SELinux is preventing the ftp daemon from writing files outside the
home directory (pure-ftpd).
Detailed Description
SELinux has denied the ftp daemon write access to directories
outside the home directory (pure-ftpd). Someone has logged in via your
ftp daemon and is trying to create or write a file. If you only setup
ftp to allow anonymous ftp, this could signal a intrusion attempt.
Allowing Access
If you do not want SELinux preventing ftp from writing files
anywhere on the system you need to turn on the allow_ftpd_full_access
boolean:
"setsebool -P allow_ftpd_full_access=1"
The following command will allow this access:
setsebool -P allow_ftpd_full_access=1
But what if I want access only to specific folders not covered under "home directories" ?
ReplyDeleteI want to access /var/www (apache document root se context is httpd_sys_content_t) through FTP but telling selinux to allow full FTP access just for accessing one folder isn't secure, isn't it ?