Fedora Servers :: SELinux Is Preventing /usr/sbin/vsftpd "net_raw" Access
Dec 31, 2009
I receive the message "SELinux is preventing /usr/sbin/vsftpd "net_raw" access" many times. Found this bug at redhat but really do not understand what i should do about it ((( Kindly let me know how to change this to normal. Shut down Selinux is not the way out.
I went to print something and I get this message: Summary: SELinux is preventing access to files with the default label, default_t.
Detailed Description: SELinux permission checks on files labeled default_t are being denied. These files/directories have the default label on them. This can indicate a labeling problem, especially if the files being referred to are not top level directories. Any files/directories under standard system directories, /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. The default label is for files/directories which do not have a label on a parent directory. So if you create a new directory in / you might legitimately get this label.
I'd like to grant /usr/sbin/sendmail.sendmail "connectto" access to the unix_stream_socket /var/lib/imap/socket/lmtp.How do I do that?I want to eliminate error messages that keep appearing in my message log:
/var/log/messages:Jan 13 11:45:29 e setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from connectto access on the unix_stream_socket /var/lib/imap/socket/lmtp. For complete SELinux messages. run sealert -l 05df828f-4402-
- Newly installed Fedora 14- Firefox 3.6.12- All latest Fedora updates installed- Denial occured after the installation of jre1.6.0_22 from here - Linux (self-extracting file) and creating symbolic links as follows;
My Fedora box is giving me an SELinux security error:
SELinux is preventing the samba daemon from reading users' home directories.
SELinux has denied the samba daemon access to users' home directories. Someone is attempting to access your home directories via your samba daemon. If you only setup samba to share non-home directories, this probably signals an intrusion attempt. For more information on SELinux integration with samba, look at the samba_selinux man page. (man samba_selinux)
Allowing Access: If you want samba to share home directories you need to turn on the samba_enable_home_dirs boolean: "setsebool -P samba_enable_home_dirs=1"
You can find a list of all the booleans for SELinux (Fedora 10) using getsebool -a My question is, is there a reference online that describes each one. Most of obvious but it's one of those "I have to know because it's there situation).
1- I've set up 3 virtual users,one of them is a system one (with a different password) and writes on his own home folder. With this one I haven't found any problems yet, but with the other 2 users I can't access files/folders created by them. It's a permissions problem for sure, but I'm not sure how to correct it.With these users I can upload files, create files and create folders. The problem is I can't access what I create (I can't enter a folder I created but it is there and I can upload files into it).
2- Whenever I turn on ssl_enable=YES I can't access the server (even from the server itself when I connect to localhost, It's a regular Ubuntu installation).Here's the config file for the users:
I'm able to connect to ftp as a virtual user. It was also difficult as nowhere mentioned, that it should be done with SSL. Anyway I found the answer and got connection. But now I can't connect to ftp server as system user. It gives me "530 Permission denied", or if I delete the user from the file denied_users, - "530 Login incorrect".
1. Still I can't understand, how I can log in to FTP server with a system user.Also some other questions regarding this matter:
2. My httpd server Apache has a virtual hosts located in "/home" directory.The scripts create users in "/var/ftp virtual_users". Will it cause any problem if I will change them to "/home"? All I need to do with this is ability to have several virtual hosts in one server with separate access to each of them via FTP. And 1 account with access to all files in "/home".
3. In my ftp client I can see the owner of virtual host "ftp" instead of username.
I am trying to install VSFTPD on my Fedora instance of Linux. I have a Wordpress blog that I want to access through FTP. I did an install on VSFTPD and am kind of stuck. I try to FTP into my IP through [URL]
i have problem with samba share everytime when i want to browse shared folders on fedora machine from windows i always get this msg (SELinux is preventing samba (smbd) "getattr" to /proc/fs/nfsd (nfsd_fs_t).)here is my selinuxlog
SELinux is preventing samba (smbd) "getattr" to /proc/fs/nfsd (nfsd_fs_t). %
I recently had three problems with SELinux: httpd_unify - SELinux prevented my web server from having write access. ftp_home_dir - SELinux prevented my virtual users from connecting to their home directory. textrel_shlib_t - SELinux prevented two separate Unreal Tournament 2.5 mods from running. The troubleshooter did not notify me of any of these problems. I finally figured out how to fix them on my own and did. CentOS had a very concise, albeit excessive SELinux troubleshooter that involved notifying you of every single problem on your server multiple times. Still, I would rather be spammed with notifications than receive none at all.
If I had not switched from a CentOS box, I would not know the chcon command to set textrel_shlib_t to my mods, as I cannot do it in the SELinux Administration without making it global. How do I fix the troubleshooter to report?
I am in a class called Linux System Administration and we are setting up Fedora 8 as a server. Per the class instructions, I have changed the default runlevel to 3 so the system always boots to a command line. The instructions say log in with your regular user account [I KNOW HOW TO DO THIS] and use the startx command to load GNOME. [I HAVE NO IDEA HOW TO DO THIS]
I searched the Internet and the text book, but found nothing I could understand.
I don't think it has anything to do with the config file. More to do with SElinux. I need to know how to configure SElinux so I can see my samba share when SELinux is on. When I setenforce 0 I can seen all the files and folders set it to setenforce 1 cannot see anything.
Here is the output when I ran [root@fileserver /]# getsebool -a | grep smb allow_smbd_anon_write --> on smbd_disable_trans --> on
These two options were off I tried turning them on.
This is another one of the commands I tried running. I did change a few options but I am not sure which I do need to change. I am running a stand alone server so I don't need the DC option.
[root@fileserver /]# getsebool -a | grep samba samba_domain_controller --> off samba_enable_home_dirs --> off samba_export_all_ro --> on samba_export_all_rw --> off samba_share_nfs --> off use_samba_home_dirs --> on
I configure named and stumble upon the following problem: named is serious about user rights, every config file named uses should be named:named. I set rights to named:named as follows, but they get changed to root:named when I restart named as root. The same thing happens with SELinux context. This results in access denied type errors.
i've set a server Fedora 11 using Vsftpd + database berkley + ssl 'certificate) he works perfectly. So i wanted to set a new one on Fedora 14, there is the problem..On my fedora 14, i tryed to use the configuration file that i've made on the F11 but withtout success. It seems that when i activate the SSL option on the server it does not want to start anymore... and i have no errors messages. I notice that when i desactivate the SSL "ssl_enable=NO" my server on F14 can start normaly.
I'm rather new to Fedora server, but I'm attempting to run a music FTP server, where anonymous users can submit songs into one particular folder (so i can personally tag them), while other user accounts have full read-write. Here we go: I 2 directories, /music and /untagged
I want anonymous users to be able to read both directories, but only be able to upload to /untagged, and not be able to delete anything. I want users that I select to have full read-write-create-delete privileges. how would I go about this with vsftpd?
Vsftpd virtual users, when a user connects via of ftp they can view all files in the file system. Have a virtual web server and vsftpd working, each user's username is their domain name. FTP works, but not the way I wish for it to work. I only wish for a user to be able to view the files under their username, not the entire Fedora file system and limit changes to files ONLY under their domain name.
I am running vsftpd-2.2.2-3 on my Fedora 12 box. This box has multiple IPs. What I am looking for is make vsftpd listen on those multiple IPs and when a user FTPs to a certain IP, they get landed to the home directory that has been configured for the IP.
This feature is there in Proftpd and is called virtual hosting. I tried to find for Vsftpd such feature, but couldn't find out exactly how to implement in it. how to implement virtual hosting in Vsftpd?
I have installed Fedora Core 11 with SELinux enforcing.It appears (via log files) that if I use a .forward file in the home directory for root that SELinux prevents the use of this mechanism for forwarding e-mail.Is there a way to continue to use SELinux and be able to forward root's e-mail to an outside account?
I am trying to lock down our application and server with iptables. Anybody have any idea how to prevent accesses to the application from another application? Basically I opened up the ports 80 and 443 for the application server. However, the application points to other apps (ie. database, ldap). I want to limit what it can connect to or who can connect to it. Bascially I can limit who connects to the server itself but the application can still get input from outside servers.