SElinux and squirrelmail (write access denied to a file with 777 permissions)
Daniel J Walsh
dwalsh at redhat.com
Wed Jul 13 14:59:26 UTC 2005
redhatdude at bellsouth.net wrote:
>>>>>>>
>>>>>> If you set the following does it fix the problem?
>>>>>> chcon -t httpd_squirrelmail_t /usr/share/squirrelmail/config/
>>>>>> config/ php (/etc/squirrelmail/config.php on my machine)
>>>>>>
>>>>>> Dan
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> Hey Dan
>>>>> What exactly would that do?
>>>>> EJ
>>>>>
>>>>>
>>>>>
>>>>>
>>>> It would then allow httpd to write to the file.
>>>>
>>>> httpd is allowed to write to httpd_squirrelmail_t files not to
>>>> usr_t files.
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>> So in case one day I decide to get rid of squirrelmail, how do I undo
>>> this?
>>>
>>
>> You don't need to. If you get rid of squirrelmail (by removing the
>> package), you'll have got rid of everything affected by this change.
>>
>> Changing the context of files is similar to changing their permissions;
>> removing a file will remove any trace of changes you made to its
>> permissions/context.
>>
>> Paul.
>
>
> Let's say I keep Squirrelmail but I don't want to use the
> functionality of writing to that config file with apache. How do I
> undo this? I just wanna give it a try and I'll probably want to
> revert the changes I made for SElinux.
> So what would be the opposite of chcon -t httpd_squirrelmail_t /usr/
> share/squirrelmail/config/config/ php to undo the changes it makes?
>
> Thanks
> EJ
>
You could use chcon to set it back to usr_t.
chcon -t usr_t ...
Or you could use restorecon which sets files back to the system default
restorecon /usr/share/...
--
More information about the fedora-list
mailing list