #!!!! This avc is allowed in the current policy allow ftpd_t public_content_t:file unlink; audit2allow -R #============= ftpd_t ============== #!!!! This avc is allowed in the current policy allow ftpd_t public_content_t:file unlink; Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.i686.PAE type: libreport
The avc told you what to do, where is title.php located.
Hi Daniel, Thanks for reply. title.php is extracted by apache when i am installing theme. Apache automatically creating extracting zip files contents. Please suggest me what command should i run in terminal so that it will not create problem.
What is the path? public_content_rw_t is what it should be labeled. Take a look at the man ftpd_selinux man page under SHARING FILES
Hi Daniel, Path is /var/www/html/webproffen.no/wp-content/ Apache will extract and install theme in above dir.
# semanage fcontext -a -t public_content_rw_t '/var/www/html/webproffen.no/wp-content(/.*)?' # restorecon -R -v /var/www/html/webproffen.no/wp-content # setsebool -P httpd_anon_write=1 ftpd_anon_write=1 Should setup the directory so that both apache and ftpd can write to it.