SELinux issue with FTP/Samba/Home directory

I am setting up my home camera to record to my NAS server (CentOS 8 Stream). I am using FTP for the transfer. I installed vsftpd and created a dedicated user (ftpuser). I want the files to be transferred to /data/recordings, which is also a Samba share: mynasrecordings.

When I set the destination for the FTP transfer from the camera’s UI it always assumes I am starting from the user’s home directory. So /data/recordings/camera1 becomes /home/ftpuser/data/recordings/camera1. There is no way to change this behavior.

As a workaround I changed ftpuser’s home directory to /data/recordings. This will only work if I set the label for the recordings folder to user_home_dir_t:

semanage fcontext -a -t user_home_dir_t /data/recordings
restorecon -F -R -v /data/recordings

The problem is that breaks the Samba share because the label was originally samba_share_t.

If I turn off SELinux everything works perfectly, so the issue is 100% the labeling of the folder.

I’ve done some googling and it looks like using a boolean might be the solution, but I can’t figure out which one to use. I’ve tried a couple, but nothing seems to make a difference. Any assistance would be great.


Asked By: psycadelicgecko


This should solve it without the need to change the security context of files:

sudo setsebool -P samba_export_all_ro=1
sudo setsebool -P samba_export_all_rw=1

(probably the second command alone is enough, I’ve not tested).

Answered By: Artem S. Tashkinov
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.