Red Hat Bugzilla – Bug 169584
Tutorial does not currently cover security config. requirements
Last modified: 2009-07-07 00:09:11 EDT
Description of problem:
By default, a Fedora server has both a firewall and SELinux enabled.
Enabling access to the file transfer/sharing service requires changing settings
on system-config-securitylevel. Depending on the root directory and services
involved, it may also require SELinux policy modifications for the facility to
Details may depend upon the default service or use cases - see also #169581 for
some comments on this.
I'm glad you filed this and #169581, because you made me remember how much I
hated the way this tutorial flowed the last time I looked at it. It has
languished so long in CVS that much of it has become deprecated
(system-config-packages), and without s-c-p, there's really no longer any reason
to include NFS in the tutorial. I am gutting that whole section to keep this
aligned with the "Just Use Yum(tm)" philosophy. :-) Thanks for making me see
Please check this against the new beta 0.33 and let me know if the current text
seems to suffice.
Created attachment 120295 [details]
Amends HTTP setup description
Attached is a patch that corrects a couple of the commands, adds firewall
setup, and a note on SELinux.
Note that in order to allow for servers where Apache is already installed I've
split installing Apache and adding the configuration into separate sections.
This introduces an extra </section> tag later - which is why diff has all of
the createrepo and yum-arch sections as well. There are actually no changes to
the text in those sections in this patch.
Hmm, I get total failures when I try to apply this to the CVS version. Can you
make sure your local copy is updated, and regenerate? The version in CVS was
last changed 17 Oct 2005; it's not a conflict fortunately.
Created attachment 120829 [details]
Amends HTTP setup description (v.2)
OK, this amended patch applies cleanly to a fresh copy of the document from
Thanks Stuart! Keep in mind that you're free to change the NEEDINFO back to
ASSIGNED to make sure the bug turns up on the owner's list of assigned bugs. I
made a few style edits and added an extra "su -c" where it was needed, otherwise
it looks good. Pushed CVS to 0.35 and republished on site; I am going to ask
for this to go to final editorial (QA_READY) at this point since no one else has
brought up any shortcomings.
The reload line in section 3.2 should also use su -c, i.e.:
su -c '/sbin/service httpd reload'
All fixed in CVS, should be on web shortly as well.
Ticket moved to allow products to be removed from BZ.