Red Hat Bugzilla – Bug 169584
Tutorial does not currently cover security config. requirements
Last modified: 2009-07-07 00:09:11 EDT
Description of problem: By default, a Fedora server has both a firewall and SELinux enabled. Enabling access to the file transfer/sharing service requires changing settings on system-config-securitylevel. Depending on the root directory and services involved, it may also require SELinux policy modifications for the facility to work. Details may depend upon the default service or use cases - see also #169581 for some comments on this.
I'm glad you filed this and #169581, because you made me remember how much I hated the way this tutorial flowed the last time I looked at it. It has languished so long in CVS that much of it has become deprecated (system-config-packages), and without s-c-p, there's really no longer any reason to include NFS in the tutorial. I am gutting that whole section to keep this aligned with the "Just Use Yum(tm)" philosophy. :-) Thanks for making me see the light.
Please check this against the new beta 0.33 and let me know if the current text seems to suffice.
Created attachment 120295 [details] Amends HTTP setup description Attached is a patch that corrects a couple of the commands, adds firewall setup, and a note on SELinux. Note that in order to allow for servers where Apache is already installed I've split installing Apache and adding the configuration into separate sections. This introduces an extra </section> tag later - which is why diff has all of the createrepo and yum-arch sections as well. There are actually no changes to the text in those sections in this patch.
Hmm, I get total failures when I try to apply this to the CVS version. Can you make sure your local copy is updated, and regenerate? The version in CVS was last changed 17 Oct 2005; it's not a conflict fortunately.
Created attachment 120829 [details] Amends HTTP setup description (v.2) OK, this amended patch applies cleanly to a fresh copy of the document from CVS.
Thanks Stuart! Keep in mind that you're free to change the NEEDINFO back to ASSIGNED to make sure the bug turns up on the owner's list of assigned bugs. I made a few style edits and added an extra "su -c" where it was needed, otherwise it looks good. Pushed CVS to 0.35 and republished on site; I am going to ask for this to go to final editorial (QA_READY) at this point since no one else has brought up any shortcomings.
The reload line in section 3.2 should also use su -c, i.e.: su -c '/sbin/service httpd reload' Mea culpa.
All fixed in CVS, should be on web shortly as well.
Ticket moved to allow products to be removed from BZ.