quinta-feira, outubro 27, 2005

CVS permission denied and SELinux issues

SELinux only adds an extra layer of security. You can see this extra layer with

ls -Z

SELinux has a default rule set in Fedora Core called "targeted" that has a set list of daemons (httpd, cvsd, bind, dhcp, etc etc) that require special security tags (like username:group permissions for users but this is for daemons) that you will find with 'ls -Z'. Understanding what SELinux is took me a while too, but I seem to grasp it well now.

In order to give your files in your cvs root the correct tags you will simply need to run

restorecon * -R

in your cvs root. This will assign the default security tag for the cvs daemon to each file and in all subdirectories.


About half way down this (http://www.siliconvalleyccie.com/linux-hn/apachebasic.htm) page you will find some general info about SElinux settings. It has helped me in the past with some of my problems. And most importantly, this (http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/rhlcommon-section-0068.html) page has a lot of good info to read up on!! Enjoy, it is powerful, but a very useful program for a server that is allowing remote conenctions (i.e. Web, and ftp services).


Nenhum comentário: