[newbie] SELinux and the /srv directory
Paul Howarth
paul at city-fan.org
Wed Aug 17 07:09:48 UTC 2005
On Tue, 2005-08-16 at 21:36 -0400, Daniel J Walsh wrote:
> Razvan Sandu wrote:
>
> > Hello,
> >
> >
> > Thanks to all of you for your responses about /srv !
> >
> > Just one more detail, to be precise:
> > I don't want those files to be read/written by *anyone* (i.e.
> > anonymously), but just one predefined
> > group of users (/srv/project has sgid to that group, etc.).
> >
> > Should I still use the booleans you've mentioned ?
> >
> > Is there a piece of doc that contains a complete list of those SELinux
> > booleans, with detalied explanations about each one, in order to do
> > various such customizations ?
> >
> No, not yet. They are somewhat explained in ftpd_selinux.8. Having
> only one group access them is a DAC requirement. MAC will protect the
> files from other processes.
In other words, use standard Unix/Linux group permissions to handle that
requirement :-) SELinux will restrict which processes can write to this
data, regular permissions will restrict which users can do so.
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the fedora-list
mailing list