Re: httpd newbie / access denied, no permission to ~userid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2005-08-16 at 08:39, Tim wrote:

> > "world readable" is a DAC based permission model. SELinux is MAC based. 
> > see Fedora SELinux FAQ on this. The whole point of SELinux is to 
> > restrict operations based on the process above and top of the classic 
> > Linux permissions
> 
> Be that as it may, it's counterintuitive:  Why should we have to set
> permissions in two different ways?

If you don't want two different security checks you can disable
SELinux and run the way unix systems have for decades.

> If we set something as world
> readable, let the system actually apply that setting (it should also set
> appropriate SELinux restrictions for you).

'Appropriate' SELinux relate to the process involved, not the files so
this is impossible.

> Owner permissions are one thing.  But setting something as world
> readable ought to be treated just as you intended.

It is.  If you run SELinux it means you intend for it to add the
SELinux access controls in addition to the file based ones.  If
that isn't what you want, disable it (and reboot...).

-- 
  Les Mikesell
   lesmikesell@xxxxxxxxx



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux