[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Allowing a apache to access a user folder by using semanage
- From: Stephen Smalley <sds tycho nsa gov>
- To: Josef Meile <jmeile hotmail com>
- Cc: fedora-selinux-list redhat com
- Subject: Re: Allowing a apache to access a user folder by using semanage
- Date: Thu, 10 May 2007 08:18:25 -0400
On Wed, 2007-05-09 at 23:16 +0200, Josef Meile wrote:
> > Ok, then is httpd_sys_content_t the right one? I solve it as follows:
> >
> > semanage fcontext -a -t httpd_t "/home/zopeuser/data(/.*)?"
> > chcon -R -t httpd_sys_content_t /home/zopeuser/data
> >
> > It works now, but is it the correct way?
>
> A small correction there. It should be
> semanage fcontext -a -t httpd_t "/home/zopeuser/data(/.*)?"
> chcon -R -t httpd_sys_content_t /home/zopeuser
>
> If you don't give access to the user's root directory, then apache will
> still fail.
The semanage command should also use httpd_sys_content_t, and you should
run restorecon -R /home/zopeuser/data after the semanage command rather
than using chcon. semanage adds the entry to the system's
file_contexts.local mapping, and restorecon then consults the system's
file contexts files to determine the right context to apply.
Do you really want to allow apache to fully access the user's home
directory? If you just want to allow search access so that it can
traverse the user home directory to reach the data subdirectory, there
should be a boolean (httpd_enable_homedirs) that you can enable.
--
Stephen Smalley
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]