SELinux should be off by default in FC3

[Chris Adams]

Once upon a time, Kenneth Porter <shiva at sewingwitch.com> said:
> Does FTP support moving? If not, then the issue of not having shell access 
> goes away, because the user can't upload and then move.

Yes, FTP has a "rename" command (well, pair of commands actually, RNFR
<oldname> and then RNTO <newname>) that will move a file.  I think it
works like the rename() system call (i.e.  not across filesystems), but
I'm not sure (that may be FTP server specific).  I'm pretty sure that
the popular Windows FTP clients like WSFTP allow you to "drag and drop"
files from one directory to another on the server and use the rename
commands.  SFTP has the same issue (it has a rename command as well).

We sell web hosting, and believe me, customers will upload their files
to just about anywhere on the server they have write access (and they'll
try other places without knowing why).  Shared web hosting is a perfect
environment for SELinux, but this would be a killer.  Explaining that
their CGIs have to have execute permission is hard enough.

Also, as someone else mentioned, people do intentionally upload things
in one place (out of the web directory) and then move them into place
after the upload is complete.  This is especially common when uploading
a whole new version of a site.

I would love to say "use something else" or "only do it this way" but
that isn't practical as a web hosting seller.  If you tell customers
things like that, they go elsewhere.

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.