On 02/03/10 15:34, Dirk H. Schulz wrote: > Am 02.03.10 15:22, schrieb Paul Howarth: >> On 02/03/10 11:49, Dirk H. Schulz wrote: >>> Hi folks, >>> >>> I want my web users to use vsftpd for populating their web space. >>> >>> And I want SElinux to have an eye on everything there. But my problem >>> is: >>> >>> For vsftpd to work I need the following context on the web directories: >>> system_u:public_content_rw_t >>> For httpd to work I need the following context on the web directories: >>> object_r:httpd_sys_content_t >>> >>> How can I achieve to let SElinux both daemons work on the same web >>> directory? >>> >>> I am not very deep into SElinux by now, so please bear with me. I have >>> googled for this particular problem, but found nothing. >>> >>> Any hint or help or url of a howto is appreciated. >> httpd should be fine with public_content_rw_t; which OS are you using >> and what problems do you get if you use public_content_rw_t? > Drupal for example had problems writing to the file system. If httpd needs to write to this data, you'll need to set one of these booleans: setsebool -P allow_httpd_anon_write=1 setsebool -P allow_httpd_sys_script_anon_write=1 I think you'd need the former for built-in scripting languages like PHP and the latter for CGI scripts. You'll also need this to give vsftpd write access: setsebool -P allow_ftpd_anon_write=1 Paul. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
