nerdexam
ExamsCAS-002Questions#82
CompTIA

CAS-002 · Question #82

CAS-002 Question #82: Real Exam Question with Answer & Explanation

The correct answer is B: SELinux is preventing HTTP access to home directories.. SELinux mandatory access controls block the Apache httpd process from reading files located in user home directories by default, regardless of Apache's own configuration.

Question

An administrator implements a new PHP application into an existing website and discovers the newly added PHP pages do not work. The rest of the site also uses PHP and is functioning correctly. The administrator tested the new application on their personal workstation thoroughly before uploading to the server and did not run into any errors. Checking the Apache configuration file, the administrator verifies that the new virtual directory is added as listed: <VirtualHost *:80> DocumentRoot "/var/www" <Directory "/home/administrator/app"> AllowOveride none Order allow, deny Allow from all </Directory> </VirtualHost> Which of the following is MOST likely occurring so that this application does not run properly?

Options

  • APHP is overriding the Apache security settings.
  • BSELinux is preventing HTTP access to home directories.
  • CPHP has not been restarted since the additions were added.
  • DThe directory had an explicit allow statement rather than the implicit deny.

Explanation

SELinux mandatory access controls block the Apache httpd process from reading files located in user home directories by default, regardless of Apache's own configuration.

Common mistakes.

  • A. PHP operates as an Apache module or FastCGI process and does not override Apache's own security directives or directory access controls.
  • C. PHP processes files at request time and does not require a service restart when new PHP files are added to the filesystem.
  • D. The explicit Allow from all directive is valid Apache 2.2 syntax and, combined with Order allow,deny, correctly permits all access at the Apache layer.

Concept tested. SELinux httpd home directory access restriction

Reference. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-managing_confined_services-the_apache_http_server-booleans

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice