1ftpd_selinux(8) ftpd SELinux policy documentation ftpd_selinux(8)
2
3
4
6 ftpd_selinux - Security-Enhanced Linux policy for ftp daemons.
7
9 Security-Enhanced Linux provides security for ftp daemons via flexible
10 mandatory access control.
11
13 SELinux requires files to have a file type. File types may be specified
14 with semanage and are restored with restorecon. Policy governs the
15 access that daemons have to files.
16
17 Allow ftp servers to read the /var/ftp directory by adding the pub‐
18 lic_content_t file type to the directory and by restoring the file
19 type.
20
21 semanage fcontext -a -t public_content_t "/var/ftp(/.*)?"
22
23 restorecon -F -R -v /var/ftp
24
25 Allow ftp servers to read and write /var/tmp/incoming by adding the
26 public_content_rw_t type to the directory and by restoring the file
27 type. This also requires the allow_ftpd_anon_write boolean to be set.
28
29 semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?"
30
31 restorecon -F -R -v /var/ftp/incoming
32
33
35 SELinux policy is based on least privilege required and may also be
36 customizable by setting a boolean with setsebool.
37
38 Allow ftp servers to read and write files with the public_content_rw_t
39 file type.
40
41 setsebool -P allow_ftpd_anon_write on
42
43 Allow ftp servers to read or write files in the user home directories.
44
45 setsebool -P ftp_home_dir on
46
47 Allow ftp servers to read or write all files on the system.
48
49 setsebool -P allow_ftpd_full_access on
50
51 Allow ftp servers to use cifs for public file transfer services.
52
53 setsebool -P allow_ftpd_use_cifs on
54
55 Allow ftp servers to use nfs for public file transfer services.
56
57 setsebool -P allow_ftpd_use_nfs on
58
59 system-config-selinux is a GUI tool available to customize SELinux pol‐
60 icy settings.
61
63 This manual page was written by Dan Walsh <dwalsh@redhat.com>.
64
65
67 selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)
68
69
70
71dwalsh@redhat.com 17 Jan 2005 ftpd_selinux(8)