Selinux commands for services

(a)Selinux Requirement for NIS Clients

setsebool -P allow_ypbind=1 ypbind_disable_trans=1 yppasswdd_disable_trans=1

Use getsebool command to verify :

getsebool allow_ypbind ypbind_disable_trans yppasswdd_disabled _trans

allow_ypbind -> on
ypbind_disable_trans –>on
yppasswdd_disable_trans –> on

b) Selinux for vsftpd

getsebool -a | grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off

allow user to read and write to their own home directory

setsebool -P ftp_home_dir 1

(c) Selinux for Samba Share

If you want to share /data via samba

chcon -R -t samba_share_t /data

If you want to share home directory

setsebool -P samba_enable_home_dirs 1

Leave a Reply