50.2.3. Managing NFS Home Directories
In Red Hat Enterprise Linux 5, most targeted daemons do not interact with user data and are not affected by NFS-mounted home directories. One exception is the Apache HTTP Server. For example, CGI scripts that are on the mounted file system have the
nfs_t type, which is not a type that httpd_t is allowed to execute.
If you are having problems with the default type of
nfs_t, try mounting the home directories with a different context:
mount -t nfs -o context=user_u:object_r:user_home_dir_t \fileserver.example.com:/shared/homes/ /home
Warning
Section 50.2.9, “Specifying the Security Context of Entire File Systems” explains how to mount a directory so that
httpd can execute scripts. If you do this for user home directories, it gives the Apache HTTP Server increased access to those directories. Remember that a mountpoint label applies to the entire mounted file system.
Future versions of the SELinux policy address the functionality of NFS.
