Re: httpd newbie / access denied, no permission to ~userid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim:

>> Most likely, almost certainly SELinux issues.  I agree with anyone else
>> suggesting this reason.  There's a FAQ about that on the Fedora website,
>> as already mentioned.

Paul Howarth:

> Rather than disabling SELinux though, it would be better to first read 
> "man httpd_selinux" and see if that suggests a fix for the problem, such as:

I think the FAQ offers that advice, and I'd probably go along with it.
Though, if you want to do anything fancy, I think SELinux is to immature
to try and work with.

For instance, I'd tried using some CGI (and other languages) scripts to
do various things, such as show a man page in the browser.  To do so
with SELinux would require changing lots of permissions in various
places.  It's tedious to do, and not intuitive (there's some damn awful
labelling involved with SELinux).

I'd far rather that SELinux and Apache restrictions were more flexible
about reading files (when I make something world-readable, that ought to
be the end of it), but for it to still be very harsh about restricting
the writing of data.  I can't see a way to do that.

I feel that SELinux and firewalls are a bit of a scam.  You're hoping
that some third object will protect you against a flaw in what you're
using (Apache, for instance), instead of properly fixing whatever you're
using.  I can see this going the Windows way of software authors relying
on that, and not getting their act together.

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux