Using httpd and vsftpd together

[Paul Howarth]

On 02/03/10 15:34, Dirk H. Schulz wrote:
> Am 02.03.10 15:22, schrieb Paul Howarth:
>> On 02/03/10 11:49, Dirk H. Schulz wrote:
>>> Hi folks,
>>>
>>> I want my web users to use vsftpd for populating their web space.
>>>
>>> And I want SElinux to have an eye on everything there. But my problem
>>> is:
>>>
>>> For vsftpd to work I need the following context on the web directories:
>>> system_u:public_content_rw_t
>>> For httpd to work I need the following context on the web directories:
>>> object_r:httpd_sys_content_t
>>>
>>> How can I achieve to let SElinux both daemons work on the same web
>>> directory?
>>>
>>> I am not very deep into SElinux by now, so please bear with me. I have
>>> googled for this particular problem, but found nothing.
>>>
>>> Any hint or help or url of a howto is appreciated.
>> httpd should be fine with public_content_rw_t; which OS are you using
>> and what problems do you get if you use public_content_rw_t?
> Drupal for example had problems writing to the file system.

If httpd needs to write to this data, you'll need to set one of these 
booleans:

setsebool -P allow_httpd_anon_write=1
setsebool -P allow_httpd_sys_script_anon_write=1

I think you'd need the former for built-in scripting languages like PHP 
and the latter for CGI scripts.

You'll also need this to give vsftpd write access:

setsebool -P allow_ftpd_anon_write=1

Paul.