Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] apache problem

On Tue, Jan 08, 2019 at 06:44:59PM -0500, James Cassell wrote:
> Please don't disable SELinux.

Why?  Can you make a compelling case?

FWIW I typed a response to David's message last night but got
distracted and didn't send it.  It's now largely irrelevant, but
here's an excerpt that's not:


Though, TBH my money would be on SELinux being the problem.  I've long
ago come to the conclusion that it's just too complicated a solution,
and unless you're configuring services for an environment that
requires a very high level of security, you're better off just
disabling it outright.  It's caused me multiple days of head
scratching over the years, and I think it's mostly just more trouble
than it's worth outside of very specialized situations.

[I'm also largely of the opinion that if your system is otherwise
secure, extended ACLs of any sort are unnecessary, and Unix
permissions suffice just about always, excepting cases when you have a
very large number of users with a very large number of disparate
access needs to resources. And usually, even then.]


Nothing I've seen or read about in my ~25 years of managing Linux
systems has yet convinced me otherwise.

Derek D. Martin   GPG Key ID: 0xDFBEAD02
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /