Re: httpd newbie / access denied, no permission to ~userid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: httpd newbie / access denied, no permission to ~userid
From: Paul Howarth <paul@xxxxxxxxxxxx>
Date: Tue, 16 Aug 2005 14:50:48 +0100
In-reply-to: <[email protected]>
List-archive: <https://www.redhat.com/archives/fedora-list>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.6-1.1.fc4 (X11/20050720)

Tim wrote:

Tim:

Really, how difficult would it have been for WORLD READABLE file
permissions to be treated as such by SELinux?



Rahul Sundaram wrote:

"world readable" is a DAC based permission model. SELinux is MAC based.see Fedora SELinux FAQ on this. The whole point of SELinux is torestrict operations based on the process above and top of the classicLinux permissions



Be that as it may, it's counterintuitive:  Why should we have to set
permissions in two different ways?  If we set something as world
readable, let the system actually apply that setting (it should also set
appropriate SELinux restrictions for you).

Owner permissions are one thing.  But setting something as world
readable ought to be treated just as you intended.

You could take this argument further: any file with "world readable"permissions should automatically be readable via the local web server(an entry in httpd.conf should be made to allow it). After all, it'sworld readable. Does that make sense?


Paul.

Follow-Ups:
- Re: httpd newbie / access denied, no permission to ~userid
  - From: Tim

References:
- httpd newbie / access denied, no permission to ~userid
  - From: Joel Smith
- Re: httpd newbie / access denied, no permission to ~userid
  - From: Tim
- Re: httpd newbie / access denied, no permission to ~userid
  - From: Paul Howarth
- Re: httpd newbie / access denied, no permission to ~userid
  - From: Tim
- Re: httpd newbie / access denied, no permission to ~userid
  - From: Rahul Sundaram
- Re: httpd newbie / access denied, no permission to ~userid
  - From: Tim
- Re: httpd newbie / access denied, no permission to ~userid
  - From: Rahul Sundaram
- Re: httpd newbie / access denied, no permission to ~userid
  - From: Tim

Prev by Date: how to link helpblocks application to gtk application
Next by Date: Re: Network
Previous by thread: Re: httpd newbie / access denied, no permission to ~userid
Next by thread: Re: httpd newbie / access denied, no permission to ~userid
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]