Home > Others

The impact of SELinux on some service relationships

Source: Internet
Author: User
Tags rsync
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Kerberos

Allow system to use Kerberos

Setsebool-p Allow_kerberos 1

Setsebool-p Krb5kdc_disable_trans 1
Service KRB5KDC Restart
Setsebool-p Kadmind_disable_trans 1
Service Kadmind Restart

Ftp

If you share to an anonymous user, you need to turn on the following chcon-r-t public_content_t/var/ftp

FTP directory upload files, SELinux need to set chcon-t public_content_rw_t/var/ftp/incoming

Allow anonymous user write permissions        setsebool-p allow_ftpd_anon_write=1

< EM id= "__mcedel" > ftp users can access their home directory, you need to open          setsebool -P ftp_home_dir 1

vsftpd run in daemon way, you need to turn on setsebool-p Ftpd_is_daemon 1

httpd

HTTP is set to allow CGI settingssetsebool-p httpd_enable_cgi 1

< EM id= "__mcedel" > user HHTP access to their home directory, set limit to user's home directory home page

< EM id= "__mcedel" > setsebool -P httpd_enable_homedirs 1 

Chcon-r-T httpd_sys_content_t ~user/public_html
Allow httpd to access the terminal
Setsebool-p Httpd_tty_comm 1
Setsebool-p httpd_unified 0
Setsebool-p httpd_builtin_ing 0
Setsebool-p Httpd_can_network_connect 1
Setsebool-p Httpd_suexec_disable_trans 1
Turn off SELinux's protection for HTTPD process daemons
Setsebool-p Httpd_disable_trans 1
Service httpd Restart

Named
Named,master Updating SELinux settings
Setsebool-p Named_write_master_zones 1
Turn off process daemon protection for named
Setsebool-p Named_disable_trans 1
Service named restart

Nfs
SELinux sets the NFS share of this machine to read-only
Setsebool-p Nfs_export_all_ro 1
SELinux sets the NFS share of this machine to be readable and writable
Setsebool-p NFS_EXPORT_ALL_RW 1
To share the home directory of remote NFS to this machine, you need to turn on
Setsebool-p Use_nfs_home_dirs 1

Samba

Directory share to other users, set
Chcon-t samba_share_t/directory
Samba servers share directories to multiple domains, you need to:
Setsebool-p allow_smbd_anon_write=1
When a samba server wants to share a home directory:
Setsebool-p Samba_enable_home_dirs 1
Home directory using a remote Samba server on this computer
Setsebool-p Use_samba_home_dirs 1
Turn off SELinux protection for samba's process daemon
Setsebool-p Smbd_disable_trans 1
Service SMB Restart

Rsync

When sharing the Rsync directory:

Chcon-t public_content_t/directories
Allow other users to write
Setsebool-p allow_rsync_anon_write=1
Stop Rsync's process protection
Setsebool-p Rsync_disable_trans 1

Nis
When the system NIS environment
Setsebool-p Allow_ypbind 1

The impact of SELinux on some service relationships

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
selinux seo impact of changing url selinux permissive techstars impact access relationships download selinux selinux manual

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More