On Thu, 2005-01-09 at 07:53 +0100, Paul Howarth wrote: > On Wed, 2005-08-31 at 22:23 -0700, CHAT KHODA wrote: > > Dear friends, > > As you know new versions of fedora are comming with > > SELinux feature.I wonder to know whether it is a good > > idea to enable this feature on a web-mail server or > > not? .Somebody advised me ;this feature will cause > > disturbing circumstances,but I wish to know if you > > have any comment. > > A web/mail server is exactly the type of application that SELinux works > well with. You may have difficulty at first understanding it (read > http://fedora.redhat.com/docs/selinux-apache-fc3/ for a good start) but > it's worth the effort. Beware that SELinux is designed to provide a higher level of security than the standard file system and access controls built in to the applications. More specifically if you have anything that uses sendmail directly rather than using SMTP you will have problems. If possible configure you PHP, PERL or other software to use SMTP on localhost rather than using sendmail directly, it will save you some headaches. Overall I have only had few problems with RHEL4 and FC3 with SELinux enabled, and most were simple to work around, and left the system more secure in the process.