SELinux issue with FTP/Samba/Home directory
I am setting up my home camera to record to my NAS server (CentOS 8 Stream). I am using FTP for the transfer. I installed vsftpd and created a dedicated user (ftpuser). I want the files to be transferred to /data/recordings, which is also a Samba share: mynasrecordings.
When I set the destination for the FTP transfer from the camera’s UI it always assumes I am starting from the user’s home directory. So /data/recordings/camera1 becomes /home/ftpuser/data/recordings/camera1. There is no way to change this behavior.
As a workaround I changed ftpuser’s home directory to /data/recordings. This will only work if I set the label for the recordings folder to user_home_dir_t:
semanage fcontext -a -t user_home_dir_t /data/recordings restorecon -F -R -v /data/recordings
The problem is that breaks the Samba share because the label was originally samba_share_t.
If I turn off SELinux everything works perfectly, so the issue is 100% the labeling of the folder.
I’ve done some googling and it looks like using a boolean might be the solution, but I can’t figure out which one to use. I’ve tried a couple, but nothing seems to make a difference. Any assistance would be great.
This should solve it without the need to change the security context of files:
sudo setsebool -P samba_export_all_ro=1 sudo setsebool -P samba_export_all_rw=1
(probably the second command alone is enough, I’ve not tested).