Hello,
Could you please help me solve the following matter regarding SELinux ?
For a project I have in my enterprise, I put some files under the /srv
directory (let's call it "/srv/project" - it includes a lot of
subdirectories too).
I did so because I learned from the FHS that this is the correct place where
I should put the files a server will serve (?)
I want these files available to some Unix group, read/write in common for
the users in that group. *They must be accesible through Samba as well as
through FTP*.
Now when I do a touch /.autorelabel; reboot, SELinux marks files in
/srv/project as system_u,object_r,var_t and users get a "permission denied"
when accesing them (at least via Samba). To solve that, I manually changed
to system_u,object_r,home_user_t, but this is less than optimal.
Would you please tell me the following:
- is /srv/project the correct (canonical) place to keep these common
read/write work files or should I put them to /var/ftp/pub or other place ?
- what is the proper context such files should have ? Of course, I don't
want this context automatically modified each time I do an automatic
relabeling...
- are specific policy rules/types necessary for the /srv directory content ?
I think this should be of interest for many people - it's a configuration
for a standard fileserver...
Thanks a lot,
Razvan
--
Ing. Razvan SANDU <rsandu @ softhome.net>
Bucharest, Romania
