On Thu, Dec 03, 2009 at 08:35:56PM -0800, David Highley wrote: > A common virtual web hosting set up would be a web root directory > location with the following sub directories: > ftp > logs > pages > pages/cgi-bin > > Under ftp you would have all that is needed for a chroot ftp sandbox. > Since each virtual host would be a different user and or company how > does one change sebool httpd_unified to off and get it all to work with > selinux? Well PHP needs httpd_unified but if you use CGI like perl or c or bash or whatever then basically you would set httpd_enable_cgi and httpd_builtin_scripting booleans. Then label the locations with a proper type. for example: # ftp: /srv/ftproot(/.*)? public_content_rw_t setsebool -P allow_ftpd_anon_write on (allow ftpd to write to /srv/ftproot setsebool -P allow_httpd_anon_write on (allow httpd to write to /srv/ftproot) (for php/httpd unified) setsebool -P allow_httpd_sys_script_anon_write on (allow httpd system cgi scripts to write to /srv/ftproot (other cgi) # logs /srv/www/logs(/.*)? httpd_sys_content_ra_t # static content /srv/www/html(/.*)? httpd_sys_content_t # cgi /srv/www/cgi-bin(/.*)? httpd_sys_script_exec_t The above is just an example. It may or may not be what you would want. > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Attachment:
pgpxmAy7TvBHG.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
