I did some more digging and apparently this is due to SELinux
(system-config-securitylevel). I disabled it and everything works, I'm
experimenting with Permissive mode and it appears this works as well.
Anyone with information on leaving this enabled and allowing proftpd to
access specific directories - help is appreciated. I'll start reading
up on this.

Rich

-----Original Message-----
From: Heller, Richard [mailto:Richard.Heller@Telerx.com]
Sent: Wednesday, October 22, 2008 4:29 PM
To: proftp-user@lists.sourceforge.net
Subject: [Proftpd-user] Directory is not accessible problem

I am having trouble with a new installation of proftd. The issue occurs
when running in standalone mode only. If I run from the command line
"proftpd -n" the user "ftpuser" can log in with anything as the
password, but otherwise the client message is:

ftp> user
(username) ftpuser
331 Anonymous login ok, send your complete email address as your
password
Password:
530-Unable to set anonymous privileges.
530 Login incorrect.
Login failed.


The entries in /var/log/messages are:

Oct 22 16:03:57 voicetone2 proftpd[11956]: voicetone2
(::ffff:172.19.5.211[::ffff:172.19.5.211]) - ftpuser: Directory
/home/attvoicetone/ is not accessible.
Oct 22 16:03:57 voicetone2 kernel: audit(1224705837.030:20): avc:
denied { getattr } for pid=11956 comm="proftpd" path="/home" dev=dm-0
ino=22937601 scontext=root:system_r:ftpd_t:s0
tcontext=system_ubject_r:home_root_t:s0 tclass=dir

The proftpd.config file contents:

# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
ServerType standalone
#ServerType inetd
DefaultServer on
AccessGrantMsg "User %u logged in."
#DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
DeferWelcome off

# Use this to excude users from the chroot
DefaultRoot ~ !adm

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups off
UseReverseDNS off

# Port 21 is the standard FTP port.
Port 21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# Default to show dot files in directory listings
ListOptions "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#RootLogin off
#LoginPasswordPrompt on
#MaxLoginAttempts 3
#MaxClientsPerHost none
#AllowForeignAddress off # For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20

# Set the user and group that the server normally runs at.
User nobody
Group nobody

# Disable sendfile by default since it breaks displaying the download
speeds in
# ftptop and ftpwho
UseSendfile no

# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score

# Normally, we want users to do a few things.

AllowOverwrite yes

AllowAll

SyslogLevel debug


# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine on
#TLSRequired on
#TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
#TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
#TLSCipherSuite ALL:!ADH:!DES
#TLSOptions NoCertRequest
#TLSVerifyClient off
##TLSRenegotiate ctrl 3600 data 512000 required off
timeout 300
#TLSLog /var/log/proftpd/tls.log

# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
#
# LoadModule mod_sql.c
# LoadModule mod_sql_mysql.c
# LoadModule mod_sql_postgres.c
#


# A basic anonymous configuration, with an upload directory.
#
# User ftp
# Group ftp
# AccessGrantMsg "Anonymous login ok, restrictions
apply."
#
# # We want clients to be able to login with "anonymous" as well as
"ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10 "Sorry, max %m users -- try again
later"
#
# # Put the user into /pub right after login
# #DefaultChdir /pub
#
# # We want 'welcome.msg' displayed at login, '.message' displayed in
# # each newly chdired directory and tell users to read README* files.
# DisplayLogin /welcome.msg
# DisplayFirstChdir .message
# DisplayReadme README*
#
# # Some more cosmetic and not vital stuff
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# # Limit WRITE everywhere in the anonymous chroot
#
# DenyAll
#

#
# # An upload directory that allows storing files but not retrieving
# # or creating directories.
#
# AllowOverwrite no
#
# DenyAll
#

#
#
# AllowAll
#

#

#
# # Don't write anonymous accesses to the system wtmp file (good idea!)
# WtmpLog off
#
# # Logging for the anonymous transfers
ExtendedLog /var/log/proftpd/access.log WRITE,READ default
ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#


#INSERTED TO DEBUG ISSUE
Trace ALL:9
TraceLog /var/log/proftpd/trace.log

# SETUP FOR ftpuser

User ftpuser
Group ftp
# We want clients to be able to login with "anonymous" as well as
"ftp"
# UserAlias anonymous ftp

# Limit the maximum number of anonymous logins
MaxClients 5

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
#
# DenyAll
#


DefaultChdir /home/attvoicetone/



Compiled-in modules:
mod_core.c
mod_xfer.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_dso.c
mod_readme.c
mod_auth_pam.c
mod_tls.c
mod_cap.c
mod_ctrls.c

Version Info:
- ProFTPD Version: 1.3.1 (stable)
- Scoreboard Version: 01040002
- Built: Sat Oct 6 21:20:37 CEST 2007
- Module: mod_core.c
- Module: mod_xfer.c
- Module: mod_auth_unix.c
- Module: mod_auth_file/0.8.3
- Module: mod_auth.c
- Module: mod_ls.c
- Module: mod_log.c
- Module: mod_site.c
- Module: mod_delay/0.6
- Module: mod_dso/0.4
- Module: mod_readme.c
- Module: mod_auth_pam/1.0.1
- Module: mod_tls/2.1.2
- Module: mod_cap/1.0
- Module: mod_ctrls/0.9.4

I am running CentOS release 5.2 (Final).

I have verified the user and group, I have validated the directory
exists and is currently set with 777 permissions.

I have been reading HOW TOs and FAQs all day and have tried disabling
PAM and changing the Auth Module Order but have not gotten anywhere.
Could someone please steer me in the right direction?

Thanks,
Rich


------------------------------------------------------------------------
-
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the
world
http://moblin-contest.org/redirect.p...r_id=100&url=/
_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html




-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.p...r_id=100&url=/
_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html