SCIENTIFIC-LINUX-USERS Archives

May 2007

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: selinux and permissions
From:
Jan Iven <[log in to unmask]>
Reply To:
Jan Iven <[log in to unmask]>
Date:
Wed, 30 May 2007 14:54:55 +0200
Content-Type:
text/plain
Parts/Attachments:
text/plain (18 lines) 
On 05/30/2007 02:10 PM, Michael H. Semcheski wrote:
> nota bene: I had to turn off selinux' monitoring httpd to get user 
> directories (ie, www.this.edu/~mike). <http://www.this.edu/~mike).>..

if you can label the user directories to be served (i.e. ext3 or 
NFS-with-ACLs), you might want to just use

  setsebool -P httpd_enable_homedirs 1
  chcon -R -t httpd_sys_content_t ~user/public_html

(straight from  "man httpd_selinux", albeit on SL4. Should also work on 5)

Given that install-and-forget web scripts (CGI/PHP/..) seem to be a 
popular infection vector nowadays..

Regards
jan

ATOM RSS1 RSS2