|Summary:||write access to user's public_html directory|
|Product:||[Fedora] Fedora Documentation||Reporter:||Mark Drago <markdrago>|
|Component:||selinux-apache||Assignee:||Chad Sellers <csellers>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Tammy Fox <tammy.c.fox>|
|Fixed In Version:||1.5.6||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2006-04-28 22:03:40 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Mark Drago 2004-11-17 20:25:18 UTC
Description of problem: I have a php web application that uses sqlite. The program lives in my $HOME/public_html/ directory. The sqlite database file is in this directory. So, I need to allow apache to write to the $HOME/public_html directory in order have it update the database. I used the selinux-apache document to get as far as I did, but this inability to write to the public_html directory caused me to set selinux to 'warn' only. This is probably something that would fit well in this document.
Comment 1 Tammy Fox 2004-11-23 21:11:28 UTC
I'm assigning this to Karsten since he is working with Colin on this document.
Comment 2 Colin Walters 2004-11-23 23:54:27 UTC
PHP kind of throws a wrench into our original design; because it runs in-process, it requires httpd_t to have direct write access to httpd_sys_content_t, etc. See: http://www.redhat.com/archives/fedora-selinux-list/2004-November/msg00097.html
Comment 3 Karsten Wade 2005-12-28 00:56:33 UTC
Does this need an FAQ entry for FC4 or FC5? Reassigning, please evaluate for usage, or close as WONTFIX. Thanks.
Comment 4 Chad Sellers 2006-04-20 18:08:58 UTC
With strict policy, this will require a policy change, as there is no type that allows apache/php write access as well as user_t. For targeted, this can get httpd_sys_script_rw_t, just like the other php script FAQ (possibly merged), and the user in unconfined_t can still access it.
Comment 5 Chad Sellers 2006-04-20 20:09:56 UTC
Addressed in cvs