1

My understanding of SElinux context public_content_t is as

public_content_t is required for files shared via a FTP server unless associated with a user home directory

Here is my question

Does user include FTP anonymous user ftp? If I have created a file owned by ftp:ftp and save it to /var/ftp/pub does it mean it is associated with a user account ?

Thanks

Ali Ahmad
  • 4,784
  • 8
  • 35
  • 61
Ask and Learn
  • 111
  • 1
  • 3

1 Answers1

1

SELinux labels don't care about the username or userid. There is a helpful mapping of default labels to paths, which you can look at by running:

semanage fcontext -l

In your case, we are interested in the /var/ftp directory:

# semanage fcontext -l | grep '/var/ftp'
/var/ftp(/.*)?                                     all files          system_u:object_r:public_content_t:s0
/var/ftp/bin(/.*)?                                 all files          system_u:object_r:bin_t:s0
/var/ftp/etc(/.*)?                                 all files          system_u:object_r:etc_t:s0
/var/ftp/lib(64)?(/.*)?                            all files          system_u:object_r:lib_t:s0
/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)*            regular file       system_u:object_r:ld_so_t:s0

From this output, you'll see that excepting /var/ftp/bin, /var/ftp/etc, and /var/ftp/lib(64)?, all files placed in /var/ftp will be assigned public_content_t label. So, if you create a new file in /var/ftp/pub, it will be labelled public_content_t regardless of whether you did this as user root, ftp, bob, etc.

mricon
  • 6,238
  • 22
  • 27
  • if a file owned by `ftp:ftp` and it is in `/var/ftp/pub` directory, does that mean it is associated with a user home directory ? I guess not because security context of normal user account is `user_home_t` so looks like `ftp` is considered different to normal system users, that is what I am trying to find out. – Ask and Learn Jul 04 '14 at 23:35