On 3 October 2010 11:21, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What AVC messages are you getting in /var/log/audit/audit.log?
On 10/02/2010 10:28 PM, Aaron Gray wrote:
> On 3 October 2010 01:35, Sam Sharpe <lists.redhat@xxxxxxxxxxxxx> wrote:
>
>> On 3 October 2010 00:41, Aaron Gray <aaronngray.lists@xxxxxxxxx> wrote:
>>> On 2 October 2010 23:58, Aaron Gray <aaronngray.lists@xxxxxxxxx> wrote:
>>>>
>>>> On 2 October 2010 23:56, stan <gryt2@xxxxx> wrote:
>>>>>
>>>>> On Sat, 2 Oct 2010 23:37:40 +0100
>>>>> Aaron Gray <aaronngray.lists@xxxxxxxxx> wrote:
>>>>>
>>>>>> I have installed a fresh version of F11, unfortunately I did not
>>>>>> install VSFTPD with it.
>>>>>>
>>>>>> On doing a "yum install vsftpd" it install fine but does not seem to
>>>>>> function.
>>>>>>
>>>>>> [root@zzz vsftpd]# ftp localhost
>>>>>> Trying ::1...
>>>>>> ftp: connect to address ::1Connection refused
>>>>>> Trying 127.0.0.1...
>>>>>> Connected to localhost (127.0.0.1).
>>>>>> 421 Service not available, remote server has closed connection
>>>>>> ftp> quit
>>>>>>
>>>>>> I copied the 'vsftpd.conf' and 'users' directory from my working F11
>>>>>> server this one is supposed to be mirroring, but am getting exactly
>>>>>> the same responce.
>>>>>
>>>>> This is probably a problem with the firewall. Did you open ports 20
>>>>> and 21?
>>>>>
>>>>> And if you are using passive ftp you should open some ports in the high
>>>>> range, so there is a hole in the firewall for vsftpd to use. You have
>>>>> to tell vsftpd to use those ports in the configuration. I also had to
>>>>> open the service on my router, but that might not be an issue for you.
>>>>>
>>>>> If I recall correctly, there is a logging function that can be turned
>>>>> on and it is really useful for decoding where the problem is and what
>>>>> it is too.
>>>>>
>>>>> It's been a few years since I used vsftpd, so this is somewhat hazy.
>>>>
>>>> My other F11 server is working fine, and that does not have any extras.
>>>
>>> Its not iptables, thats exactly the same across the two machines.
>>> Aaron
>>
>> I find the best way to deal with this kind of problem is some
>> elementary research. I started with Google:
>>
>> http://www.google.com/search?sourceid=navclient&hl=en-GB&q=vsftpd+421
>>
>> The first Search Result might help you immensely.
>>
>
> Yep its SELinux !
>
> Are there any rule files for this I can just load ?
>
> Aaron
>
>
type=AVC msg=audit(1286119627.313:21309): avc: denied { sys_admin } for pid=1903 comm="vsftpd" capability=21 scontext=unconfined_u:system_r:ftpd_t:s0 tcontext=unconfined_u:system_r:ftpd_t:s0 tclass=capability
type=SYSCALL msg=audit(1286119627.313:21309): arch=40000003 syscall=120 success=no exit=-1 a0=28000011 a1=0 a2=6f4334 a3=6f4334 items=0 ppid=1 pid=1903 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="vsftpd" exe="/usr/sbin/vsftpd" subj=unconfined_u:system_r:ftpd_t:s0 key=(null)
Yeah, it works when I turn enforcement off.
Aaron
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
