link SELinux Boolean Changes For Apache and PHP← Back

With my new CentOS 6 web server I’ve decided I want to leave SELinux switched on if I can get everything configured correctly. In the past I’ve always switched it off but a little extra protection is always preferable.

I store my web apps under separate users and publish them from within the user’s homedir so I needed to change the following SELinux booleans.

setsebool -P httpd_enable_homedirs on
setsebool -P httpd_can_sendmail on
setsebool -P ftp_home_dir on 

If Apache is on a different server to your SQL DB you will also need

setsebool -P httpd_can_network_connect_db on 

Comments

There are no comments


Post a comment