[CentOS] SELinux context for web application directories
m.roth at 5-cent.us
m.roth at 5-cent.us
Mon Jun 30 18:40:05 UTC 2014
Not sure if this got through - nixspam was being aggravating, so I'm
reposting.
James B. Byrne wrote:
> CentOS-6.5
> We deploy web applications written with the Ruby on Rails framework
using Capistrano (2.x). Each 'family' of web applications are 'owned' by
a dedicated user id. The present httpd service is Apache 2.2.15 and we
use Passenger 3.0.11. We are moving shortly to a new deployment host and
at
that
> time we will be updating to Apache 2.4.9 and Passenger 4..0.25.
> Our deployment practice is to place the 'family' directory under
/var/data/.
> This is the home directory of the application user id. We place each
individual web application or component into its own directory
underneath the
> family root. So that things look like this:
passenger_exec_t, etc.
<http://linuxmanpages.net/manpages/fedora17/man8/passenger_selinux.8.html>
And if you google anything else, note: DO NOT USE CHCON; it does *NOT*
remain following a reboot. Use semanage fcontext (and the manpage example
is what I use all the time), followed by a restorecon -Rv
mark
More information about the CentOS
mailing list