Tuesday, September 2, 2008

Disable SELinux for FTP Daemon

SELinux is preventing the ftp daemon from writing files outside the
home directory (pure-ftpd).

Detailed Description
SELinux has denied the ftp daemon write access to directories
outside the home directory (pure-ftpd). Someone has logged in via your
ftp daemon and is trying to create or write a file. If you only setup
ftp to allow anonymous ftp, this could signal a intrusion attempt.

Allowing Access
If you do not want SELinux preventing ftp from writing files
anywhere on the system you need to turn on the allow_ftpd_full_access
boolean:
"setsebool -P allow_ftpd_full_access=1"

The following command will allow this access:
setsebool -P allow_ftpd_full_access=1

1 comment:

  1. But what if I want access only to specific folders not covered under "home directories" ?
    I want to access /var/www (apache document root se context is httpd_sys_content_t) through FTP but telling selinux to allow full FTP access just for accessing one folder isn't secure, isn't it ?

    ReplyDelete