On Thursday 28 June 2007 12:23, Anthony Messina wrote: > On Thursday 28 June 2007 03:55:15 am Tony Molloy wrote: > > Hi, > > > > This is on CentOS but it's a SELinux question. > > > > I have a filesystem which I need to make available under ftp ( vsftpd ) > > httpd ( apache ) and NFS. It contains our local mirrors. > > > > What should the permissions and the SELInux context be on the filesystem > > and how can I relabel it so that it can be available under all three. > > > > The current permissions/SELinux context are > > > > drwxr-xr-x root root system_u:object_r:default_t mirrors > > > > and I want something like > > > > drwxr-xr-x root root root:object_r:public_content_t TEST > > you do want the public_content_t (or perhaps the public_content_rw_t if > it's not read only). > This is a read only mirror site so public_content_t should be enough. How do I do that. > you may also need to check booleans to allow the different daemons to write > to the pubilc_content_t areas: > > allow_ftpd_anon_write --> off > allow_httpd_anon_write --> off > allow_httpd_apcupsd_cgi_script_anon_write --> off > allow_httpd_bugzilla_script_anon_write --> off > allow_httpd_squid_script_anon_write --> off > allow_httpd_sys_script_anon_write --> off > allow_nfsd_anon_write --> on > allow_rsync_anon_write --> off > allow_smbd_anon_write --> on I looked at the booleans with system-config-selinux and set those I thought I needed. Thanks, Tony -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
