Re: Relabeling question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday 28 June 2007 03:55:15 am Tony Molloy wrote:
> Hi,
>
> This is on CentOS but it's a SELinux question.
>
> I have a filesystem which I need to make available under ftp ( vsftpd )
> httpd ( apache ) and NFS. It contains our local mirrors.
>
> What should the permissions and the SELInux context be on the filesystem
> and how can I relabel it so that it can be available under all three.
>
> The current permissions/SELinux context are
>
> drwxr-xr-x  root root system_u:object_r:default_t      mirrors
>
> and I want something like
>
> drwxr-xr-x  root root root:object_r:public_content_t   TEST

you do want the public_content_t (or perhaps the public_content_rw_t if it's 
not read only).

you may also need to check booleans to allow the different daemons to write to 
the pubilc_content_t areas:

allow_ftpd_anon_write --> off
allow_httpd_anon_write --> off
allow_httpd_apcupsd_cgi_script_anon_write --> off
allow_httpd_bugzilla_script_anon_write --> off
allow_httpd_squid_script_anon_write --> off
allow_httpd_sys_script_anon_write --> off
allow_nfsd_anon_write --> on
allow_rsync_anon_write --> off
allow_smbd_anon_write --> on

-- 
Anthony -  http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E

Attachment: signature.asc
Description: This is a digitally signed message part.

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux