On Monday 25 April 2005 18:24, Holger Burde <hburde(a)t-online.de&gt; wrote: > I run a FC3 System with the rawhide strict Policy. I have a cron script > (apache) that needs to read/write files under /var/www/ > { httpd_sys_content_t }. Any idea whats the best (= secure) way to do > so ? audit2allow suggests this : allow system_crond_t > httpd_sys_content_t:file write; - maybe there isa better solution? Cron jobs that deal with data from the net are a risk, potentially if an attacker controlled the remote data source they could make repeated attempts at manipulating the data to exploit your machine without you realising. Having a separate domain for the cron job may be best. But this would require writing more policy.