[CentOS] httpd and krb5.conf
Doug Koobs
dkoobs at dkoobs.comThu May 19 12:02:16 UTC 2005
- Previous message: [CentOS] httpd and krb5.conf
- Next message: [CentOS] httpd and krb5.conf
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Aleksandar Milivojevic said: > I've noticed that SELinux blocks httpd (standard CentOS httpd, simply > installed from RPM) from writing to krb5.conf file. Question. Why on > earth would httpd need write access to krb5.conf file?! Sure, it might > need read access if it is configured to use Kerberos for authentication, > but write!? I mean, web server that modifies one of the critical files > (which is used for authentication/authorization)? > _______________________________________________ Allow me to display my ignorance of all thing SELinux: SELinux is suppossed to restrict services and programs from performing actions that they don't have a need to be doing. Since httpd has no reason to to write to the krb5.conf file, SELinux restricts it. Kind of like a "Need to Know" policy. If you're not familar with Mandatory Access Control, read up on it; I think that is what SELinux is about. Doug
- Previous message: [CentOS] httpd and krb5.conf
- Next message: [CentOS] httpd and krb5.conf
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list