Disabling SELinux is it secure?
Jay Paulson
jpaulson at sedl.org
Thu Mar 3 15:57:02 UTC 2005
I've been running into several problems setting up FC3 and Apache. The
bulk of my problems are the file permissions. If I create a 'www'
group so that more than one person can edit files on a web site I run
into the following problems.
I create the following directories as root
/var/www/test
/var/www/test/html
/var/www/test/cgi-bin
/var/www/test/logs
I then chown -R root.www /var/www/test
Next I chgrp -R www /var/www/test/html
Finally I chmod -R 775 /var/www/test
After all of this I connect via sftp using Dreamweaver with the user
'user1' who is in group 'www' and I put an index.htm file. I then do a
ls -l command on the /var/www/test/html directory to see the
permissions on the file. The is chmod'ed 664 and chown'ed user1.user1.
Obviously this isn't good for user2 to edit the file and upload it as
you get a permissions error.
The umask is set to 0002 for users that log in and 0022 for the root
user. If I set the permissions to chmod 2775 /var/www/test/html the
permissions seem to work fine when user1 and user2 try to edit the same
file etc. However, Apache doesn't like this since it's unsecure and I
get a 403 Forbidden error.
My goal (if it's possible) is to have a group of users be able to edit
the same file of a site and have Apache still work and not get a 403
Forbidden error.
The only thing I haven't tried is to disable SELinux. Would that fix
my problem? Are there any other things I can try?
Thanks for any help!
jay
More information about the users
mailing list