Yolinux.com

ftpd_selinux manpage

Search topic Section 

ftpd_selinux(8)	       ftpd SELinux policy documentation       ftpd_selinux(8)



NAME
       ftpd_selinux - Security-Enhanced Linux policy for ftp daemons.

DESCRIPTION
       Security-Enhanced  Linux provides security for ftp daemons via flexible
       mandatory access control.

FILE_CONTEXTS
       SELinux requires files to have a file type. File types may be specified
       with  semanage  and  are	 restored with restorecon.  Policy governs the
       access that daemons have to files.

       Allow ftp servers to read the /var/ftp directory	 by  adding  the  pub-
       lic_content_t  file  type  to  the  directory and by restoring the file
       type.

       semanage fcontext -a -t public_content_t "/var/ftp(/.*)?"

       restorecon -F -R -v /var/ftp

       Allow ftp servers to read and write  /var/tmp/incoming  by  adding  the
       public_content_rw_t  type  to  the  directory and by restoring the file
       type.  This also requires the allow_ftpd_anon_write boolean to be set.

       semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?"

       restorecon -F -R -v /var/ftp/incoming


BOOLEANS
       SELinux policy is based on least privilege required  and	 may  also  be
       customizable by setting a boolean with setsebool.

       Allow  ftp servers to read and write files with the public_content_rw_t
       file type.

       setsebool -P allow_ftpd_anon_write on

       Allow ftp servers to read or write files in the user home directories.

       setsebool -P ftp_home_dir on

       Allow ftp servers to read or write all files on the system.

       setsebool -P allow_ftpd_full_access on

       Allow ftp servers to use cifs for public file transfer services.

       setsebool -P allow_ftpd_use_cifs on

       Allow ftp servers to use nfs for public file transfer services.

       setsebool -P allow_ftpd_use_nfs on

       system-config-selinux is a GUI tool available to customize SELinux pol-
       icy settings.

AUTHOR
       This manual page was written by Dan Walsh <dwalsh@redhat.com>.


SEE ALSO
       selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)



dwalsh@redhat.com		  17 Jan 2005		       ftpd_selinux(8)