--- In lucknow-lug@yahoogroups.com, "monsterisback" <vidurmittal@...>
wrote:
>
> From exam point of perspective you should enable SELinux otherwise all
> of our questions will be treated as incorrect. Yes you should apply
> the correct boolean.
> f.e. you enable share a directory using samba then you have to apply
> the correct boolean so that samba can access it. you can copy the
> SELinux permissions from the smb.conf to the directory using the
> following command
> chcon -R --reference=/etc/samba/smb.conf /path/of/the/share
>
>
>
> --- In lucknow-lug@yahoogroups.com, Prem Chand <pcy1988@> wrote:
> >
> > plz suggest me some tips about RHCE exam. what we should keep
remember.
> > ************************************************************
> > in perspective of RHCE exam.
> > suppose we have enabled the SELinux and we solve a question. but the
> question�require to apply the correct boolean for proper working
> > but it is not mentioned in the ques. to apply the the boolean. then
> what should we do ? should we apply the boolean or not.���
��� ��� ���
> ��� ��� ��� ��� ��� ���
��� ��� ���
> >
>
Yes Vidur has given a correct hint, suppose you have configured your
apache in a way that a user of your server can share his web pages in
~user/public_html directory then without setting correct boolean of
~user/public_html directory a client will see a forbidden message.
So we have to set the correct boolean value same as of our default
apache DocumentRoot "/var/www/html"
this can be achieved with the command
'chcon -R -v --reference=relevant_file /path/to/our/file-dir'

chcon -R -v --reference=/var/www/html/index.html ~anuj/public_html/
context of /home/anuj/public_html/ retained as
system_u:object_r:httpd_sys_content_t
context of /home/anuj/public_html//index.html retained as
system_u:object_r:httpd_sys_content_t




Different types of boolean values:

[root@anuj ~]# ls -lZ /etc/samba/smb.conf
-rw-r--r-- root root system_u:object_r:samba_etc_t /etc/samba/smb.conf
[root@anuj ~]# ls -lZ /etc/httpd/conf/httpd.conf
-rw-r--r-- root root system_u:object_r:httpd_config_t
/etc/httpd/conf/httpd.conf
[root@anuj ~]# ls -lZ /var/ftp/
drwxr-xr-x root root system_u:object_r:public_content_t pub



Example configuration of apache on RHEL5 to enable user webpages
(/etc/httpd/conf/httpd.conf)
Find the following lines:
----------------------------------------
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
#UserDir disable

#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
UserDir public_html

</IfModule>
--------------------------------------------------------------------
Also do a chmod 755 ~user

I hope this can provide you some basic of SELinux handling.
In case of some doubt with above example you can ask again. Try and
tell us if you face any problem.

Anuj Singh