[Typo3-linux] Access denied!
Michael Stucki
michael at typo3.org
Sun Oct 9 01:34:32 CEST 2005
Hi Dimitri,
>> BTW, I wonder why you ask everybody if he uses SELinux? I really have no
>> clue about it but I think that someone who uses this system is aware that
>> he is running it. I don't think that these people would need help to set
>> up their Apache... :-)
>
> Well, out of my personal experience this may not be as obvious as you
> would think. SELinux is now installed by default both on RHEL/CentOS
> and Fedoras. What it does is that in addition to regular Unix
> permission scheme (owner-group-everybody / rwxt) it adds the concept
> of "file context". Context defines what a particular _process_ can do
> with the files, no matter who's the file owner and what user/grp the
> process runs as. It adds "Z" option to your ls, as well as chcon for
> files (in addition to chmod, chown and chgrp).
>
> So, for example, if you take stock Fedora and place Typo3 core
> anywhere outside /var/www, even if you assign all permissions
> correctly you are stuck with "access denied" messages in
> /var/log/httpd/error_log. It took me a couple of hours until I
> accidentally (for other reasons) looked in /var/log/messages that had
> SELinux "deny" messages.
That's interesting! Thanks for the information, I didn't know that Fedora
uses it by default.
Should we update the manual? Do you have some description for what is needed
to prevent these problems?
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-linux
mailing list