| Home |
|
 |
|
ftpd_selinux
8
17 Jan 2005
dwalsh@redhat.com
ftpd SELinux policy documentation
- NAME
ftpd_selinux - Security-Enhanced Linux policy for ftp daemons. - DESCRIPTION
Security-Enhanced Linux provides security for ftp daemons via flexible mandatory access control. - FILE_CONTEXTS
- Allow ftp servers to read the /var/ftp directory by adding the public_content_t file type to the directory and by restoring the file type.
-
semanage fcontext -a -t public_content_t "/var/ftp(/.*)?" - restorecon -R -v /var/ftp
- Allow ftp servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_ftpd_anon_write boolean to be set.
-
semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?" - restorecon -R -v /var/ftp/incoming
SELinux requires files to have a file type. File types may be specified with semanage and are restored with restorecon. Policy governs the access that daemons have to files. - BOOLEANS
- Allow ftp servers to read and write files with the public_content_rw_t file type.
-
setsebool -P allow_ftpd_anon_write on - Allow ftp servers to read or write files in the user home directories.
-
setsebool -P ftp_home_dir on - Allow ftp servers to read or write all files on the system.
-
setsebool -P allow_ftpd_full_access on - Allow ftp servers to use cifs for public file transfer services.
-
setsebool -P allow_ftpd_use_cifs on - Allow ftp servers to use nfs for public file transfer services.
-
setsebool -P allow_ftpd_use_nfs on - system-config-selinux is a GUI tool available to customize SELinux policy settings.
SELinux policy is based on least privilege required and may also be customizable by setting a boolean with setsebool. - AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
- SEE ALSO
Current Users: 44 © 1999-2009 PenguinSoft.
All trademarks and copyrights on this page are owned by their respective companies.
Linux is a trademark of Linus Torvalds.