Questions about Apache and SELinux context inheritance
Daniel J Walsh
dwalsh at redhat.com
Thu Mar 17 19:35:27 UTC 2005
Ivan Gyurdiev wrote:
>>So my questions are fourfold:
>>
>>o How can one cause the correct httpd_user_content_t type to be
>>automatically assigned to user public_html directories (and
>>subdirectories)?
>>
>>
>
>Not possible. Put the folder in /etc/skel with the correct context.
>Maybe this should be done by default in Fedora, or maybe not.
>
>
>>o How can one cause the correct httpd_user_content_t type to be
>>automatically assigned to user content (files) in user public_html
>>directores?
>>
>>
>
>Possible w/ file_type_auto_trans rule.
>Will investigate...
>
>
>
>>o Why are files initially receiving a user context of user_u rather
>>than system_u ?
>>
>>
>
>This is normal - the user part of the context is set to the user who
>created the file - no problem here.
>
>
>
>>And one file, slightly unrelated question:
>>
>>o When I installed this server and restored user data to it, the user
>>context on all the files was set to root rather than user_u (and why
>>not system_u?). I've reset everything to the correct user context
>>with chcon, but I'd like to know why this happened.
>>
>>
>
>Because you restored the context as root, probably.
>The user is set to whoever operates on the file.
>
>
>
Adduser in rawhide and test1 now creates files with the "right" context
when it creates the skel.
So if you put a public_html directory in /etc/skel. It should get
created with the correct context.
Dan
--
More information about the fedora-selinux-list
mailing list