http AVC

Tony Molloy tony.molloy at ul.ie
Thu Dec 2 17:44:48 UTC 2010


On Thursday 02 December 2010 17:37:54 m.roth at 5-cent.us wrote:
> Tony Molloy wrote:
> > On Thursday 02 December 2010 15:56:59 m.roth at 5-cent.us wrote:
> >> Daniel J Walsh wrote:
> >> > On 12/02/2010 09:35 AM, Tony Molloy wrote:
> >> >> Hi,
> >> >> 
> >> >> I'm running http on a fully updated Centos 5 system.
> >> >> 
> >> >> httpd-2.2.3-43.el5.centos.3.x86_64
> >> >> selinux-policy-2.4.6-279.el5_5.2.noarch
> >> >> selinux-policy-targeted-2.4.6-279.el5_5.2.noarch
> >> >> 
> >> >> I'm trying to run a cgi script from a user directory.
> >> 
> >> <MVNCH>
> >> 
> >> > Do you have httpd_suexec_disable_trans turned on?
> >> 
> >> Actually, what bothers me is trying to run a .cgi from a user's
> >> directory. Can't you create a directory ->under the apache
> 
> <Directory><- that the
> 
> >> users can put scripts in for testing? (I assume that once they're good,
> >> they go into the real production location for .cgi.)
> > 
> > Not so easily done ;-)
> > 
> > This is a University environment with several hundred faculty/students
> > wanting to use this server to run/check assignments. So they have ftp
> 
> accounts
> 
> > where they can upload any scripts to their public_html directory and run
> 
> them
> 
> > from there.
> 
> I figured it was something like that. What I was thinking was
> 
>    /var/www/html/public_cgi/<students' directories>
> which would put them in a *legitimate* place for apache to be happy with,
> and which selinux would be happy with.
> 
> You *might* need to add them to a group named something like pubcgi, and
> make the above group acceptable to selinux and apache.
> 
>      mark

Interesting idea. I could give it a try next semester.

Thanks,

Tony
> 
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20101202/307b8cfd/attachment.html 


More information about the selinux mailing list