[CentOS] Forbidden: can't access *.html files in /var/www/html

Ben McGinnes ben at adversary.org
Wed Sep 29 14:00:29 EDT 2010


On 30/09/10 3:21 AM, Simon Billis wrote:
> 
> You can use "setenforce 0" without the quotes to disable selinux from the
> command line till next reboot or until you issue "setenforce 1" - this is
> useful for testing as is looking at /var/log/audit/audit.log and also using
> commands such as audit2why and audit2allow (I strongly recommend reading at
> least the man pages and also such websites as
> http://www.nsa.gov/research/selinux/docs.shtml (google selinux))

In addition to that URL, this document (which I didn't see listed,
probably due to the publication date) looks very useful:

http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

I'd second reading as much as possible on SELinux before diving into it,
as there are more than a few gotchas.  Especially when enabling and
disabling it and knowing when a reboot is necessary when enabling or
re-enabling it.


Regards,
Ben


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.centos.org/pipermail/centos/attachments/20100930/2fcea12a/attachment.bin 


More information about the CentOS mailing list