On Fri, 31 Jul 2009, Ned Slider wrote:
Boris Epstein wrote:
I found an even simplier solution - disabled SELinux. I've got a firewall and that is plenty.
Wow, not sure I'd place all my faith in a firewall.
There is an SELinux tutorial on the Wiki that explicitly covers how to handle Apache serving content outside of DocumentRoot:
Is this why DBD::SQLite broke under mod_perl recently in CentOS?
I.e. Apache process is accessing an sqlite file that is outside the docroot. This is how it should be.
Conf perms (allow/deny) only secure what files you can access by calling them up with a uri mapping. They don't apply to what files a script or handler can access; any of these processes running as user apache can access any files that user could access on the system.
Unless selinux is interfereing. Is that what's going on?
Help?
Mark