httpd newbie / access denied, no permission to ~userid

Paul Howarth paul at city-fan.org
Tue Aug 16 13:50:48 UTC 2005


Tim wrote:
> Tim:
> 
> 
>>>Really, how difficult would it have been for WORLD READABLE file
>>>permissions to be treated as such by SELinux?
> 
> 
> Rahul Sundaram wrote:
> 
> 
>>"world readable" is a DAC based permission model. SELinux is MAC based. 
>>see Fedora SELinux FAQ on this. The whole point of SELinux is to 
>>restrict operations based on the process above and top of the classic 
>>Linux permissions
> 
> 
> Be that as it may, it's counterintuitive:  Why should we have to set
> permissions in two different ways?  If we set something as world
> readable, let the system actually apply that setting (it should also set
> appropriate SELinux restrictions for you).
> 
> Owner permissions are one thing.  But setting something as world
> readable ought to be treated just as you intended.

You could take this argument further: any file with "world readable" 
permissions should automatically be readable via the local web server 
(an entry in httpd.conf should be made to allow it). After all, it's 
world readable. Does that make sense?

Paul.




More information about the fedora-list mailing list