Bug 169584 - Tutorial does not currently cover security config. requirements
Tutorial does not currently cover security config. requirements
Product: Fedora Documentation
Classification: Fedora
Component: docs-requests (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Paul W. Frields
Karsten Wade
Depends On:
Blocks: 130125
  Show dependency treegraph
Reported: 2005-09-29 17:00 EDT by Stuart Ellis
Modified: 2009-07-07 00:09 EDT (History)
2 users (show)

See Also:
Fixed In Version: 0.37.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-11-27 10:38:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Amends HTTP setup description (17.36 KB, patch)
2005-10-23 17:15 EDT, Stuart Ellis
no flags Details | Diff
Amends HTTP setup description (v.2) (6.98 KB, patch)
2005-11-08 19:09 EST, Stuart Ellis
no flags Details | Diff

  None (edit)
Description Stuart Ellis 2005-09-29 17:00:19 EDT
Description of problem:

By default, a Fedora server has both a firewall and SELinux enabled.
Enabling access to the file transfer/sharing service requires changing settings
on system-config-securitylevel. Depending on the root directory and services
involved, it may also require SELinux policy modifications for the facility to

Details may depend upon the default service or use cases - see also #169581 for
some comments on this.
Comment 1 Paul W. Frields 2005-10-12 18:21:56 EDT
I'm glad you filed this and #169581, because you made me remember how much I
hated the way this tutorial flowed the last time I looked at it.  It has
languished so long in CVS that much of it has become deprecated
(system-config-packages), and without s-c-p, there's really no longer any reason
to include NFS in the tutorial.  I am gutting that whole section to keep this
aligned with the "Just Use Yum(tm)" philosophy. :-)  Thanks for making me see
the light.
Comment 2 Paul W. Frields 2005-10-16 19:59:05 EDT
Please check this against the new beta 0.33 and let me know if the current text
seems to suffice.
Comment 3 Stuart Ellis 2005-10-23 17:15:47 EDT
Created attachment 120295 [details]
Amends HTTP setup description

Attached is a patch that corrects a couple of the commands, adds firewall
setup, and a note on SELinux.

Note that in order to allow for servers where Apache is already installed I've
split installing Apache and adding the configuration into separate sections.
This introduces an extra </section> tag later - which is why diff has all of
the createrepo and yum-arch sections as well. There are actually no changes to
the text in those sections in this patch.
Comment 4 Paul W. Frields 2005-11-01 16:34:45 EST
Hmm, I get total failures when I try to apply this to the CVS version.  Can you
make sure your local copy is updated, and regenerate?  The version in CVS was
last changed 17 Oct 2005; it's not a conflict fortunately.
Comment 5 Stuart Ellis 2005-11-08 19:09:35 EST
Created attachment 120829 [details]
Amends HTTP setup description (v.2)

OK, this amended patch applies cleanly to a fresh copy of the document from
Comment 6 Paul W. Frields 2005-11-09 18:43:59 EST
Thanks Stuart!  Keep in mind that you're free to change the NEEDINFO back to
ASSIGNED to make sure the bug turns up on the owner's list of assigned bugs.  I
made a few style edits and added an extra "su -c" where it was needed, otherwise
it looks good.  Pushed CVS to 0.35 and republished on site; I am going to ask
for this to go to final editorial (QA_READY) at this point since no one else has
brought up any shortcomings.
Comment 7 Stuart Ellis 2005-11-09 19:32:31 EST
The reload line in section 3.2 should also use su -c, i.e.:

su -c '/sbin/service httpd reload'

Mea culpa.
Comment 8 Paul W. Frields 2005-11-27 10:38:05 EST
All fixed in CVS, should be on web shortly as well.
Comment 9 eric@christensenplace.us 2009-07-07 00:09:11 EDT
Ticket moved to allow products to be removed from BZ.

Note You need to log in before you can comment on or make changes to this bug.