So in the Red Hat exam they want you to use SELinux. If for example you install vsftp, then do setsebool -P ftp_home_dir=1 or setsebool -P ftp_home_dir on to allow the users on the server to access the home directories. Then do a reboot I notice the ftp_home_dir gets set back to off. I'm I doing something wrong? Here are my steps:
getsebool -a | grep ftp→ftp_home_dir --> offsetsebool -P ftp_home_dir ongetsebool -a | grep ftp→ftp_home_dir --> onreboot
getsebool -a | grep ftp→ftp_home_dir --> off
What's going on? Isn't -P suppose to be persistent after reboot?
Tried this on CentOS 6.5 and RHEL 6.5, both of course updated too. Any suggestion appreciated.
update seeing as I can't answer my on question
semanage boolean -m --on ftp_home_dir
This will survive a reboot
Answer
I just tried this on CentOS 6.5 and I cannot reproduce the behavior you're seeing.
# semanage boolean -l | head
SELinux boolean State Default Description
ftp_home_dir (off , off) Allow ftp to read and write files in the user home directories
# setsebool -P ftp_home_dir on
# semanage boolean -l | head
SELinux boolean State Default Description
ftp_home_dir (on , on) Allow ftp to read and write files in the user home directories
# reboot
The system is going down for reboot NOW!
...
# semanage boolean -l | head
SELinux boolean State Default Description
ftp_home_dir (on , on) Allow ftp to read and write files in the user home directories
According to the official documentation, this certainly is supposed to be the correct way of doing it.
Fortunately (!) with SELinux there's almost always two or more completely different ways of doing the same thing, as you've discovered. semanage can also set booleans, among many other things. Why this is, I think only Dan Walsh knows...
semanage boolean -m --on ftp_home_dir
Since you say that worked for you, I suspect something non-obvious was broken with your installation. At this point you may never find out what it was.
No comments:
Post a Comment