GNU/Linux man pages
Livre :
Expressions régulières,
Syntaxe et mise en oeuvre :
GNU/Linux |
CentOS 5.6 |
|
 |
ftpd_selinux(8) |
 |
ftpd_selinux − Security-Enhanced Linux policy for ftp daemons.
Security-Enhanced Linux provides security for ftp daemons via flexible mandatory access control.
SELinux
requires files to have a file type. File types may be
specified with semanage and are restored with restorecon.
Policy governs the access that daemons have to files.
Allow ftp servers to read the /var/ftp directory by adding
the
public_content_t file type to the directory and by restoring
the file
type.
semanage
fcontext -a -t public_content_t "/var/ftp(/.*)?"
restorecon -F -R -v /var/ftp
Allow ftp servers to read and write /var/tmp/incoming by
adding the
public_content_rw_t type to the directory and by restoring
the file
type. This also requires the allow_ftpd_anon_write boolean
to be set.
semanage
fcontext -a -t public_content_rw_t
"/var/ftp/incoming(/.*)?"
restorecon -F -R -v /var/ftp/incoming
SELinux policy
is based on least privilege required and may also be
customizable by setting a boolean with setsebool.
Allow ftp servers to read and write files with the
public_content_rw_t
file type.
setsebool -P
allow_ftpd_anon_write on
Allow ftp servers to read or write files in the user home
directories.
setsebool -P
ftp_home_dir on
Allow ftp servers to read or write all files on the
system.
setsebool -P
allow_ftpd_full_access on
Allow ftp servers to use cifs for public file transfer
services.
setsebool -P
allow_ftpd_use_cifs on
Allow ftp servers to use nfs for public file transfer
services.
setsebool -P
allow_ftpd_use_nfs on
system-config-selinux is a GUI tool available to customize
SELinux
policy settings.
AUTHORThis manual page was written by Dan Walsh <dwalsh@redhat.com>. SEE ALSOselinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)
|