|
|
Astaro Security Gateway Software Appliance 7.201 (Default branch)
08-17-2008
|
|
ftpd_selinux(8) ftpd SELinux policy documentation ftpd_selinux(8) NAME
ftpd_selinux - Security-Enhanced Linux policy for ftp daemons. DESCRIPTION
Security-Enhanced Linux provides security for ftp daemons via flexible mandatory access control. FILE_CONTEXTS SELinux requires files to have a file type. File types may be specified with semanage and are restored with restorecon. Policy governs the access that daemons have to files. Allow ftp servers to read the /var/ftp directory by adding the public_content_t file type to the directory and by restoring the file type. semanage fcontext -a -t public_content_t "/var/ftp(/.*)?" restorecon -F -R -v /var/ftp Allow ftp servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_ftpd_anon_write boolean to be set. semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?" restorecon -F -R -v /var/ftp/incoming BOOLEANS
SELinux policy is based on least privilege required and may also be customizable by setting a boolean with setsebool. Allow ftp servers to read and write files with the public_content_rw_t file type. setsebool -P allow_ftpd_anon_write on Allow ftp servers to read or write files in the user home directories. setsebool -P ftp_home_dir on Allow ftp servers to read or write all files on the system. setsebool -P allow_ftpd_full_access on Allow ftp servers to use cifs for public file transfer services. setsebool -P allow_ftpd_use_cifs on Allow ftp servers to use nfs for public file transfer services. setsebool -P allow_ftpd_use_nfs on system-config-selinux is a GUI tool available to customize SELinux policy settings. AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>. SEE ALSO
selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8) dwalsh@redhat.com 17 Jan 2005 ftpd_selinux(8)