Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 27th November 2007, 02:41 PM
eric Offline
Registered User
 
Join Date: Mar 2004
Posts: 9
How To Create Dir Without Upsetting SELinux?

Hello,

I need to create a directory that is not under /home and that is read-write accessible to a non-privileged user. Can someone please tell me where on the filesystem I should put this directory, and how I should label it, so that SELinux doesn't complain?

Let's call the user joe. I tried creating /joe and chown-ing it to joe. joe goes there and builds software which is installed to a subdirectory of /joe. This kicks off various warning bells in SeLinux.

The initial SELinux warnings related to having a directory with a default label under /. Without understanding what I'm doing I tried relabeling /joe from default_t to usr_t, that let to other warnings. An example of a current error message, when joe does 'make install', with the target directory a subdirectory of /joe, SELinux says "SELinux is preventing /sbin/ldconfig (ldconfig_t) "read" to (usr_t)."

I don't want to get into the guts of SELinux or do anything fancy. I just want a directory somewhere on the filesystem other than /home where joe can read/write without triggering SELinux warnings. Where should this directory go and how should it be labelled?

Many Thanks,
Eric
Reply With Quote
  #2  
Old 27th November 2007, 02:58 PM
Zero-Override Offline
Registered User
 
Join Date: May 2005
Posts: 741
well the problem with installing things is that it installs stuff system-wide, to convert it to a windows situation, if i install a music program it will put several stuff in /windows/system32 to operate, same goes for any other program

you could try installing stuff with a prefix maybe?
__________________
LINUX NUMBER 389596
machine number 290131
Reply With Quote
  #3  
Old 27th November 2007, 03:10 PM
ongola Offline
Registered User
 
Join Date: Nov 2006
Location: Douala, Cameroon
Age: 32
Posts: 14
Hello eric,
i'll just try to give you some advices...
First of all, what exactly do you want to do ? why do you need a directory for joe outside /home ?
I suggest that you read a bit this document on the linux filesystem hierarchy . You'll have a better understanding of the way directories are labelled and their roles (in any linux distribution you may have).
I think it's a bad idea to create a directory directly under the '/' . So many directories have been already created during the installation. You should just go to the right directories according to your target.
Reply With Quote
  #4  
Old 27th November 2007, 03:55 PM
eric Offline
Registered User
 
Join Date: Mar 2004
Posts: 9
Hi ongola,

Many thanks for getting back to me.

Quote:
Originally Posted by ongola
First of all, what exactly do you want to do ?
I want to provide a directory under which joe can build and install software.

Quote:
Originally Posted by ongola
why do you need a directory for joe outside /home ?
1) /home is nfs-mounted. If joe builds sofware there, all read-write operations are performed across the network, which is slow. I want joe's build/install environment on the local hard disk.
2) /home is backed up. joe's build/install environment is huge and does not need to be backed up.

Quote:
Originally Posted by ongola
I suggest that you read a bit this document on the linux filesystem hierarchy . You'll have a better understanding of the way directories are labelled and their roles (in any linux distribution you may have).
I'm already familiar with that info.

Quote:
Originally Posted by ongola
I think it's a bad idea to create a directory directly under the '/' .
Me too.

Quote:
Originally Posted by ongola
So many directories have been already created during the installation. You should just go to the right directories according to your target.
What's the right directory?

Thanks,
Eric
Reply With Quote
  #5  
Old 27th November 2007, 05:42 PM
Dies Offline
Registered User
 
Join Date: Oct 2006
Posts: 4,754
Quote:
Originally Posted by ongola
I think it's a bad idea to create a directory directly under the '/' .
Can you please explain why, or what difference you think it makes?


Sorry eric, not trying to hijack your thread, just curious.
Reply With Quote
  #6  
Old 27th November 2007, 06:56 PM
ongola Offline
Registered User
 
Join Date: Nov 2006
Location: Douala, Cameroon
Age: 32
Posts: 14
Quote:
Originally Posted by eric
1) /home is nfs-mounted. If joe builds sofware there, all read-write operations are performed across the network, which is slow. I want joe's build/install environment on the local hard disk.
2) /home is backed up. joe's build/install environment is huge and does not need to be backed up.
Well, i think that you can use the /opt directory and build necessary directories under it like /opt/lib,/opt/doc, /opt/include, /opt/bin, ... By using /opt , you can even insert soft links to file located under /usr/lib for example .
However, this is not the best advice as far i'm not an experienced user. I'm strongly convinced that you should use /home. Can't you create a subfolder in /home/joe and map it with your nfs-mounted partition ?
Quote:
Originally Posted by dies
Can you please explain why, or what difference you think it makes?
At least for one reason... Keep order in your room; respect of standards. Do you think that linux and open source would have been what you have today without standards ?
In addition, in my own case i found all the directories provided by the system fitted well my needs.
It's also a matter of security....
At last, you are the owner of the box and you are free to do want YOU want to do.
Reply With Quote
  #7  
Old 27th November 2007, 07:01 PM
Dies Offline
Registered User
 
Join Date: Oct 2006
Posts: 4,754
Quote:
Originally Posted by ongola
At least for one reason... Keep order in your room; respect of standards. Do you think that linux and open source would have been what you have today without standards ?
In addition, in my own case i found all the directories provided by the system fitted well my needs.
It's also a matter of security....
At last, you are the owner of the box and you are free to do want YOU want to do.
Hmm... not really the type of response I was hoping for.

But yeah, thanks anyways.
Reply With Quote
  #8  
Old 27th November 2007, 08:28 PM
Zero-Override Offline
Registered User
 
Join Date: May 2005
Posts: 741
Quote:
Originally Posted by ongola
At last, you are the owner of the box and you are free to do want YOU want to do.
this on it's own is one of the foremost reasons i love linux so much, I'M the f'ing admin and i want to be treated as such, if i say kill the process then i don't want it to care about what else relies on that process and then deny me my freaking rights, i want it to do what i told it to, to kill the process!!

i think that when they designed linux in general they finally thought about the user first instead of the system, in everything i have seen from linux the user is the king, i want something to look or act different, i can do that, if i don't want something present, i can delete it, hell, if i want to delete de entire / or /root while i'm still logged in... it won't even ask if i'm sure
__________________
LINUX NUMBER 389596
machine number 290131
Reply With Quote
Reply

Tags
create, dir, selinux, upsetting

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
selinux: hand tweaking policieand yum selinux-policy updates: overriden or perserved? mbiggerstaff Security and Privacy 2 20th January 2014 08:52 PM
SELinux: Create custom user mappings Sebanabeau Security and Privacy 3 8th February 2009 09:06 AM
Problem configuring SElinux using system-config-selinux GUI majdi Servers & Networking 0 6th September 2008 11:33 AM
Cannot create user with SELinux activated at install? legolas Installation, Upgrades and Live Media 4 9th November 2004 02:24 AM
Test 3 w7o selinux installed, though lotsa selinux during usage? gafami Fedora Core 2 Test Releases 7 15th May 2004 08:15 AM


Current GMT-time: 07:02 (Saturday, 25-10-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Setaka Photos - Fort Portal Photos on Instagram - Oldenzaal Instagram Photos