GNU/Linux man pages
Livre :
Expressions régulières,
Syntaxe et mise en oeuvre :
GNU/Linux |
CentOS 5.2 |
|
 |
ftpd_selinux(8) |
 |
ftpd_selinux − Security Enhanced Linux Policy for the ftp daemon
Security-Enhanced Linux secures the ftpd server via flexible mandatory access control.
SELinux
requires files to have an extended attribute to define the
file type. Policy governs the access daemons have to these
files. If you want to share files anonymously, you must
label the files and directories public_content_t. So if you
created a special directory /var/ftp, you would need to
label the directory with the chcon tool.
chcon -R -t public_content_t /var/ftp
If you want to setup a directory where you can upload files
to you must
label the files and directories public_content_rw_t. So if
you created
a special directory /var/ftp/incoming, you would need to
label the
directory with the chcon tool.
chcon -t public_content_rw_t /var/ftp/incoming
You must also turn on the boolean allow_ftpd_anon_write.
setsebool -P allow_ftpd_anon_write=1
If you want to make this permanant, i.e. survive a relabel,
you must
add an entry to the file_contexts.local file.
/etc/selinux/POLICYTYPE/contexts/files/file_contexts.local
/var/ftp(/.*)? system_u:object_r:public_content_t /var/ftp/incoming(/.*)? system_u:object_r:public_content_rw_t
SELinux ftp
daemon policy is customizable based on least access
required. So by default SElinux does not allow users to
login and read their home directories.
If you are setting up this machine as a ftpd server and wish
to allow users to access their home directorories, you need
to set the ftp_home_dir boolean.
setsebool -P ftp_home_dir 1
ftpd can run either as a standalone daemon or as part of the
xinetd
domain. If you want to run ftpd as a daemon you must set the
ftpd_is_daemon boolean.
setsebool -P ftpd_is_daemon 1
You can disable SELinux protection for the ftpd daemon by
executing:
setsebool -P ftpd_disable_trans 1
service vsftpd restart
system-config-securitylevel is
a GUI tool available to customize
SELinux policy settings.
AUTHORThis manual page was written by Dan Walsh <dwalsh@redhat.com>. SEE ALSOselinux(8), ftpd(8), chcon(1), setsebool(8)
|