Product SiteDocumentation Site

10.5.3. Booleans

SELinux is based on the least level of access required for a service to run. Services can be run in a variety of ways; therefore, you must tell SELinux how you are running services. The following Booleans allow you to tell SELinux how you are running vsftpd:
allow_ftpd_anon_write
When disabled, this Boolean prevents vsftpd from writing to files and directories labeled with the public_content_rw_t type. Turn this Boolean on to allow users to upload files via FTP. The directory where files are uploaded to must be labeled with the public_content_rw_t type and Linux permissions set accordingly.
allow_ftpd_full_access
When this Boolean is on, only Linux permissions are used to control access, and authenticated users can read and write to files that are not labeled with the public_content_t or public_content_rw_t types.
allow_ftpd_use_cifs
Having this Boolean enabled allows vsftpd to access files and directories labeled with the cifs_t type; therefore, having this Boolean enabled allows you to share file systems mounted via Samba through vsftpd.
allow_ftpd_use_nfs
Having this Boolean enabled allows vsftpd to access files and directories labeled with the nfs_t type; therefore, having this Boolean enabled allows you to share file systems mounted via NFS through vsftpd.
ftp_home_dir
Having this Boolean enabled allows authenticated users to read and write to files in their home directories. When this Boolean is off, attempting to download a file from a home directory results in an error such as 550 Failed to open file. An SELinux denial is logged to /var/log/messages.
ftpd_connect_db
Allow FTP daemons to initiate a connection to a database.
httpd_enable_ftp_server
Allow httpd to listen on the FTP port and act as a FTP server.
tftp_anon_write
Having this Boolean enabled allows TFTP access to a public directory, such as an area reserved for common files that otherwise has no special access restrictions.