- Code: Select all
This works, (folliowng the scheme /home/siteusername/www); however, since the OJS working directory should not be WWW accessible, but only accessible to the Apache web server, it is necessary to specify, during the installation, a directory outside of /home/siteusername/www and give it a security context of httpd_sys_content_t (with chcon -t httpd_sys_content_t working_docs_directory). So this means adding a rule to the local securty context of the site, so that a restorecon -v -R /home/siteusername doesn't wipe out this setting.
It's likely that OJS sites will want to adopt the intelligence agency level of security provided by selinux, if this is available. This raises the question of configuring OJS installation security contexts. Setting chmod 777 for directories such as images/custom and images/article images is less than optimal.
Is anyone else concerned with OJS under selinux?