I receive the message "SELinux is preventing /usr/sbin/vsftpd "net_raw" access" many times. Found this bug at redhat but really do not understand what i should do about it ((( Kindly let me know how to change this to normal. Shut down Selinux is not the way out.
View 14 Replies
I went to print something and I get this message: Summary: SELinux is preventing access to files with the default label, default_t.
Detailed Description: SELinux permission checks on files labeled default_t are being denied. These files/directories have the default label on them. This can indicate a labeling problem, especially if the files being referred to are not top level directories. Any files/directories under standard system directories, /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. The default label is for files/directories which do not have a label on a parent directory. So if you create a new directory in / you might legitimately get this label.
I'd like to grant /usr/sbin/sendmail.sendmail "connectto" access to the unix_stream_socket /var/lib/imap/socket/lmtp.How do I do that?I want to eliminate error messages that keep appearing in my message log:
/var/log/messages:Jan 13 11:45:29 e setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from connectto access on the unix_stream_socket /var/lib/imap/socket/lmtp. For complete SELinux messages. run sealert -l 05df828f-4402-
[code]....
- Newly installed Fedora 14- Firefox 3.6.12- All latest Fedora updates installed- Denial occured after the installation of jre1.6.0_22 from here - Linux (self-extracting file) and creating symbolic links as follows;
Code:
[root@Freedom opt]# ln -s /opt/jre1.6.0_22/lib/i386/libnpjp2.so /usr/lib/mozilla/plugins/
Code:
[code]....
My Fedora box is giving me an SELinux security error:
Code: Summary:
SELinux is preventing the samba daemon from reading users' home directories.
Detailed Description:
SELinux has denied the samba daemon access to users' home directories. Someone
is attempting to access your home directories via your samba daemon. If you only
setup samba to share non-home directories, this probably signals an intrusion
attempt. For more information on SELinux integration with samba, look at the
samba_selinux man page. (man samba_selinux)
Allowing Access: If you want samba to share home directories you need to turn on the
samba_enable_home_dirs boolean: "setsebool -P samba_enable_home_dirs=1"
Fix Command:
setsebool -P samba_enable_home_dirs=1
Additional Information:
Source Context system_u:system_r:smbd_t:s0
Target Context unconfined_u:object_r:user_home_dir_t:s0
Target Objects /home/micah [ dir ]
Source smbd
[code]....
This is the "alert" I've received from SElinux Alert Browser after closing "rythmbox" application that opened my CreativeZen mediaplayer:
Code:
SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sys_ptrace capability
in dmesg it has:
[code]....
You can find a list of all the booleans for SELinux (Fedora 10) using getsebool -a My question is, is there a reference online that describes each one. Most of obvious but it's one of those "I have to know because it's there situation).
View 5 Replies View RelatedI am running Postfix on my CentOS (latest) powered box with SELinux at Enforcing mode.
This is what I get each time Postfix tries to send e-mail:
Quote:SELinux is preventing postdrop (postfix_postdrop_t) "write" to pipe (initrc_t).
1- I've set up 3 virtual users,one of them is a system one (with a different password) and writes on his own home folder. With this one I haven't found any problems yet, but with the other 2 users I can't access files/folders created by them. It's a permissions problem for sure, but I'm not sure how to correct it.With these users I can upload files, create files and create folders. The problem is I can't access what I create (I can't enter a folder I created but it is there and I can upload files into it).
2- Whenever I turn on ssl_enable=YES I can't access the server (even from the server itself when I connect to localhost, It's a regular Ubuntu installation).Here's the config file for the users:
Code:
write_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES[code].....
I'm able to connect to ftp as a virtual user. It was also difficult as nowhere mentioned, that it should be done with SSL. Anyway I found the answer and got connection. But now I can't connect to ftp server as system user. It gives me "530 Permission denied", or if I delete the user from the file denied_users, - "530 Login incorrect".
1. Still I can't understand, how I can log in to FTP server with a system user.Also some other questions regarding this matter:
2. My httpd server Apache has a virtual hosts located in "/home" directory.The scripts create users in "/var/ftp virtual_users". Will it cause any problem if I will change them to "/home"? All I need to do with this is ability to have several virtual hosts in one server with separate access to each of them via FTP. And 1 account with access to all files in "/home".
3. In my ftp client I can see the owner of virtual host "ftp" instead of username.
I just downloaded Fedora 15 desktop to a USB device. I am able to boot to the device and load the desktop with errors.I receive the following:
SeLinus is preventing /usr/Libexec/colord from getting access on the blk_file /dev/dm-0
Plugin: catchall
Source Process: /usr/libexec/colord
Attempted: getattr
On this blk_file: /dev/dm-0
I also am not able to use my wireless network. This is being booted on a Dell Inspiron 1545 Vista Sp2 system with 4 gb or RAM.The wireless network connection works fine with Vista.
What are the SElinux security context type & booleans in FTP/vsftpd
View 3 Replies View Related when I try to connect to internet SELinux give my a preventing NetworkManager here is what its say:
Code:
Summary:
SELinux is preventing NetworkManager (NetworkManager_t) "getattr" to /dev/ppp
(ppp_device_t).
[Code]....
I am trying to install VSFTPD on my Fedora instance of Linux. I have a Wordpress blog that I want to access through FTP. I did an install on VSFTPD and am kind of stuck. I try to FTP into my IP through [URL]
View 2 Replies View RelatedI'm trying to setup ssh access on my Fedora 12 laptop. I get the following error message in /var/log/secure when I try to login from another machine using ssh and the login is denied:
Code:
sshd[3025]: error: Could not get shadow information for <user>
sshd[3025]: Failed password for <user> from <ip> port <port> ssh2
If I do a 'setenforce 0' I can login and no error is logged.
i have problem with samba share everytime when i want to browse shared folders on fedora machine from windows i always get this msg (SELinux is preventing samba (smbd) "getattr" to /proc/fs/nfsd (nfsd_fs_t).)here is my selinuxlog
Summary:
SELinux is preventing samba (smbd) "getattr" to /proc/fs/nfsd (nfsd_fs_t).
%
I recently had three problems with SELinux: httpd_unify - SELinux prevented my web server from having write access. ftp_home_dir - SELinux prevented my virtual users from connecting to their home directory. textrel_shlib_t - SELinux prevented two separate Unreal Tournament 2.5 mods from running. The troubleshooter did not notify me of any of these problems. I finally figured out how to fix them on my own and did. CentOS had a very concise, albeit excessive SELinux troubleshooter that involved notifying you of every single problem on your server multiple times. Still, I would rather be spammed with notifications than receive none at all.
If I had not switched from a CentOS box, I would not know the chcon command to set textrel_shlib_t to my mods, as I cannot do it in the SELinux Administration without making it global. How do I fix the troubleshooter to report?
I am using FC 10. I did an rsync to get a software Matlab from the local lan. But Matlab does not work. The error is:
Quote:
License checkout failed.
License Manager Error -96
MATLAB is unable to connect to the license server.
[code]....
I have set SELinux as Permissive for the current enforcing mode, while the default enforcing mode is Enforced. I did rsync in this way:
Code:
rsync mecsmrao@10.16.4.32:/home/pkg/lic/matlab-7.6/ /usr/local/pkgs/matlab_7.6_r2008a/ -avtpog -e ssh
What am i supposed to do?
I am in a class called Linux System Administration and we are setting up Fedora 8 as a server. Per the class instructions, I have changed the default runlevel to 3 so the system always boots to a command line. The instructions say log in with your regular user account [I KNOW HOW TO DO THIS] and use the startx command to load GNOME. [I HAVE NO IDEA HOW TO DO THIS]
I searched the Internet and the text book, but found nothing I could understand.
I just set up vsftpd, from the localhost it works just fine, but when i try to acess it from the network, via firefox or the osx "connect to server" i get a message can't establish connection.
I 'm a new to setting up servers, so maybe i just havent set any neccessary paramters for anonymous login.
My vsftpd.conf looks like this:
Code:
I don't think it has anything to do with the config file. More to do with SElinux. I need to know how to configure SElinux so I can see my samba share when SELinux is on. When I setenforce 0 I can seen all the files and folders set it to setenforce 1 cannot see anything.
Here is the output when I ran [root@fileserver /]# getsebool -a | grep smb
allow_smbd_anon_write --> on
smbd_disable_trans --> on
These two options were off I tried turning them on.
This is another one of the commands I tried running. I did change a few options but I am not sure which I do need to change. I am running a stand alone server so I don't need the DC option.
[root@fileserver /]# getsebool -a | grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> on
samba_export_all_rw --> off
samba_share_nfs --> off
use_samba_home_dirs --> on
I can also post a copy of my smb.conf file too.
I'm trying to get vsftpd running with both anonymous and local user access to the same folder. The directory I'm using is /tftp with the following permissions:
dr-srwxrwx 7 root root 12288 2009-08-14 15:54 tftp
My vsftpd.conf is this:
anonymous_enable=YES
local_enable=YES
write_enable=YES
[code]....
I set the default "ftp" user's home directory to /tftp (was /var/ftp).
I configure named and stumble upon the following problem: named is serious about user rights, every config file named uses should be named:named. I set rights to named:named as follows, but they get changed to root:named when I restart named as root. The same thing happens with SELinux context. This results in access denied type errors.
View 1 Replies View Relatedi've set a server Fedora 11 using Vsftpd + database berkley + ssl 'certificate) he works perfectly. So i wanted to set a new one on Fedora 14, there is the problem..On my fedora 14, i tryed to use the configuration file that i've made on the F11 but withtout success. It seems that when i activate the SSL option on the server it does not want to start anymore... and i have no errors messages. I notice that when i desactivate the SSL "ssl_enable=NO" my server on F14 can start normaly.
[Code]...
I'm rather new to Fedora server, but I'm attempting to run a music FTP server, where anonymous users can submit songs into one particular folder (so i can personally tag them), while other user accounts have full read-write. Here we go: I 2 directories, /music and /untagged
I want anonymous users to be able to read both directories, but only be able to upload to /untagged, and not be able to delete anything. I want users that I select to have full read-write-create-delete privileges. how would I go about this with vsftpd?
Vsftpd virtual users, when a user connects via of ftp they can view all files in the file system. Have a virtual web server and vsftpd working, each user's username is their domain name. FTP works, but not the way I wish for it to work. I only wish for a user to be able to view the files under their username, not the entire Fedora file system and limit changes to files ONLY under their domain name.
View 4 Replies View RelatedI am running vsftpd-2.2.2-3 on my Fedora 12 box. This box has multiple IPs. What I am looking for is make vsftpd listen on those multiple IPs and when a user FTPs to a certain IP, they get landed to the home directory that has been configured for the IP.
This feature is there in Proftpd and is called virtual hosting. I tried to find for Vsftpd such feature, but couldn't find out exactly how to implement in it. how to implement virtual hosting in Vsftpd?
I have installed Fedora Core 11 with SELinux enforcing.It appears (via log files) that if I use a .forward file in the home directory for root that SELinux prevents the use of this mechanism for forwarding e-mail.Is there a way to continue to use SELinux and be able to forward root's e-mail to an outside account?
View 3 Replies View RelatedHow to change pass all user VSFTPD via ftp client, web, ...? Gene6FTP could change by command: site pswd oldpass newpass. So, how can vsftpd do it?
View 3 Replies View RelatedI am trying to lock down our application and server with iptables. Anybody have any idea how to prevent accesses to the application from another application? Basically I opened up the ports 80 and 443 for the application server. However, the application points to other apps (ie. database, ldap). I want to limit what it can connect to or who can connect to it. Bascially I can limit who connects to the server itself but the application can still get input from outside servers.
View 4 Replies View Related
