study/uTools-Manuals
1
0
Fork 0
mirror of https://github.com/fofolee/uTools-Manuals.git synced 2025-06-08 06:55:36 +08:00
Code Issues Packages Projects Releases Wiki Activity
uTools-Manuals/docs/linux/setsebool.html
fofolee 38dcd51d8a v0.0.2
2019-04-21 11:50:48 +08:00

57 lines
3.8 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<h1 id="setsebool">setsebool</h1>
<p>修改SElinux策略内各项规则的布尔值</p>
<h2 id="补充说明">补充说明</h2>
<p><strong>setsebool命令</strong> 是用来修改SElinux策略内各项规则的布尔值。setsebool命令和getsebool命令是SELinux修改和查询布尔值的一套工具组。SELinux的策略与规则管理相关命令seinfo命令、sesearch命令、getsebool命令、setsebool命令、semanage命令。</p>
<h3 id="语法">语法</h3>
<pre><code class="language-bash">setsebool [-P] 布尔值=[0|1]</code></pre>
<h3 id="选项">选项</h3>
<pre><code class="language-bash">-P:直接将设置值写入配置文件,该设置数据将来会生效的。</code></pre>
<h3 id="实例">实例</h3>
<p>允许vsvtp匿名用户写入权限</p>
<pre><code class="language-bash">setsebool -P allow_ftpd_anon_write=1</code></pre>
<p>如果你希望你的ftp用户可以访问自己的家目录的话需要开启</p>
<pre><code class="language-bash">setsebool -P ftp_home_dir 1</code></pre>
<p>如果你希望将vsftpd以daemon的方式运行的话需要开启</p>
<pre><code class="language-bash">setsebool -P ftpd_is_daemon 1</code></pre>
<p>你可以让SElinux停止保护vsftpd的daemon方式动行</p>
<pre><code class="language-bash">setsebool -P ftpd_disable_trans 1 </code></pre>
<p>HTTP被设置允许cgi的设置</p>
<pre><code class="language-bash">setsebool -P httpd_enable_cgi 1</code></pre>
<p>允许用户HHTP访问其家目录该设定限仅于用户的家目录主页</p>
<pre><code class="language-bash">setsebool -P httpd_enable_homedirs 1
chcon -R -t httpd_sys_content_t ~user/public_html</code></pre>
<p>允许httpd访问终端</p>
<pre><code class="language-bash">setsebool -P httpd_tty_comm 1</code></pre>
<p>关闭Selinux的关于httpd进程守护的保护</p>
<pre><code class="language-bash">setsebool -P httpd_disable_trans 1
service httpd restart</code></pre>
<p>关于named、master更新selinux设定</p>
<pre><code class="language-bash">setsebool -P named_write_master_zones 1</code></pre>
<p>关闭named的进程守护保护</p>
<pre><code class="language-bash">setsebool -P named_disable_trans 1
service named restart</code></pre>
<p>Selinux将本机的NFS共享设置成只读</p>
<pre><code class="language-bash">setsebool -P nfs_export_all_ro 1</code></pre>
<p>SElinux将本机的NFS共享设置成可读可写</p>
<pre><code class="language-bash">setsebool -P nfs_export_all_rw 1</code></pre>
<p>如果你想要将远程NFS的家目录共享到本机需要开启</p>
<pre><code class="language-bash">setsebool -P use_nfs_home_dirs 1</code></pre>
<p>如果samba服务器共享目录给多个域则需要</p>
<pre><code class="language-bash">setsebool -P allow_smbd_anon_write=1</code></pre>
<p>samba服务器要共享家目录时</p>
<pre><code class="language-bash">setsebool -P samba_enable_home_dirs 1</code></pre>
<p>如果你需在本机上使用远程samba服务器的家目录</p>
<pre><code class="language-bash">setsebool -P use_samba_home_dirs 1</code></pre>
<p>关闭selinux关于samba的进程守护的保护</p>
<pre><code class="language-bash">setsebool -P smbd_disable_trans 1
service smb restart</code></pre>
<p>允许rsync其他用户写入时</p>
<pre><code class="language-bash">setsebool -P allow_rsync_anon_write=1</code></pre>
<p>停止rsync的进程保护</p>
<pre><code class="language-bash">setsebool -P rsync_disable_trans 1</code></pre>
<p>允许系统使用kerberos</p>
<pre><code class="language-bash">setsebool -P allow_kerberos 1</code></pre>
<p>系统工作在nis环境时</p>
<pre><code class="language-bash">setsebool -P allow_ypbind 1</code></pre>
<!-- Linux命令行搜索引擎https://jaywcjlove.github.io/linux-command/ -->
Reference in New Issue View Git Blame Copy Permalink