The apache module of SELinux has two similar boolean parameters: httpd_read_user_content
and httpd_enable_homedirs
.
Man page says the former allows httpd to read user content and the latter allow httpd to read home directories.
What is the difference between them?
Which parameter should I set true if I want to allow httpd to read files on /home/foo
directory?
Best Answer
httpd_read_user_content
allows any confined web server to read files in user home directories in/home
.httpd_enable_homedirs
allows Apache to use itsUserDir
directive (i.e. URLs that look likehttp://www.example.com/~username/
).If you are just mapping domain names to users' directories, it should be sufficient to enable the first one,
httpd_read_user_content
, but if you want to use Apache user directories, you should enable both.