Re: httpd newbie / access denied, no permission to ~userid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim wrote:
Tim:


Really, how difficult would it have been for WORLD READABLE file
permissions to be treated as such by SELinux?


Rahul Sundaram wrote:


"world readable" is a DAC based permission model. SELinux is MAC based. see Fedora SELinux FAQ on this. The whole point of SELinux is to restrict operations based on the process above and top of the classic Linux permissions


Be that as it may, it's counterintuitive:  Why should we have to set
permissions in two different ways?  If we set something as world
readable, let the system actually apply that setting (it should also set
appropriate SELinux restrictions for you).

Owner permissions are one thing.  But setting something as world
readable ought to be treated just as you intended.

You could take this argument further: any file with "world readable" permissions should automatically be readable via the local web server (an entry in httpd.conf should be made to allow it). After all, it's world readable. Does that make sense?

Paul.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux