[SELinux] http_sys_content vs user_t policy for web cms

Support for security such as Firewalls and securing linux
Post Reply
bryn1u
Posts: 40
Joined: 2010/04/09 15:38:07
Contact:

[SELinux] http_sys_content vs user_t policy for web cms

Post by bryn1u » 2018/06/27 11:54:25

Hey guys,

I want to install wordpress cms and wondering what way will be better. Should i use httpd_sys_content_t for /var/www/domain/public_html or install cms to the /home/user with user_t domain. What will be better solution of security ?

Thanks,

pjsr2
Posts: 614
Joined: 2014/03/27 20:11:07

Re: [SELinux] http_sys_content vs user_t policy for web cms

Post by pjsr2 » 2018/06/28 13:53:34

You should install it under the directory /var/www/html
When you extract a tar archive in or copy the files to this directory, they will receive automatically the proper selinux context.
Note that you should not move the files to the /var/www/html directory, since the selinux context will be retained when you move a file and you may end up with the wrong selinux context.

Files should be owned by the user apache and have apache as the group.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: [SELinux] http_sys_content vs user_t policy for web cms

Post by TrevorH » 2018/06/28 16:51:33

Wordpress is also packaged in EPEL and is currently 4.9.6 which is the current version so it appears to get patched in a timely manner.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply