NYCPHP Meetup

NYPHP.org

[mambo] selinux mambo gotcha

DeWitt, Michael mjdewitt at alexcommgrp.com
Mon Feb 28 10:20:02 EST 2005 

Mitch,

SElinux is a mystery to me in terms of how to tune it.  From what I have
read, it is very sophisticated (and complicated).  There were some comments
I read about the inclusion of Selinux in Fedora, and it seems that more and
more of the Fedora distro will be locked down by it in the future.  That
seems pretty clear in just looking at the differences between FC1-FC3. 

For now I just turned it off, but I need to figure out how to get it working
right for a public webserver. I think it is valuable, but I have to find the
time to get into it.

I did have to spend some time figuring out where Mambo wanted to be
installed as it wasn't clear to me from the tutorials that the webroot is
where it expected itself to be installed.  I think it was the INSTALL doc
which seemed to make it clear that this is the right place for a (web
based?) install.  I had originally intended to run Mambo from a subdirectory
and so lost some time with that. 

Ultimately to resolve my issue, I grabbed the write test function out of
installation/index.php (God bless PHP!), and played with that when it became
painfully obvious that process/owner/directory permissions didn't seem to
make any difference for any directory I tested through it.  This finally
gave me a clue as to the Google search I needed to resolve the permissions
issue.

This week I should have some time to play with Mambo and try out some stuff.
One of the things missing for me (at least from what you showed in your
presentation) was the lack of a third level of user permissions, i.e.,
subscriber (public, registered, subscriber--IP address and cookie based).
Perhaps this is something coming down the road in V5?

Mike



> -----Original Message-----
> From:	Mitch Pirtle [SMTP:mitch.pirtle at gmail.com]
> Sent:	Friday, February 25, 2005 5:56 PM
> To:	NYPHP SIG: Mambo
> Subject:	Re: [mambo] selinux mambo gotcha
> 
> 
> You know, I intentionally went over to the Fedora booth at LinuxWorld
> to get a DVD of FC3 just so I could play with the SELinux kernel
> stuff. And your email tells me this is going to be a recurring
> issue...
> 
> Time to look at how the rest of the LAMP applications manage
> installation on SELinux-enabled systems, especially with the different
> profiles available. Thanks for the warning, and sorry to hear it cost
> you so much time!
> 
> -- Mitch
> _______________________________________________
> New to Mambo? Get a great start here:
> http://forum.mamboserver.com/showthread.php?t=26144
> 
> New York PHP SIG: Mambo Mailing List
> AMP Technology
> Supporting Apache, MySQL, PHP & Mambo!
> http://lists.nyphp.org/mailman/listinfo/mambo
> http://www.nyphp.org

More information about the Joomla mailing list