On Tuesday 02 March 2010 11:49:51 Dirk H. Schulz wrote:
> Hi folks,
>
> I want my web users to use vsftpd for populating their web space.
>
> And I want SElinux to have an eye on everything there. But my problem is:
>
> For vsftpd to work I need the following context on the web directories:
> system_u:public_content_rw_t
> For httpd to work I need the following context on the web directories:
> object_r:httpd_sys_content_t
>
> How can I achieve to let SElinux both daemons work on the same web
> directory?
>
>From the httpd_selinux man page
SHARING FILES
If you want to share files with multiple domains (Apache, FTP, rsync,
Samba), you can set a file context of public_content_t and public_con-
tent_rw_t. These context allow any of the above domains to read the
content. If you want a particular domain to write to the public_con-
tent_rw_t domain, you must set the appropriate boolean.
allow_DOMAIN_anon_write. So for httpd you would execute:
setsebool -P allow_httpd_anon_write=1
or
setsebool -P allow_httpd_sys_script_anon_write=1
See also ftpd_selinux.
Tony
> I am not very deep into SElinux by now, so please bear with me. I have
> googled for this particular problem, but found nothing.
>
> Any hint or help or url of a howto is appreciated.
>
> Dirk
>
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
--
Chief Technical Officer. Tel: +353 061-202778
Dept. of Comp. Sci.
University of Limerick.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
