Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 311557 Details for
Bug 454945
ftpd_selinux.8 updated
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
ftpd_selinux.8.diff
ftpd_selinux.8.diff (text/plain), 4.57 KB, created by
Dominick Grift
on 2008-07-11 08:49:25 UTC
(
hide
)
Description:
ftpd_selinux.8.diff
Filename:
MIME Type:
Creator:
Dominick Grift
Created:
2008-07-11 08:49:25 UTC
Size:
4.57 KB
patch
obsolete
>Index: /home/domg472/Workspace/refpolicy_trunk/man/man8/ftpd_selinux.8 >=================================================================== >--- /home/domg472/Workspace/refpolicy_trunk/man/man8/ftpd_selinux.8 (revision 2758) >+++ /home/domg472/Workspace/refpolicy_trunk/man/man8/ftpd_selinux.8 (working copy) >@@ -1,52 +1,67 @@ >-.TH "ftpd_selinux" "8" "17 Jan 2005" "dwalsh@redhat.com" "ftpd Selinux Policy documentation" >+.TH "ftpd_selinux" "8" "17 Jan 2005" "dwalsh@redhat.com" "ftpd SELinux policy documentation" > .SH "NAME" >-ftpd_selinux \- Security Enhanced Linux Policy for the ftp daemon >+.PP >+ftpd_selinux \- Security-Enhanced Linux policy for ftp daemons. > .SH "DESCRIPTION" >- >-Security-Enhanced Linux secures the ftpd server via flexible mandatory access >-control. >+.PP >+Security-Enhanced Linux provides security for ftp daemons via flexible mandatory access control. > .SH FILE_CONTEXTS >-SELinux requires files to have an extended attribute to define the file type. >-Policy governs the access daemons have to these files. >-If you want to share files anonymously, you must label the files and directories public_content_t. So if you created a special directory /var/ftp, you would need to label the directory with the chcon tool. >+SELinux requires files to have an extended attribute to define the file type. Policy >+governs the access daemons have to these files. If you want to share files anonymously, you >+are required to change the file type of the files and directories to public_content_t. If >+you created a directory /var/ftp, you must configure the file type of the directory with semanage >+or system-config-selinux and restore it with the restorecon tool. >+.PP >+.B >+semanage fcontext -a -t public_content_t "/var/ftp(/.*)?" > .TP >-chcon -R -t public_content_t /var/ftp >+.B >+restorecon -R -v /var/ftp > .TP >-If you want to setup a directory where you can upload files to you must label the files and directories public_content_rw_t. So if you created a special directory /var/ftp/incoming, you would need to label the directory with the chcon tool. >+If you want to setup a directory where one can upload files to, you must change the file type of the files and directories to public_content_rw_t. If you created a directory /var/ftp/incoming, you have to set the file type of the directory with semanage or system-config-selinux and restore it with the restorecon tool. >+.PP >+.B >+semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?" > .TP >-chcon -t public_content_rw_t /var/ftp/incoming >+.B >+restorecon -R -v /var/ftp/incoming > .TP >-You must also turn on the boolean allow_ftpd_anon_write. >-.TP >-setsebool -P allow_ftpd_anon_write=1 >-.TP >-If you want to make this permanant, i.e. survive a relabel, you must add an entry to the file_contexts.local file. >-.TP >-/etc/selinux/POLICYTYPE/contexts/files/file_contexts.local >-.br >-/var/ftp(/.*)? system_u:object_r:public_content_t >-/var/ftp/incoming(/.*)? system_u:object_r:public_content_rw_t >+You are also required to turn on the boolean allow_ftpd_anon_write. >+.PP >+.B >+setsebool -P allow_ftpd_anon_write on > > .SH BOOLEANS >-SELinux ftp daemon policy is customizable based on least access required. So by >-default SElinux does not allow users to login and read their home directories. >-.br >-If you are setting up this machine as a ftpd server and wish to allow users to access their home >-directorories, you need to set the ftp_home_dir boolean. >+.PP >+SELinux policy for ftp daemons is customizable and based on least privilege required. By >+default SELinux does not allow users to login and read their home directories. > .TP >-setsebool -P ftp_home_dir 1 >+Allow users to login and read/write files in the user home directories >+.PP >+.B >+setsebool -P ftp_home_dir on > .TP >-ftpd can run either as a standalone daemon or as part of the xinetd domain. If you want to run ftpd as a daemon you must set the ftpd_is_daemon boolean. >+Allow users to login and read/write all files on the system. >+.PP >+.B >+setsebool -P allow_ftpd_full_access on > .TP >-setsebool -P ftpd_is_daemon 1 >-.br >-service vsftpd restart >+Allow ftp servers to use cifs for public file transfer services. >+.PP >+.B >+setsebool -P allow_ftpd_use_cifs on > .TP >+Allow ftp servers to use nfs for public file transfer services. >+.PP >+.B >+setsebool -P allow_ftpd_use_nfs on >+.TP > system-config-selinux is a GUI tool available to customize SELinux policy settings. >-.SH AUTHOR >+.SH AUTHOR >+.PP > This manual page was written by Dan Walsh <dwalsh@redhat.com>. > > .SH "SEE ALSO" >-selinux(8), ftpd(8), chcon(1), setsebool(8) >+.PP > >- >+selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8) >\ No newline at end of file
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=311557">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 454945
:
311521
|
311557
|
311565
|
312074