SElinux and squirrelmail (write access denied to a file with 777 permissions)
Daniel J Walsh
dwalsh at redhat.com
Wed Jul 13 10:27:28 UTC 2005
Paul Howarth wrote:
>On Tue, 2005-07-12 at 23:37 -0400, redhatdude at bellsouth.net wrote:
>
>
>>>>>>
>>>>>>
>>>>>>
>>>>>If you set the following does it fix the problem?
>>>>>chcon -t httpd_squirrelmail_t /usr/share/squirrelmail/config/
>>>>>config/ php (/etc/squirrelmail/config.php on my machine)
>>>>>
>>>>>Dan
>>>>>
>>>>>
>>>>>
>>>>>
>>>>Hey Dan
>>>>What exactly would that do?
>>>>EJ
>>>>
>>>>
>>>>
>>>>
>>>>
>>>It would then allow httpd to write to the file.
>>>
>>>httpd is allowed to write to httpd_squirrelmail_t files not to
>>>usr_t files.
>>>
>>>
>>>
>>>
>>
>>So in case one day I decide to get rid of squirrelmail, how do I undo
>>this?
>>
>>
>
>You don't need to. If you get rid of squirrelmail (by removing the
>package), you'll have got rid of everything affected by this change.
>
>Changing the context of files is similar to changing their permissions;
>removing a file will remove any trace of changes you made to its
>permissions/context.
>
>Paul.
>
>
BTW, if this works. I will change Fedora policy to match this, and it
will happen automatically.
Dan
--
More information about the fedora-list
mailing list