Sharing user content with file ACLs
Access control lists allow for more fine-grained access controls on files. Instead of using a common group ownership, access to files can be individually granted to users or groups.
However, the access controls that SELinux enables should also be tailored to this situation. Features such as the user-based access control constraints in SELinux might prevent sharing user content altogether, regardless of the ACLs set on the file.
How to do it…
Assuming that a user wants to allow read and read-write accesses to a set of files and directories, the following set of steps can be used:
- Create an accessible location outside the user's home directory:
~# mkdir -p /home/share/ ~# chmod 1777 /home/share/
- Create an SELinux ...
Get SELinux Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.