[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

selinux equivalent of umask or setuid bit



Just like the people who rsh as root into another system, I understand that in many situations you wouldn't want something like this, but hypothetically supposing you did...

 

If there is a directory in your system, and you want all new files created in that directory to inherit the context type of the parent folder, is there a way to do that?  Something like the selinux equivalent of the setgid bit?

or...

If you are going to do something a moment from now which will create some files, and you want them to be created with a specific context type, is there a way to do that?  Something like the selinux equivalent of umask?

 

The situation is this:  I'm supporting a web hosting company who uses drupal, and they're constantly adding & removing plugins via drush.  Since this is a non-OS-specific application, it doesn't know anything about how it should set the context on files it creates.  Fortunately, (!) my client has been hacked before, so they're extremely cautious when it comes to ignoring selinux practices.  They are manually changing the context of all these files, which is tedious.  But at least they're doing it.

 

I'm hoping for a better way, and since my knowledge is pretty much limited to the light saber book, I don't recall any mention of anything like this.

 

Thanks for any suggestions...

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux

Google
  Web www.spinics.net