I tried searching but it seems to be broken. It only returns:
I thought I'd post my "problem" while the search is broken and hope for someone with enough knowledge to strol by and tell me wether it's possible or not. A detailed explanation of how to do it is of course appreciated but right now all I want is to find out if I can do it.
The page you are trying to access does not exist.
Please select a page from the main menu.
I run Fedora Core 5 with vsftpd that come with the package. I am an experienced user but a novice to linux.
What I want done is this.
1. I need a user who has readonly access to a directory and everything in it.
Lets call that directory /media/ftp/events/.
2. I need users who has full access to subdirectories to the one above.
Example: /media/ftp/events/user1, /media/ftp/events/user2 ...
I have managed to chroot jail local users to their homedirectories.
I do not want users to wander around where they do not belong.
setsebool -P ftp_home_dir 1
setsebool -P ftpd_is_daemon 1
chmod 0775 /home/user1/
service vsftpd restart
I have created a user and set its homedir to /media/ftp/events/user1. It has been chmoded like the one above. I guess it has something to do with SELinux but I'm out of both clues and guesses. All I get from the server is:
Any help, hints or even guesses in any direction is appreciated.
500 OOPS: cannot change directory:/media/ftp/events/user1
(I'm including vsftpd.conf)
I have now confirmed that this caused by SELinux. I ran a test where I disabled SELinux. I had the same problem with the users homedirectories in /home before I set up the chroot jail (desribed above). Is there a way to do the same thing with another directory?
FTP Server Setup
Can you disable the chroot and then try to accessthe directory with that particular specific user just to make sure that the ftp server is working fine and the user is able to access the directory and then move forward with the same.
Thank you for your reply. I am really close abandoning all hope and setting up WindowsXP instead. God forbid but I have never before experienced problems like this one.
Here we go...
I removed the user from /etc/vsftpd/chroot_list/, restarted vsftpd and tried to log in with the same result as before. Other users can log in to their respective homedirectories (chroot jail'ed or not). I have disabled chroot by commenting it out in vsftpd.conf.
The only way I can set homedirs outside /home is if I disable SELinux.
I figured that the user can have its homedir in /home IF I can put a link to the other dir in it. I put a
in /home/user1 but with SELinux active I can not change dir
ln -s /media/ftp/events/user1 media
There must be more out there who experience this, or similar, problem. I've googled for information on how to build new rules/policies. The only fairly userfriendly solution I've found is audit2allow which transforms policy violations into new policies. Just take the line from /var/log/messages and run it through audit2allow. My problem here is that I can not find any policy violations in messages to run through audit2allow.
[R] CWD media
[R] 550 Failed to change directory.
I hope I make some sense with what I'm saying and to sum it all up,
I want users to be able to access directories outside /home. Some of them need to write and some just read. I have absolutely no problem doing this with SELinux disabled but can not run the machine without it.