What is the difference between httpd_read_user_content and httpd_enable_homedirs?

Tsutomu asked:

The apache module of SELinux has two similar boolean parameters: httpd_read_user_content and httpd_enable_homedirs.

Man page says the former allows httpd to read user content and the latter allow httpd to read home directories.

What is the difference between them?

Which parameter should I set true if I want to allow httpd to read files on /home/foo directory?

My answer:

httpd_read_user_content allows any confined web server to read files in user home directories in /home.

httpd_enable_homedirs allows Apache to use its UserDir directive (i.e. URLs that look like http://www.example.com/~username/).

If you are just mapping domain names to users’ directories, it should be sufficient to enable the first one, httpd_read_user_content, but if you want to use Apache user directories, you should enable both.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.