[mdlug] Apache and Config for files outside of www dir

[Evan Carew]

Jonathan,

I think you've got it. Since I'm developing, and only accessing the
server from localhost, security isn't a concern. I suspect that there
are a lot of use cases for developers just like this, where the
developer simply gives up because he/she can't make it work out of the
box. I nearly gave up on FC linux in this case. For reasons related to
PPtP, I may be switching to Ubuntu anyway as their implementation works
much better than the FC equivalent. If Ubuntu gives me the same amount
of trouble as I got from FC11, I may be switching to Mac some time in 2011.

Evan

On 08/26/2010 08:39 AM, Jonathan Billings wrote:
> On Wed, Aug 25, 2010 at 08:28:42AM -0400, Evan Carew wrote:
>   
>> ... I had trouble getting my new FC11 laptop config to work ...
>>     
> Since you mentioned Fedora, I suspect the thing you were getting hung
> up with was SELinux.  Fedora releases Apache and SELinux
> configurations that are pretty locked down, denying the httpd
> processes to read files, execute binaries and bind to ports outside of
> a specific context.  This really helps secure the system, but at the
> cost of confusing people who have been running web servers for a long
> time.  Most likely, by moving the files into NFS, you changed the
> SELinux attributes of the files you were reading to type nfs_t, which
> means you probably have enabled http->nfs access, so the SELinux
> boolean had httpd_use_nfs --> on.  Check out the getsebool and
> setsebool man pages.
>
> Unfortunately, a lot of people simply turn off SELinux when they
> encounter it, which is unfortunate, because it can really save your
> bacon if someone discovers a way to make your web server divulge
> information it's not intended.  SELinux is powerful, but there has yet
> to be a particularly user-friendly interface.
>
>