Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   18644 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

ftpd_selinux(8)	       ftpd Selinux Policy documentation       ftpd_selinux(8)

NAME
       ftpd_selinux - Security Enhanced Linux Policy for the ftp daemon

DESCRIPTION
       Security-Enhanced  Linux secures the ftpd server via flexible mandatory
       access control.

FILE_CONTEXTS
       SELinux requires files to have an extended attribute to define the file
       type.   Policy  governs the access daemons have to these files.	If you
       want to share files anonymously, you must label the files and  directo‐
       ries public_content_t.  So if you created a special directory /var/ftp,
       you would need to label the directory with the chcon tool.

       chcon -R -t public_content_t /var/ftp

       If you want to setup a directory where you can upload files to you must
       label the files and directories public_content_rw_t.  So if you created
       a special directory /var/ftp/incoming, you  would  need	to  label  the
       directory with the chcon tool.

       chcon -t public_content_rw_t /var/ftp/incoming

       You must also turn on the boolean allow_ftpd_anon_write.

       setsebool -P allow_ftpd_anon_write=1

       If  you	want  to make this permanant, i.e. survive a relabel, you must
       add an entry to the file_contexts.local file.

       /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local
	      /var/ftp(/.*)?		    system_u:object_r:public_content_t
	      /var/ftp/incoming(/.*)? system_u:object_r:public_content_rw_t

BOOLEANS
       SELinux	ftp  daemon  policy  is	 customizable  based  on  least access
       required.  So by default SElinux does not allow users to login and read
       their home directories.
       If  you	are setting up this machine as a ftpd server and wish to allow
       users  to  access  their	 home  directorories,  you  need  to  set  the
       ftp_home_dir boolean.

       setsebool -P ftp_home_dir 1

       ftpd  can  run  either  as a standalone daemon or as part of the xinetd
       domain.	If you want  to	 run  ftpd  as	a  daemon  you	must  set  the
       ftpd_is_daemon boolean.

       setsebool -P ftpd_is_daemon 1

       You can disable SELinux protection for the ftpd daemon by executing:

       setsebool -P ftpd_disable_trans 1
	      service vsftpd restart

       system-config-securitylevel  is	a  GUI	tool  available	 to  customize
       SELinux policy settings.

AUTHOR
       This manual page was written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO
       selinux(8), ftpd(8), chcon(1), setsebool(8)

dwalsh@redhat.com		  17 Jan 2005		       ftpd_selinux(8)

Vote for polarhome