Razvan Sandu wrote:
Hello,
Thanks to all of you for your responses about /srv !
Just one more detail, to be precise:
I don't want those files to be read/written by *anyone* (i.e.
anonymously), but just one predefined
group of users (/srv/project has sgid to that group, etc.).
Should I still use the booleans you've mentioned ?
Is there a piece of doc that contains a complete list of those SELinux
booleans, with detalied explanations about each one, in order to do
various such customizations ?
No, not yet. They are somewhat explained in ftpd_selinux.8. Having
only one group access them is a DAC requirement. MAC will protect the
files from other processes.
Thanks again,
Razvan
--
Dipl. Eng. Razvan SANDU <rsandu @ softhome.net>
Bucharest, Romania
--
