FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 03-02-2010, 11:16 AM
Tony Molloy
 
Default Using httpd and vsftpd together

On Tuesday 02 March 2010 11:49:51 Dirk H. Schulz wrote:
> Hi folks,
>
> I want my web users to use vsftpd for populating their web space.
>
> And I want SElinux to have an eye on everything there. But my problem is:
>
> For vsftpd to work I need the following context on the web directories:
> system_uublic_content_rw_t
> For httpd to work I need the following context on the web directories:
> object_r:httpd_sys_content_t
>
> How can I achieve to let SElinux both daemons work on the same web
> directory?
>

>From the httpd_selinux man page

SHARING FILES
If you want to share files with multiple domains (Apache, FTP, rsync,
Samba), you can set a file context of public_content_t and public_con-
tent_rw_t. These context allow any of the above domains to read the
content. If you want a particular domain to write to the public_con-
tent_rw_t domain, you must set the appropriate boolean.
allow_DOMAIN_anon_write. So for httpd you would execute:

setsebool -P allow_httpd_anon_write=1

or

setsebool -P allow_httpd_sys_script_anon_write=1


See also ftpd_selinux.

Tony

> I am not very deep into SElinux by now, so please bear with me. I have
> googled for this particular problem, but found nothing.
>
> Any hint or help or url of a howto is appreciated.
>
> Dirk
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>

--

Chief Technical Officer. Tel: +353 061-202778
Dept. of Comp. Sci.
University of Limerick.

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 03-02-2010, 01:22 PM
Paul Howarth
 
Default Using httpd and vsftpd together

On 02/03/10 11:49, Dirk H. Schulz wrote:
> Hi folks,
>
> I want my web users to use vsftpd for populating their web space.
>
> And I want SElinux to have an eye on everything there. But my problem is:
>
> For vsftpd to work I need the following context on the web directories:
> system_uublic_content_rw_t
> For httpd to work I need the following context on the web directories:
> object_r:httpd_sys_content_t
>
> How can I achieve to let SElinux both daemons work on the same web
> directory?
>
> I am not very deep into SElinux by now, so please bear with me. I have
> googled for this particular problem, but found nothing.
>
> Any hint or help or url of a howto is appreciated.

httpd should be fine with public_content_rw_t; which OS are you using
and what problems do you get if you use public_content_rw_t?

Paul,
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 03-02-2010, 02:34 PM
"Dirk H. Schulz"
 
Default Using httpd and vsftpd together

Am 02.03.10 15:22, schrieb Paul Howarth:
> On 02/03/10 11:49, Dirk H. Schulz wrote:
>
>> Hi folks,
>>
>> I want my web users to use vsftpd for populating their web space.
>>
>> And I want SElinux to have an eye on everything there. But my problem is:
>>
>> For vsftpd to work I need the following context on the web directories:
>> system_uublic_content_rw_t
>> For httpd to work I need the following context on the web directories:
>> object_r:httpd_sys_content_t
>>
>> How can I achieve to let SElinux both daemons work on the same web
>> directory?
>>
>> I am not very deep into SElinux by now, so please bear with me. I have
>> googled for this particular problem, but found nothing.
>>
>> Any hint or help or url of a howto is appreciated.
>>
> httpd should be fine with public_content_rw_t; which OS are you using
> and what problems do you get if you use public_content_rw_t?
>
Drupal for example had problems writing to the file system.

Dirk

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 03-02-2010, 03:17 PM
Paul Howarth
 
Default Using httpd and vsftpd together

On 02/03/10 15:34, Dirk H. Schulz wrote:
> Am 02.03.10 15:22, schrieb Paul Howarth:
>> On 02/03/10 11:49, Dirk H. Schulz wrote:
>>> Hi folks,
>>>
>>> I want my web users to use vsftpd for populating their web space.
>>>
>>> And I want SElinux to have an eye on everything there. But my problem
>>> is:
>>>
>>> For vsftpd to work I need the following context on the web directories:
>>> system_uublic_content_rw_t
>>> For httpd to work I need the following context on the web directories:
>>> object_r:httpd_sys_content_t
>>>
>>> How can I achieve to let SElinux both daemons work on the same web
>>> directory?
>>>
>>> I am not very deep into SElinux by now, so please bear with me. I have
>>> googled for this particular problem, but found nothing.
>>>
>>> Any hint or help or url of a howto is appreciated.
>> httpd should be fine with public_content_rw_t; which OS are you using
>> and what problems do you get if you use public_content_rw_t?
> Drupal for example had problems writing to the file system.

If httpd needs to write to this data, you'll need to set one of these
booleans:

setsebool -P allow_httpd_anon_write=1
setsebool -P allow_httpd_sys_script_anon_write=1

I think you'd need the former for built-in scripting languages like PHP
and the latter for CGI scripts.

You'll also need this to give vsftpd write access:

setsebool -P allow_ftpd_anon_write=1

Paul.
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 02:27 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org