How gain access to DocumentRoot contents of Apache-httpd through a Web browser which is set to point to the Home folder of the User?
Daniel J Walsh
dwalsh at redhat.com
Mon Apr 18 19:14:48 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/16/2011 08:12 AM, Tim wrote:
> On Thu, 2011-04-14 at 11:12 +0100, Bryn M. Reeves wrote:
>> Heh, thought I might be out of date here.. I think that the correct
>> context for home directory web content is now httpd_user_content_t
>> (although I think httpd_sys_content_t still works - an SELinux expert
>> can probably explain exactly why that's wrong or a bad idea but it
>> certainly means there's no separation between user and system content
>> so the policy can't distinguish them ;).
>
> Not an expert opinion, but I can imagine that an auto re-label might
> change them to the expected contexts. Though I can't imagine that
> causing any problems.
>
That is true, but only important if you are using confined users. If
your users are logging in as unconfined_t then they can read and write
httpd_sys_content_t. If you turn on confined users, then you would want
them labeled httpd_user_content_t.
If you run restorecon -R -v -F ~/public_content, it should change the
labels to the default.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2sjagACgkQrlYvE4MpobMRLwCfbIATjr5vf4GbSwV/DanzNrJS
2GgAnjZyMVkob1MZlZvadkkD7foBOLS6
=Mqit
-----END PGP SIGNATURE-----
More information about the users
mailing list