[Cialug] apache security question
Jeff Chapin
chapinjeff at gmail.com
Thu Jul 3 16:56:16 CDT 2008
Jeffrey Ollie wrote:
> On Wed, Jul 2, 2008 at 2:59 PM, Jeff Chapin <chapinjeff at gmail.com> wrote:
>
>> chris wrote:
>>
>>> | You can fix selinux labels by running "restorecon -vr /var/www/html"
>>> | as root. It should output a message if it has to change anything.
>>>
>>> Thank you very much for that tip. I'll add it to our factoid on the
>>> 403/selinux issue.
>>>
>>>
>> Is there a reason for this? or should it be something that gets corrected at
>> 'mv' time? I never dealt too much with selinux.
>>
>
> It's the same reason that when you 'mv' a file the ownership,
> modification times, and unix permission bits get preserved. When you
> 'cp' a file the ownership, modification times and permission bits all
> get reset to the defaults.
>
> Jeff
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
Interestingly, that never occurred to me. I guess I have always viewed
selinux as a directory level thing -- this is my documentRoot for
apache, it gets such and such permissions, etc...
I think part of that is the divide between selinux permissions and
'classic' permissions. If the selinux permissions showed up in ls -la,
for instance, it would seem a little more harmonious... And I would use
it much more, as I tend to forget about it.
Jeff
More information about the Cialug
mailing list