[mdlug] Apache and Config for files outside of www dir
Jonathan Billings
billings at negate.org
Thu Aug 26 08:39:56 EDT 2010
On Wed, Aug 25, 2010 at 08:28:42AM -0400, Evan Carew wrote:
> ... I had trouble getting my new FC11 laptop config to work ...
Since you mentioned Fedora, I suspect the thing you were getting hung
up with was SELinux. Fedora releases Apache and SELinux
configurations that are pretty locked down, denying the httpd
processes to read files, execute binaries and bind to ports outside of
a specific context. This really helps secure the system, but at the
cost of confusing people who have been running web servers for a long
time. Most likely, by moving the files into NFS, you changed the
SELinux attributes of the files you were reading to type nfs_t, which
means you probably have enabled http->nfs access, so the SELinux
boolean had httpd_use_nfs --> on. Check out the getsebool and
setsebool man pages.
Unfortunately, a lot of people simply turn off SELinux when they
encounter it, which is unfortunate, because it can really save your
bacon if someone discovers a way to make your web server divulge
information it's not intended. SELinux is powerful, but there has yet
to be a particularly user-friendly interface.
--
Jonathan Billings <billings at negate.org>
More information about the mdlug
mailing list