.TH"ftpd_selinux""8""17 Jan 2005""dwalsh@redhat.com""ftpd Selinux Policy documentation"
.SH"NAME"
ftpd_selinux \- Security Enhanced Linux Policy for the ftp daemon
.SH"DESCRIPTION"
Security-Enhanced Linux secures the ftpd server via flexible mandatory access
control.
.SHFILE_CONTEXTS
SELinux requires files to have an extended attribute to define the file type.
Policy governs the access daemons have to these files.
If you want to share files anonymously, you must label the files and directories public_content_t. So if you created a special directory /var/ftp, you would need to label the directory with the chcon tool.
.TP
chcon -R -t public_content_t /var/ftp
.TP
If you want to setup a directory where you can upload files to you must label the files and directories ftpd_anon_rw_t. So if you created a special directory /var/ftp/incoming, you would need to label the directory with the chcon tool.
SELinux ftp daemon policy is customizable based on least access required. So by
default SElinux does not allow users to login and read their home directories.
.br
If you are setting up this machine as a ftpd server and wish to allow users to access their home
directorories, you need to set the ftp_home_dir boolean.
.TP
setsebool -P ftp_home_dir 1
.TP
ftpd can run either as a standalone daemon or as part of the xinetd domain. If you want to run ftpd as a daemon you must set the ftpd_is_daemon boolean.