[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux should be off by default in FC3



On Wed, 2004-10-06 at 16:24 -0700, Nathan Grennan wrote:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127900
> 
>   I reported the bug in at the url above, and was told it was because I
> needed to relabel the file. I just moved it from /home/user
> to /var/www/html.

You can copy instead of moving, that will cause the newly created file
to inherit the target directory's security context.

>  I don't think it is reasonable to have to relabel
> every time a file is moved around to work around possible problems with
> SELinux. 

It's a good thing that a bit of work is required to expose your personal
data to the web server.

> This could be especially bad with web servers where the users
> only have ftp access. They upload files and move them around, but don't
> have the ability to run the commands necessary to relabel. 

If you upload via FTP directly to the web site, then it will Just Work.
If you upload to your home directory and then rename to the website
directory (which seems rather odd to me), then yes, you will need to
relabel.  And normal users can do this, just run:

chcon -t httpd_user_content_t filename

> Hence I
> believe even SELinux targeted should be off by default in FC3,

You can disable SELinux protection just for Apache if you like, run
system-config-securitylevel.

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]