September 2014
Intermediate to advanced
240 pages
5h 53m
English
Content preview from SELinux CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Sharing user content with file ACLs
Access control lists allow for more fine-grained access controls on files. Instead of using a common group ownership, access to files can be individually granted to users or groups.
However, the access controls that SELinux enables should also be tailored to this situation. Features such as the user-based access control constraints in SELinux might prevent sharing user content altogether, regardless of the ACLs set on the file.
How to do it…
Assuming that a user wants to allow read and read-write accesses to a set of files and directories, the following set of steps can be used:
- Create an accessible location outside the user's home directory:
~# mkdir -p /home/share/ ~# chmod 1777 /home/share/
- Create an SELinux ...