ftpd_selinux(8) ftpd Selinux Policy documentation ftpd_selinux(8)
ftpd_selinux - Security Enhanced Linux Policy for the ftp daemon
Security-Enhanced Linux secures the ftpd server via flexible mandatory
SELinux requires files to have an extended attribute to define the file
type. Policy governs the access daemons have to these files. If you
want to share files anonymously, you must label the files and directo-
ries public_content_t. So if you created a special directory /var/ftp,
you would need to label the directory with the chcon tool.
chcon -R -t public_content_t /var/ftp
If you want to setup a directory where you can upload files to you must
label the files and directories ftpd_anon_rw_t. So if you created a
special directory /var/ftp/incoming, you would need to label the direc-
tory with the chcon tool.
chcon -t public_content_rw_t /var/ftp/incoming
You must also turn on the boolean allow_ftpd_anon_write.
setsebool -P allow_ftpd_anon_write=1
If you want to make this permanant, i.e. survive a relabel, you must
add an entry to the file_contexts.local file.
SELinux ftp daemon policy is customizable based on least access
required. So by default SElinux does not allow users to login and read
their home directories.
If you are setting up this machine as a ftpd server and wish to allow
users to access their home directorories, you need to set the
setsebool -P ftp_home_dir 1
ftpd can run either as a standalone daemon or as part of the xinetd
domain. If you want to run ftpd as a daemon you must set the
setsebool -P ftpd_is_daemon 1
You can disable SELinux protection for the ftpd daemon by executing:
setsebool -P ftpd_disable_trans 1
service vsftpd restart
system-config-securitylevel is a GUI tool available to customize
SELinux policy settings.
This manual page was written by Dan Walsh <email@example.com>.
selinux(8), ftpd(8), chcon(1), setsebool(8)
firstname.lastname@example.org 17 Jan 2005 ftpd_selinux(8)