httpd newbie / access denied, no permission to ~userid

[Tim]

Tim:

>> But perhaps I should be more explicit:  If, *I* set something as world
>> readable, apart from I feel that it ought to do precisely what I just
>> set it as, why cannot the system also be able to set the appropriate
>> SELinux restrictions at the same time?


Rahul Sundaram wrote:

> A good question.  This goes back to the fundamental concept of SELinux. 
> Its based on objects ( read it as processes for simplicity). The 
> traditional form of Linux security is based on users. Users can set 
> their files to world readable and it becomes "world readable". This can 
> be a potential security issue.

In what way, though?  A user can only modify their own files, or others
made available to them.  An ordinary user can't make the passwords file
available to other people, though.

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.