Linux

我的虛擬使用者不能 Chroot()

  • March 29, 2014

我正在 Fedora 20 Linux 伺服器中配置 Proftp 伺服器。我所有的真實使用者都可以完美登錄,但虛擬使用者卻不是這樣。

Virtaul 使用者在 SQL 表中,mod_sql.c 正在定位數據並批准登錄。檢查日誌顯示使用者無法在其目錄(公共 ftp 目錄)中 chroot()。

有任何想法嗎?

SELinux啟用並執行,布爾值:

ftp_home_dir --> on
ftpd_anon_write --> on
ftpd_connect_all_unreserved --> on
ftpd_connect_db --> on
ftpd_full_access --> off
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> on
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
sftpd_anon_write --> off
sftpd_enable_homedirs --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off
tftp_anon_write --> off
tftp_home_dir --> off

啟用的模組:

  • mod_sql.c
  • mod_sql_mysql.c
  • mod_quotatab_sql.c
  • mod_quotatab.c

日誌:

mar 28 13:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): DefaultRoot
mar 28 13:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): Umask
mar 28 13:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): DirUmask
mar 28 13:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): AllowOverwrite
mar 28 13:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): RootLogin
mar 28 19:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): Preparing to chroot to directory '/opt/publicftp'
mar 28 19:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): Environment successfully chroot()ed
mar 28 19:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): unable to chdir to / (Permiso denegado), defaulting to chroot directory /opt/publicftp
mar 28 19:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): virtual_user chdir("/"): Permiso denegado
mar 28 19:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): FTP session closed.

編輯:按照更改公共目錄的安全標誌的建議,仍然得到同樣的錯誤。

/opt/publicftp/ 的安全標籤

[root@pw000i opt]#  ls -dZ /opt/publicftp/
drw-rw-rw-. root root unconfined_u:object_r:public_content_t:s0 /opt/publicftp/

ausearch -ts recent -m avc -m user_avc -m selinux_err -ts today根據 Mattiew Ife的請求轉儲

----
time->Fri Mar 28 08:27:16 2014
type=SYSCALL msg=audit(1396016836.347:380): arch=c000003e syscall=4 success=no exit=-13 a0=7fff78b25b40 a1=7fff78b258b0 a2=7fff78b258b0 a3=2 items=0 ppid=1627 pid=1630 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396016836.347:380): avc:  denied  { getattr } for  pid=1630 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 08:59:27 2014
type=SYSCALL msg=audit(1396018767.900:382): arch=c000003e syscall=4 success=no exit=-13 a0=7fff78b25b40 a1=7fff78b258b0 a2=7fff78b258b0 a3=2 items=0 ppid=1627 pid=2135 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396018767.900:382): avc:  denied  { getattr } for  pid=2135 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 11:40:22 2014
type=SYSCALL msg=audit(1396028422.638:420): arch=c000003e syscall=4 success=no exit=-13 a0=7fff78b25b40 a1=7fff78b258b0 a2=7fff78b258b0 a3=2 items=0 ppid=1627 pid=4680 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396028422.638:420): avc:  denied  { getattr } for  pid=4680 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 11:41:30 2014
type=SYSCALL msg=audit(1396028490.482:422): arch=c000003e syscall=4 success=no exit=-13 a0=7fff78b24d60 a1=7fff78b24ad0 a2=7fff78b24ad0 a3=2 items=0 ppid=1627 pid=4680 auid=4294967295 uid=0 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396028490.482:422): avc:  denied  { getattr } for  pid=4680 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 11:57:01 2014
type=SYSCALL msg=audit(1396029421.740:425): arch=c000003e syscall=4 success=no exit=-13 a0=7fff1c22bb10 a1=7fff1c22b880 a2=7fff1c22b880 a3=2 items=0 ppid=4981 pid=4985 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396029421.740:425): avc:  denied  { getattr } for  pid=4985 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 11:57:08 2014
type=SYSCALL msg=audit(1396029428.034:427): arch=c000003e syscall=4 success=no exit=-13 a0=7fff1c22bb10 a1=7fff1c22b880 a2=7fff1c22b880 a3=2 items=0 ppid=4981 pid=4988 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396029428.034:427): avc:  denied  { getattr } for  pid=4988 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 11:58:08 2014
type=SYSCALL msg=audit(1396029488.740:429): arch=c000003e syscall=4 success=no exit=-13 a0=7fff1c22bb10 a1=7fff1c22b880 a2=7fff1c22b880 a3=2 items=0 ppid=4981 pid=5006 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396029488.740:429): avc:  denied  { getattr } for  pid=5006 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 12:12:46 2014
type=SYSCALL msg=audit(1396030366.681:442): arch=c000003e syscall=4 success=no exit=-13 a0=7fff1c22bb10 a1=7fff1c22b880 a2=7fff1c22b880 a3=2 items=0 ppid=4981 pid=5263 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396030366.681:442): avc:  denied  { getattr } for  pid=5263 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 12:58:02 2014
type=SYSCALL msg=audit(1396033082.409:444): arch=c000003e syscall=4 success=no exit=-13 a0=7fff1c22bb10 a1=7fff1c22b880 a2=7fff1c22b880 a3=2 items=0 ppid=4981 pid=6029 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396033082.409:444): avc:  denied  { getattr } for  pid=6029 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 12:58:19 2014
type=SYSCALL msg=audit(1396033099.796:446): arch=c000003e syscall=4 success=no exit=-13 a0=7fff1c22bb10 a1=7fff1c22b880 a2=7fff1c22b880 a3=2 items=0 ppid=4981 pid=6036 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396033099.796:446): avc:  denied  { getattr } for  pid=6036 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:07:28 2014
type=SYSCALL msg=audit(1396033648.268:459): arch=c000003e syscall=4 success=no exit=-13 a0=7fff2e4dc1f0 a1=7fff2e4dbf60 a2=7fff2e4dbf60 a3=2 items=0 ppid=6081 pid=6218 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396033648.268:459): avc:  denied  { getattr } for  pid=6218 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:12:14 2014
type=SYSCALL msg=audit(1396033934.426:460): arch=c000003e syscall=4 success=no exit=-13 a0=7fff2e4dc1f0 a1=7fff2e4dbf60 a2=7fff2e4dbf60 a3=2 items=0 ppid=6081 pid=6325 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396033934.426:460): avc:  denied  { getattr } for  pid=6325 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:12:25 2014
type=SYSCALL msg=audit(1396033945.963:465): arch=c000003e syscall=4 success=no exit=-13 a0=7fff2e4dc1f0 a1=7fff2e4dbf60 a2=7fff2e4dbf60 a3=2 items=0 ppid=6081 pid=6329 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396033945.963:465): avc:  denied  { getattr } for  pid=6329 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:13:11 2014
type=SYSCALL msg=audit(1396033991.860:466): arch=c000003e syscall=4 success=no exit=-13 a0=7fff2e4dc1f0 a1=7fff2e4dbf60 a2=7fff2e4dbf60 a3=2 items=0 ppid=6081 pid=6346 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396033991.860:466): avc:  denied  { getattr } for  pid=6346 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:21:27 2014
type=SYSCALL msg=audit(1396034487.403:469): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3082b270 a1=7fff3082afe0 a2=7fff3082afe0 a3=2 items=0 ppid=6500 pid=6504 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034487.403:469): avc:  denied  { getattr } for  pid=6504 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:22:31 2014
type=SYSCALL msg=audit(1396034551.201:470): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3082b270 a1=7fff3082afe0 a2=7fff3082afe0 a3=2 items=0 ppid=6500 pid=6524 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034551.201:470): avc:  denied  { getattr } for  pid=6524 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:22:32 2014
type=SYSCALL msg=audit(1396034552.990:471): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3082b270 a1=7fff3082afe0 a2=7fff3082afe0 a3=2 items=0 ppid=6500 pid=6526 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034552.990:471): avc:  denied  { getattr } for  pid=6526 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:22:34 2014
type=SYSCALL msg=audit(1396034554.876:473): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3082b270 a1=7fff3082afe0 a2=7fff3082afe0 a3=2 items=0 ppid=6500 pid=6532 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034554.876:473): avc:  denied  { getattr } for  pid=6532 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:22:34 2014
type=SYSCALL msg=audit(1396034554.039:472): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3082b270 a1=7fff3082afe0 a2=7fff3082afe0 a3=2 items=0 ppid=6500 pid=6530 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034554.039:472): avc:  denied  { getattr } for  pid=6530 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:25:50 2014
type=SYSCALL msg=audit(1396034750.729:478): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3082b270 a1=7fff3082afe0 a2=7fff3082afe0 a3=2 items=0 ppid=6500 pid=6603 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034750.729:478): avc:  denied  { getattr } for  pid=6603 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:25:53 2014
type=SYSCALL msg=audit(1396034753.002:479): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3082b270 a1=7fff3082afe0 a2=7fff3082afe0 a3=2 items=0 ppid=6500 pid=6605 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034753.002:479): avc:  denied  { getattr } for  pid=6605 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:26:10 2014
type=SYSCALL msg=audit(1396034770.279:482): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=6617 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034770.279:482): avc:  denied  { getattr } for  pid=6617 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:26:19 2014
type=SYSCALL msg=audit(1396034779.884:484): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=6624 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034779.884:484): avc:  denied  { getattr } for  pid=6624 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:26:18 2014
type=SYSCALL msg=audit(1396034778.119:483): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=6621 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034778.119:483): avc:  denied  { getattr } for  pid=6621 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 15:49:43 2014
type=SYSCALL msg=audit(1396043383.187:509): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=8966 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396043383.187:509): avc:  denied  { getattr } for  pid=8966 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 15:49:45 2014
type=SYSCALL msg=audit(1396043385.651:510): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=8968 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396043385.651:510): avc:  denied  { getattr } for  pid=8968 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 15:50:17 2014
type=SYSCALL msg=audit(1396043417.374:512): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=8985 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396043417.374:512): avc:  denied  { getattr } for  pid=8985 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 15:50:18 2014
type=SYSCALL msg=audit(1396043418.945:513): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=8988 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396043418.945:513): avc:  denied  { getattr } for  pid=8988 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 15:50:30 2014
type=SYSCALL msg=audit(1396043430.654:514): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=8996 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396043430.654:514): avc:  denied  { getattr } for  pid=8996 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 16:01:01 2014
type=USER_AVC msg=audit(1396044061.990:518): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=2)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Fri Mar 28 16:01:01 2014
type=USER_AVC msg=audit(1396044061.990:519): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=3)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Fri Mar 28 16:01:01 2014
type=USER_AVC msg=audit(1396044061.990:520): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=4)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

/opt/publicftp可能沒有正確標記。您可能應該將此目錄標籤更改為public_content_rw_t.

semanage fcontext -a -t public_content_t '/opt/publicftp(/.*)?'
restorecon -Rv /opt/publicftp

看起來也像是 SELinux 政策中的一個可能的錯誤。創建這個文件。

policy_module(myftpd_t, 1.0.0)

require {
 type ftpd_t;
}

tunable_policy(`ftpd_connect_db', `
   mysql_read_config(ftpd_t)
')

然後執行make -f /usr/share/selinux/devel/Makefile load編譯並插入策略。

提供您確保ftpd_connect_db布爾值在此應該(可能)解決您的問題。

還要確保您設置/opt/publicftp了允許從父目錄樹和目錄本身讀取的權限。如果您想允許讀/寫,則需要使用public_content_rw_t標籤而不是public_content_t.

引用自:https://serverfault.com/questions/585233

相關問答

Linux

Linux 阻止埠轉發連接到 SSH 服務

  • November 28, 2019
檢視問答
Linux

設置 VSFTPD 以進行上傳訪問

  • March 26, 2016
檢視問答
Linux

使用 VSFTPD 的 FTP “拒絕訪問”

  • March 4, 2016
檢視問答
Linux

FTP 問題 - VSFTPd 並從 FileZilla 連接

  • February 16, 2016
檢視問答
Linux

在 linux 上禁用刪除權限

  • November 19, 2014
檢視問答
Linux

為什麼在啟用 SELinux httpd_read_user_content 並將文件設置為 httpd_user_content_t 後 Fedora 20 仍然拒絕訪問主目錄?

  • June 23, 2014
檢視問答