So in the Red Hat exam they want you to use SELinux. If for example you install vsftp, then do setsebool -P ftp_home_dir=1
or setsebool -P ftp_home_dir on
to allow the users on the server to access the home directories. Then do a reboot I notice the ftp_home_dir
gets set back to off
. I'm I doing something wrong? Here are my steps:
-
getsebool -a | grep ftp
→ftp_home_dir --> off
-
setsebool -P ftp_home_dir on
-
getsebool -a | grep ftp
→ftp_home_dir --> on
-
reboot
-
getsebool -a | grep ftp
→ftp_home_dir --> off
What's going on? Isn't -P
suppose to be persistent after reboot?
Tried this on CentOS 6.5 and RHEL 6.5, both of course updated too. Any suggestion appreciated.
update seeing as I can't answer my on question
semanage boolean -m --on ftp_home_dir
This will survive a reboot
Best Answer
I just tried this on CentOS 6.5 and I cannot reproduce the behavior you're seeing.
...
According to the official documentation, this certainly is supposed to be the correct way of doing it.
Fortunately (!) with SELinux there's almost always two or more completely different ways of doing the same thing, as you've discovered.
semanage
can also set booleans, among many other things. Why this is, I think only Dan Walsh knows...Since you say that worked for you, I suspect something non-obvious was broken with your installation. At this point you may never find out what it was.