On Thu, 2004-10-07 at 00:06 -0400, Colin Walters wrote: > You can copy instead of moving, that will cause the newly created file > to inherit the target directory's security context. > So the move command is obsolete, and all users will figure this out and accept it? > It's a good thing that a bit of work is required to expose your personal > data to the web server. It should be obvious that I am exposing it when I move it to /var/www/html. > If you upload via FTP directly to the web site, then it will Just Work. > If you upload to your home directory and then rename to the website > directory (which seems rather odd to me), then yes, you will need to > relabel. And normal users can do this, just run: > I have seen users accidentally upload data to /home/user, instead of /home/public_html and then move it. A user may also want to upload big files like isos before a release to /home/user, and then move them into /home/user/public_html when the time is right. Users will do all kinds of things you can think of doing. > You can disable SELinux protection just for Apache if you like, run > system-config-securitylevel. So it is good to be broken out of the box? This is also just one case with one service. I am sure many more such problems will come up. I think that SELinux should be more transparent to the user before becoming the default.
