On Wed, Jan 09, 2019 at 04:43:04PM -0500, Rich Pieri wrote:
> It makes no sense to have SELinux running on my web server machine. It
> accomplishes nothing not already accomplished innately by the
> infrastructure. It increases complexity which means more opportunity
> for mistakes or bugs to
On Wed, 9 Jan 2019 20:58:38 +
"Anderson, Charles R" wrote:
> It can prevent specific applications (process security contexts) from
> binding to specific sockets/ports, either for inbound or outbound
> connections. External firewalls cannot do that to my knowledge.
Not as such but it's not
On Wed, Jan 09, 2019 at 01:55:25PM -0600, Derek Martin wrote:
> On Wed, Jan 09, 2019 at 07:20:29PM +, Anderson, Charles R wrote:
> > It can harden a system against attack from without for example by
> > preventing sockets from being bound, similar to iptables.
>
> It can not do this on a
On Wed, Jan 9, 2019, at 2:55 PM, Derek Martin wrote:
> On Wed, Jan 09, 2019 at 07:20:29PM +, Anderson, Charles R wrote:
[...]
> > There is already a rich set of access controls defined for the SELinux
> > targeted policy that most people use, and is the default
> > out-of-the-box config on
On Wed, 9 Jan 2019 19:20:29 +
"Anderson, Charles R" wrote:
> Neither does "chmod -R a+rwx /" or running everything as root grant
> anyone any access if they don't have a login to the system. Do you
> recommend everyone should do that (or perhaps "chmod -R 777
> ~/public_html" which was a
On Wed, Jan 09, 2019 at 07:20:29PM +, Anderson, Charles R wrote:
> It can harden a system against attack from without for example by
> preventing sockets from being bound, similar to iptables.
It can not do this on a system that is running public services--the
sockets for such are necessarily
On Wed, Jan 09, 2019 at 01:42:08PM -0500, Rich Pieri wrote:
> On Wed, 9 Jan 2019 17:45:55 +
> "Anderson, Charles R" wrote:
>
> > Over the years some misinformed people have suggested "fixing"
> > permissions by doing this (or variations), but it is not recommended:
> >
> > chmod -R a+rwx /
On Wed, Jan 09, 2019 at 05:45:55PM +, Anderson, Charles R wrote:
> On Wed, Jan 09, 2019 at 10:49:51AM -0600, Derek Martin wrote:
> > On Tue, Jan 08, 2019 at 06:44:59PM -0500, James Cassell wrote:
> > > Please don't disable SELinux.
> >
> > Why? Can you make a compelling case?
>
> I'll try.
On Wed, 9 Jan 2019 17:45:55 +
"Anderson, Charles R" wrote:
> Over the years some misinformed people have suggested "fixing"
> permissions by doing this (or variations), but it is not recommended:
>
> chmod -R a+rwx /
>
> Disabling SELinux is in the same vein.
Crap. Disabling SELinux does
On Wed, Jan 09, 2019 at 10:49:51AM -0600, Derek Martin wrote:
> On Tue, Jan 08, 2019 at 06:44:59PM -0500, James Cassell wrote:
> > Please don't disable SELinux.
>
> Why? Can you make a compelling case?
I'll try.
Over the years some misinformed people have suggested "fixing"
permissions by
On Tue, Jan 08, 2019 at 06:44:59PM -0500, James Cassell wrote:
> Please don't disable SELinux.
Why? Can you make a compelling case?
FWIW I typed a response to David's message last night but got
distracted and didn't send it. It's now largely irrelevant, but
here's an excerpt that's not:
On Tue, Jan 8, 2019, at 6:06 PM, dan moylan wrote:
>
> derek martin writes:
> > On Fri, Jan 04, 2019 at 05:01:37PM -0500, dan moylan wrote:
> >> newly installed fc29 from scratch on my laptop -- apache
> >> appears to be running ok. chrome displays
> >> localhost/welcome.htm just fine, but when
derek martin writes:
> On Fri, Jan 04, 2019 at 05:01:37PM -0500, dan moylan wrote:
>> newly installed fc29 from scratch on my laptop -- apache
>> appears to be running ok. chrome displays
>> localhost/welcome.htm just fine, but when i try
>> localhost/moylan/welcome.htm, where welcome.htm is in
Setting up a Document root of your home directory sounds like an very
bad idea to me. Maybe a subdirectory under it if you can make the files
readable by the Apache user...
On 1/8/19 5:36 PM, Derek Martin wrote:
On Fri, Jan 04, 2019 at 05:01:37PM -0500, dan moylan wrote:
newly installed
On Fri, Jan 04, 2019 at 05:01:37PM -0500, dan moylan wrote:
> newly installed fc29 from scratch on my laptop -- apache
> appears to be running ok. chrome displays
> localhost/welcome.htm just fine, but when i try
> localhost/moylan/welcome.htm, where welcome.htm is in
> /home/moylan/www, i get:
dan moylan wrote:
>
> > If that doesn't work, try (as root or via sudo):
> > a2enmod userdir
>
> hmmm -- that appears to be a debianism. what does it do?
>
apache2 enable module "userdir" - links
/etc/apache2/modules-available/userdir to
/etc/apache2/modules-enabled/userdir
-dsr-
> On Fri, Jan 4, 2019 at 5:01 PM dan moylan wrote:
>> newly installed fc29 from scratch on my laptop -- apache
>> appears to be running ok. chrome displays
>> localhost/welcome.htm just fine, but when i try
>> localhost/moylan/welcome.htm, where welcome.htm is in
>> /home/moylan/www, i get:
Sorry, meant to reply to the list:
Just been through similar issues myself:
Try
localhost/~moylan/welcome.htm
If that doesn't work, try (as root or via sudo):
a2enmod userdir
HTH
Theo Ruegsegger
On Fri, Jan 4, 2019 at 5:01 PM dan moylan wrote:
>
> newly installed fc29 from scratch on my
on behalf of dan
moylan
Date: Friday, January 4, 2019 at 5:01 PM
To: "discuss@blu.org"
Cc: betty moylan
Subject: [Discuss] apache problem
newly installed fc29 from scratch on my laptop -- apache
appears to be running ok. chrome displays
localhost/welcome.htm just fine, but when i try
It’s probably the web server trying to navigate into /home/*
Put the link in the other direction and try it
-Original Message-
From: Discuss on behalf of dan
moylan
Date: Friday, January 4, 2019 at 5:01 PM
To: "discuss@blu.org"
Cc: betty moylan
Subject: [Discuss] apac
newly installed fc29 from scratch on my laptop -- apache
appears to be running ok. chrome displays
localhost/welcome.htm just fine, but when i try
localhost/moylan/welcome.htm, where welcome.htm is in
/home/moylan/www, i get: "you don't have permission to
access localhost/moylan/welcome.htm on
21 matches
Mail list logo
