On Tuesday 02 March 2010 11:49:51 Dirk H. Schulz wrote:
Hi folks,
I want my web users to use vsftpd for populating their web space.
And I want SElinux to have an eye on everything there. But my problem is:
For vsftpd to work I need the following context on the web directories:
system_u:public_content_rw_t
For httpd to work I need the following context on the web directories:
object_r:httpd_sys_content_t
How can I achieve to let SElinux both daemons work on the same web
directory?
From the httpd_selinux man page
SHARING FILES
If you want to share files with multiple domains (Apache, FTP, rsync,
Samba), you can set a file context of public_content_t and public_con-
tent_rw_t. These context allow any of the above domains to read the
content. If you want a particular domain to write to the public_con-
tent_rw_t domain, you must set the appropriate boolean.
allow_DOMAIN_anon_write. So for httpd you would execute:
setsebool -P allow_httpd_anon_write=1
or
setsebool -P allow_httpd_sys_script_anon_write=1
See also ftpd_selinux.
Tony
I am not very deep into SElinux by now, so please bear with me. I
have
googled for this particular problem, but found nothing.
Any hint or help or url of a howto is appreciated.
Dirk
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
--
Chief Technical Officer. Tel: +353 061-202778
Dept. of Comp. Sci.
University of Limerick.