Bug 169584 - Tutorial does not currently cover security config. requirements
Summary: Tutorial does not currently cover security config. requirements
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora Documentation
Classification: Retired
Component: docs-requests
Version: devel
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Paul W. Frields
QA Contact: Karsten Wade
URL:
Whiteboard:
Depends On:
Blocks: 130125
TreeView+ depends on / blocked
 
Reported: 2005-09-29 21:00 UTC by Stuart Ellis
Modified: 2009-07-07 04:09 UTC (History)
2 users (show)

Fixed In Version: 0.37.1
Clone Of:
Environment:
Last Closed: 2005-11-27 15:38:05 UTC
Embargoed:


Attachments (Terms of Use)
Amends HTTP setup description (17.36 KB, patch)
2005-10-23 21:15 UTC, Stuart Ellis
no flags Details | Diff
Amends HTTP setup description (v.2) (6.98 KB, patch)
2005-11-09 00:09 UTC, Stuart Ellis
no flags Details | Diff

Description Stuart Ellis 2005-09-29 21:00:19 UTC
Description of problem:

By default, a Fedora server has both a firewall and SELinux enabled.
Enabling access to the file transfer/sharing service requires changing settings
on system-config-securitylevel. Depending on the root directory and services
involved, it may also require SELinux policy modifications for the facility to
work. 

Details may depend upon the default service or use cases - see also #169581 for
some comments on this.

Comment 1 Paul W. Frields 2005-10-12 22:21:56 UTC
I'm glad you filed this and #169581, because you made me remember how much I
hated the way this tutorial flowed the last time I looked at it.  It has
languished so long in CVS that much of it has become deprecated
(system-config-packages), and without s-c-p, there's really no longer any reason
to include NFS in the tutorial.  I am gutting that whole section to keep this
aligned with the "Just Use Yum(tm)" philosophy. :-)  Thanks for making me see
the light.

Comment 2 Paul W. Frields 2005-10-16 23:59:05 UTC
Please check this against the new beta 0.33 and let me know if the current text
seems to suffice.

Comment 3 Stuart Ellis 2005-10-23 21:15:47 UTC
Created attachment 120295 [details]
Amends HTTP setup description

Attached is a patch that corrects a couple of the commands, adds firewall
setup, and a note on SELinux.

Note that in order to allow for servers where Apache is already installed I've
split installing Apache and adding the configuration into separate sections.
This introduces an extra </section> tag later - which is why diff has all of
the createrepo and yum-arch sections as well. There are actually no changes to
the text in those sections in this patch.

Comment 4 Paul W. Frields 2005-11-01 21:34:45 UTC
Hmm, I get total failures when I try to apply this to the CVS version.  Can you
make sure your local copy is updated, and regenerate?  The version in CVS was
last changed 17 Oct 2005; it's not a conflict fortunately.

Comment 5 Stuart Ellis 2005-11-09 00:09:35 UTC
Created attachment 120829 [details]
Amends HTTP setup description (v.2)

OK, this amended patch applies cleanly to a fresh copy of the document from
CVS.

Comment 6 Paul W. Frields 2005-11-09 23:43:59 UTC
Thanks Stuart!  Keep in mind that you're free to change the NEEDINFO back to
ASSIGNED to make sure the bug turns up on the owner's list of assigned bugs.  I
made a few style edits and added an extra "su -c" where it was needed, otherwise
it looks good.  Pushed CVS to 0.35 and republished on site; I am going to ask
for this to go to final editorial (QA_READY) at this point since no one else has
brought up any shortcomings.

Comment 7 Stuart Ellis 2005-11-10 00:32:31 UTC
The reload line in section 3.2 should also use su -c, i.e.:

su -c '/sbin/service httpd reload'

Mea culpa.

Comment 8 Paul W. Frields 2005-11-27 15:38:05 UTC
All fixed in CVS, should be on web shortly as well.

Comment 9 eric 2009-07-07 04:09:11 UTC
Ticket moved to allow products to be removed from BZ.


Note You need to log in before you can comment on or make changes to this bug.