The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

ftpd_selinux (8)
  • ftpd_selinux (8) ( Русские man: Команды системного администрирования )
  • >> ftpd_selinux (8) ( Linux man: Команды системного администрирования )
  •  

    NAME

    ftpd_selinux - Security Enhanced Linux Policy for the ftp daemon
     
    

    DESCRIPTION

    Security-Enhanced Linux secures the ftpd server via flexible mandatory access control.  

    FILE_CONTEXTS

    SELinux requires files to have an extended attribute to define the file type. Policy governs the access daemons have to these files. If you want to share files anonymously, you must label the files and directories public_content_t. So if you created a special directory /var/ftp, you would need to label the directory with the chcon tool.
    chcon -R -t public_content_t /var/ftp
    If you want to setup a directory where you can upload files to you must label the files and directories ftpd_anon_rw_t. So if you created a special directory /var/ftp/incoming, you would need to label the directory with the chcon tool.
    chcon -t public_content_rw_t /var/ftp/incoming
    You must also turn on the boolean allow_ftpd_anon_write.
    setsebool -P allow_ftpd_anon_write=1
    If you want to make this permanant, i.e. survive a relabel, you must add an entry to the file_contexts.local file.
    /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local

    /var/ftp(/.*)? system_u:object_r:public_content_t /var/ftp/incoming(/.*)? system_u:object_r:public_content_rw_t

     

    BOOLEANS

    SELinux ftp daemon policy is customizable based on least access required. So by default SElinux does not allow users to login and read their home directories.
    If you are setting up this machine as a ftpd server and wish to allow users to access their home directorories, you need to set the ftp_home_dir boolean.
    setsebool -P ftp_home_dir 1
    ftpd can run either as a standalone daemon or as part of the xinetd domain. If you want to run ftpd as a daemon you must set the ftpd_is_daemon boolean.
    setsebool -P ftpd_is_daemon 1
    You can disable SELinux protection for the ftpd daemon by executing:
    setsebool -P ftpd_disable_trans 1

    service vsftpd restart
    system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
     

    AUTHOR  

    This manual page was written by Dan Walsh <dwalsh@redhat.com>.

     

    SEE ALSO

    selinux(8), ftpd(8), chcon(1), setsebool(8)


     

    Index

    NAME
    DESCRIPTION
    FILE_CONTEXTS
    BOOLEANS
    AUTHOR 
    SEE ALSO


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру