A question about SELinux.

Support for security such as Firewalls and securing linux
Posts: 36
Joined: 2019/07/13 22:19:14

Re: A question about SELinux.

Post by sawozny » 2019/08/17 19:32:27

hack3rcon wrote:
2019/08/17 08:43:39
Thanks, thus below command is a wrong command?

Code: Select all

# setsebool -P ftpd_full_access 1
It's not wrong, it's just going to allow FTP users to write to places (subject to DAC rights approval) where you do not have a file system label matching the one the SELinux policy writers determined is "correct". If your FTP users needed to write somewhere on the system and couldn't and you thought SELinux might be at fault, setting that boolean might fix that problem (as could relabeling the folder the users are trying to write to). But it definitely doesn't turn SELinux off for FTP. There are LOTS of checks SELinux is doing around the FTP service. This boolean only affects one portion of those checks. What is right and what is wrong is based entirely on the security needs of your environment.

Post Reply

Return to “CentOS 7 - Security Support”