windows網路共享訪問centos samba服務端出現許可權問題不能訪問解決
阿新 • • 發佈:2019-02-03
1、ftp
//If you want to share files anonymously
<如果你想把這個共享給匿名的話,需要開啟以下>
chcon -R -t public_content_t /var/ftp
//If you want to setup a directory where you can upload files
<如果你想讓你設定的FTP目錄可以上傳檔案的話,SELINUX需要設定>
chcon -t public_content_rw_t /var/ftp/incoming
//You must also turn on the boolean allow_ftpd_anon_write
<允許匿名使用者寫入許可權>
setsebool -P allow_ftpd_anon_write=1
//If you are setting up this machine as a ftpd server and wish to allow users to access their home directorories
<如果你希望你的FTP使用者可以訪問自己的家目錄的話,需要開啟>
setsebool -P ftp_home_dir 1
//If you want to run ftpd as a daemon
<如果你希望將vsftpd以daemon的方式執行的話,需要開啟>
setsebool -P ftpd_is_daemon 1
//You can disable SELinux protection for the ftpd daemon
<你可以讓SElinux停止保護vsftpd的daemon方式動行>
setsebool -P ftpd_disable_trans 1
httpd
//If you want a particular domain to write to the public_content_rw_t domain
<如果希望具體個doman具有可寫許可權的話,需要設定>
setsebool -P allow_httpd_anon_write=1
or
setsebool -P allow_httpd_sys__anon_write=1
//httpd can be setup to allow cgi s to be executed
<HTTP被設定允許cgi的設定>
setsebool -P httpd_enable_cgi 1
//If you want to allow access to users home directories
<允許使用者HHTP訪問其家目錄,該設定限僅於使用者的家目錄主頁>
setsebool -P httpd_enable_homedirs 1
chcon -R -t httpd_sys_content_t ~user/public_html
//httpd is allowed access to the controling terminal
<允許httpd訪問終端>
setsebool -P httpd_tty_comm 1
//such that one httpd service can not interfere with another
setsebool -P httpd_unified 0
//loadable modules run under the same context as httpd
setsebool -P httpd_builtin_ing 0
//httpd s are allowed to connect out to the network
setsebool -P httpd_can_network_connect 1
// You can disable suexec transition
setsebool -P httpd_suexec_disable_trans 1
//You can disable SELinux protection for the httpd daemon by executing
<關閉Selinux的關於httpd程序守護的保護>
setsebool -P httpd_disable_trans 1
service httpd restart
named
//If you want to have named update the master zone files
<關於named,master更新selinux設定>
setsebool -P named_write_master_zones 1
//You can disable SELinux protection for the named daemon by executing
<關閉named的程序守護保護>
setsebool -P named_disable_trans 1
service named restart
nfs
//If you want to setup this machine to share nfs partitions read only
<Selinux將本機的NFS共享設定成只讀>
setsebool -P nfs_export_all_ro 1
//If you want to share files read/write
<Selinux將本機的NFS共享設定成可讀可寫>
setsebool -P nfs_export_all_rw 1
//If you want to use a remote NFS server for the home directories on this machine
<如果你想要將遠端NFS的家目錄共享到本機,需要開啟>
setsebool -P use_nfs_home_dirs 1
rsync
//If you want to share files using the rsync daemon
共享rsync目錄時:
chcon -t public_content_t /directories
//If you want to share files with multiple domains
允許其他使用者寫入時
setsebool -P allow_rsync_anon_write=1
//You can disable SELinux protection for the rsync daemon by executing
停止rsync的程序保護
setsebool -P rsync_disable_trans 1
kerberos
//allow your system to work properly in a Kerberos environment
允許系統使用kerberos
setsebool -P allow_kerberos 1
//If you are running Kerberos daemons kadmind or krb5kdc
setsebool -P krb5kdc_disable_trans 1
service krb5kdc restart
setsebool -P kadmind_disable_trans 1
service kadmind restart
nis
Allow your system to work properly in a NIS environment
系統工作在nis環境時
setsebool -P allow_ypbind 1
//If you want to share files anonymously
<如果你想把這個共享給匿名的話,需要開啟以下>
chcon -R -t public_content_t /var/ftp
//If you want to setup a directory where you can upload files
<如果你想讓你設定的FTP目錄可以上傳檔案的話,SELINUX需要設定>
chcon -t public_content_rw_t /var/ftp/incoming
//You must also turn on the boolean allow_ftpd_anon_write
<允許匿名使用者寫入許可權>
setsebool -P allow_ftpd_anon_write=1
//If you are setting up this machine as a ftpd server and wish to allow users to access their home directorories
<如果你希望你的FTP使用者可以訪問自己的家目錄的話,需要開啟>
setsebool -P ftp_home_dir 1
//If you want to run ftpd as a daemon
<如果你希望將vsftpd以daemon的方式執行的話,需要開啟>
setsebool -P ftpd_is_daemon 1
//You can disable SELinux protection for the ftpd daemon
<你可以讓SElinux停止保護vsftpd的daemon方式動行>
setsebool -P ftpd_disable_trans 1
httpd
//If you want a particular domain to write to the public_content_rw_t domain
<如果希望具體個doman具有可寫許可權的話,需要設定>
setsebool -P allow_httpd_anon_write=1
or
setsebool -P allow_httpd_sys__anon_write=1
//httpd can be setup to allow cgi s to be executed
<HTTP被設定允許cgi的設定>
setsebool -P httpd_enable_cgi 1
//If you want to allow access to users home directories
<允許使用者HHTP訪問其家目錄,該設定限僅於使用者的家目錄主頁>
setsebool -P httpd_enable_homedirs 1
chcon -R -t httpd_sys_content_t ~user/public_html
//httpd is allowed access to the controling terminal
<允許httpd訪問終端>
setsebool -P httpd_tty_comm 1
//such that one httpd service can not interfere with another
setsebool -P httpd_unified 0
//loadable modules run under the same context as httpd
setsebool -P httpd_builtin_ing 0
//httpd s are allowed to connect out to the network
setsebool -P httpd_can_network_connect 1
// You can disable suexec transition
setsebool -P httpd_suexec_disable_trans 1
//You can disable SELinux protection for the httpd daemon by executing
<關閉Selinux的關於httpd程序守護的保護>
setsebool -P httpd_disable_trans 1
service httpd restart
named
//If you want to have named update the master zone files
<關於named,master更新selinux設定>
setsebool -P named_write_master_zones 1
//You can disable SELinux protection for the named daemon by executing
<關閉named的程序守護保護>
setsebool -P named_disable_trans 1
service named restart
nfs
//If you want to setup this machine to share nfs partitions read only
<Selinux將本機的NFS共享設定成只讀>
setsebool -P nfs_export_all_ro 1
//If you want to share files read/write
<Selinux將本機的NFS共享設定成可讀可寫>
setsebool -P nfs_export_all_rw 1
//If you want to use a remote NFS server for the home directories on this machine
<如果你想要將遠端NFS的家目錄共享到本機,需要開啟>
setsebool -P use_nfs_home_dirs 1
rsync
//If you want to share files using the rsync daemon
共享rsync目錄時:
chcon -t public_content_t /directories
//If you want to share files with multiple domains
允許其他使用者寫入時
setsebool -P allow_rsync_anon_write=1
//You can disable SELinux protection for the rsync daemon by executing
停止rsync的程序保護
setsebool -P rsync_disable_trans 1
kerberos
//allow your system to work properly in a Kerberos environment
允許系統使用kerberos
setsebool -P allow_kerberos 1
//If you are running Kerberos daemons kadmind or krb5kdc
setsebool -P krb5kdc_disable_trans 1
service krb5kdc restart
setsebool -P kadmind_disable_trans 1
service kadmind restart
nis
Allow your system to work properly in a NIS environment
系統工作在nis環境時
setsebool -P allow_ypbind 1