Re: http AVC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday 02 December 2010 17:37:54 m.roth@xxxxxxxxx wrote:

> Tony Molloy wrote:

> > On Thursday 02 December 2010 15:56:59 m.roth@xxxxxxxxx wrote:

> >> Daniel J Walsh wrote:

> >> > On 12/02/2010 09:35 AM, Tony Molloy wrote:

> >> >> Hi,

> >> >>

> >> >> I'm running http on a fully updated Centos 5 system.

> >> >>

> >> >> httpd-2.2.3-43.el5.centos.3.x86_64

> >> >> selinux-policy-2.4.6-279.el5_5.2.noarch

> >> >> selinux-policy-targeted-2.4.6-279.el5_5.2.noarch

> >> >>

> >> >> I'm trying to run a cgi script from a user directory.

> >>

> >> <MVNCH>

> >>

> >> > Do you have httpd_suexec_disable_trans turned on?

> >>

> >> Actually, what bothers me is trying to run a .cgi from a user's

> >> directory. Can't you create a directory ->under the apache

>

> <Directory><- that the

>

> >> users can put scripts in for testing? (I assume that once they're good,

> >> they go into the real production location for .cgi.)

> >

> > Not so easily done ;-)

> >

> > This is a University environment with several hundred faculty/students

> > wanting to use this server to run/check assignments. So they have ftp

>

> accounts

>

> > where they can upload any scripts to their public_html directory and run

>

> them

>

> > from there.

>

> I figured it was something like that. What I was thinking was

>

> /var/www/html/public_cgi/<students' directories>

> which would put them in a *legitimate* place for apache to be happy with,

> and which selinux would be happy with.

>

> You *might* need to add them to a group named something like pubcgi, and

> make the above group acceptable to selinux and apache.

>

> mark

Interesting idea. I could give it a try next semester.

Thanks,

Tony

>

> --

> selinux mailing list

> selinux@xxxxxxxxxxxxxxxxxxxxxxx

> https://admin.fedoraproject.org/mailman/listinfo/selinux

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux