SElinux policy and write permissions in /www

Support for security such as Firewalls and securing linux
Post Reply
gokihar
Posts: 11
Joined: 2020/05/06 06:47:10

SElinux policy and write permissions in /www

Post by gokihar » 2020/05/29 11:42:22

I have a website where adding pictures works as :
- upload to special FTP
- from admin site I "Add pics to special% catalog"
(it moves pics from upload catalog , resize it and should upload it to specified folder in 3 subfolders with watermark added)
It looks like this :
/www/
/www/pics/
/www/pics/upload/
/www/pics/folder1/mini
/www/pics/folder1/normal
/www/pics/folder1/zoom
/www/pics/folder2/mini
etc.

I tryed :
semanage fcontext -a -t httpd_sys_rw_content_t "/path/to/www/pics(/.*)?"
restorecon -Rv /path/to/pics/

Unfortunally it does not work. Disable selinux makes it work.

User avatar
TrevorH
Forum Moderator
Posts: 29140
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SElinux policy and write permissions in /www

Post by TrevorH » 2020/05/29 12:03:03

CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

gokihar
Posts: 11
Joined: 2020/05/06 06:47:10

Re: SElinux policy and write permissions in /www

Post by gokihar » 2020/05/29 12:21:34

Thanks for response : looks like its working anyway.
Not sure why only reason I see is turn off/on selinux but it shouldn't change anything ?

User avatar
TrevorH
Forum Moderator
Posts: 29140
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SElinux policy and write permissions in /www

Post by TrevorH » 2020/05/29 15:28:00

If you literally "turned it off" as in disabled it, then yes, it probably does make a difference. I suspect that when you re-enable it after being disabled then it will run a full filesystem relabel which would correct any mislabled files that were present. OTOH, if you meant "turned it off" as in setenforce 0 and going permissive, then no, it should make no difference.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 8 - Security Support”