 |
 |
 |
 |
| Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits. |
27th November 2007, 02:41 PM
|
|
Registered User
|
|
Join Date: Mar 2004
Posts: 9
|
|
|
How To Create Dir Without Upsetting SELinux?
Hello,
I need to create a directory that is not under /home and that is read-write accessible to a non-privileged user. Can someone please tell me where on the filesystem I should put this directory, and how I should label it, so that SELinux doesn't complain?
Let's call the user joe. I tried creating /joe and chown-ing it to joe. joe goes there and builds software which is installed to a subdirectory of /joe. This kicks off various warning bells in SeLinux.
The initial SELinux warnings related to having a directory with a default label under /. Without understanding what I'm doing I tried relabeling /joe from default_t to usr_t, that let to other warnings. An example of a current error message, when joe does 'make install', with the target directory a subdirectory of /joe, SELinux says "SELinux is preventing /sbin/ldconfig (ldconfig_t) "read" to (usr_t)."
I don't want to get into the guts of SELinux or do anything fancy. I just want a directory somewhere on the filesystem other than /home where joe can read/write without triggering SELinux warnings. Where should this directory go and how should it be labelled?
Many Thanks,
Eric
|
27th November 2007, 02:58 PM
|
|
Registered User
|
|
Join Date: May 2005
Posts: 741
|
|
|
well the problem with installing things is that it installs stuff system-wide, to convert it to a windows situation, if i install a music program it will put several stuff in /windows/system32 to operate, same goes for any other program
you could try installing stuff with a prefix maybe?
__________________
LINUX NUMBER 389596
machine number 290131
|
27th November 2007, 03:10 PM
|
|
Registered User
|
|
Join Date: Nov 2006
Location: Douala, Cameroon
Age: 30
Posts: 14
|
|
Hello eric,
i'll just try to give you some advices...
First of all, what exactly do you want to do ? why do you need a directory for joe outside /home ?
I suggest that you read a bit this document on the linux filesystem hierarchy . You'll have a better understanding of the way directories are labelled and their roles (in any linux distribution you may have).
I think it's a bad idea to create a directory directly under the '/' . So many directories have been already created during the installation. You should just go to the right directories according to your target.
|
27th November 2007, 03:55 PM
|
|
Registered User
|
|
Join Date: Mar 2004
Posts: 9
|
|
Hi ongola,
Many thanks for getting back to me.
Quote:
|
Originally Posted by ongola
First of all, what exactly do you want to do ?
|
I want to provide a directory under which joe can build and install software.
Quote:
|
Originally Posted by ongola
why do you need a directory for joe outside /home ?
|
1) /home is nfs-mounted. If joe builds sofware there, all read-write operations are performed across the network, which is slow. I want joe's build/install environment on the local hard disk.
2) /home is backed up. joe's build/install environment is huge and does not need to be backed up.
Quote:
|
Originally Posted by ongola
I suggest that you read a bit this document on the linux filesystem hierarchy . You'll have a better understanding of the way directories are labelled and their roles (in any linux distribution you may have). |
I'm already familiar with that info.
Quote:
|
Originally Posted by ongola
I think it's a bad idea to create a directory directly under the '/' .
|
Me too.
Quote:
|
Originally Posted by ongola
So many directories have been already created during the installation. You should just go to the right directories according to your target.
|
What's the right directory?
Thanks,
Eric
|
27th November 2007, 05:42 PM
|
|
Registered User
|
|
Join Date: Oct 2006
Posts: 4,752
|
|
Quote:
|
Originally Posted by ongola
I think it's a bad idea to create a directory directly under the '/' .
|
Can you please explain why, or what difference you think it makes?
Sorry eric, not trying to hijack your thread, just curious. 
|
27th November 2007, 06:56 PM
|
|
Registered User
|
|
Join Date: Nov 2006
Location: Douala, Cameroon
Age: 30
Posts: 14
|
|
Quote:
|
Originally Posted by eric
1) /home is nfs-mounted. If joe builds sofware there, all read-write operations are performed across the network, which is slow. I want joe's build/install environment on the local hard disk.
2) /home is backed up. joe's build/install environment is huge and does not need to be backed up.
|
Well, i think that you can use the /opt directory and build necessary directories under it like /opt/lib,/opt/doc, /opt/include, /opt/bin, ... By using /opt , you can even insert soft links to file located under /usr/lib for example .
However, this is not the best advice as far i'm not an experienced user. I'm strongly convinced that you should use /home. Can't you create a subfolder in /home/joe and map it with your nfs-mounted partition ?
Quote:
|
Originally Posted by dies
Can you please explain why, or what difference you think it makes?
|
At least for one reason... Keep order in your room; respect of standards. Do you think that linux and open source would have been what you have today without standards ?
In addition, in my own case i found all the directories provided by the system fitted well my needs.
It's also a matter of security....
At last, you are the owner of the box and you are free to do want YOU want to do. 
|
27th November 2007, 07:01 PM
|
|
Registered User
|
|
Join Date: Oct 2006
Posts: 4,752
|
|
Quote:
|
Originally Posted by ongola
At least for one reason... Keep order in your room; respect of standards. Do you think that linux and open source would have been what you have today without standards ?
In addition, in my own case i found all the directories provided by the system fitted well my needs.
It's also a matter of security....
At last, you are the owner of the box and you are free to do want YOU want to do. |
Hmm... not really the type of response I was hoping for.
But yeah, thanks anyways.
|
27th November 2007, 08:28 PM
|
|
Registered User
|
|
Join Date: May 2005
Posts: 741
|
|
Quote:
|
Originally Posted by ongola
At last, you are the owner of the box and you are free to do want YOU want to do. |
this on it's own is one of the foremost reasons i love linux so much, I'M the f'ing admin and i want to be treated as such, if i say kill the process then i don't want it to care about what else relies on that process and then deny me my freaking rights, i want it to do what i told it to, to kill the process!!
i think that when they designed linux in general they finally thought about the user first instead of the system, in everything i have seen from linux the user is the king, i want something to look or act different, i can do that, if i don't want something present, i can delete it, hell, if i want to delete de entire / or /root while i'm still logged in... it won't even ask if i'm sure 
__________________
LINUX NUMBER 389596
machine number 290131
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
Current GMT-time: 12:34 (Saturday, 25-05-2013)
|
|
 |
 |
 |
 |
|
|
