What is the difference between httpd_read_user_content and httpd_enable_homedirs?

Tsutomu asked:

The apache module of SELinux has two similar boolean parameters: httpd_read_user_content and httpd_enable_homedirs.

Man page says the former allows httpd to read user content and the latter allow httpd to read home directories.

What is the difference between them?

Which parameter should I set true if I want to allow httpd to read files on /home/foo directory?

My answer:

httpd_read_user_content allows any confined web server to read files in user home directories in /home.

httpd_enable_homedirs allows Apache to use its UserDir directive (i.e. URLs that look like http://www.example.com/~username/).

If you are just mapping domain names to users’ directories, it should be sufficient to enable the first one, httpd_read_user_content, but if you want to use Apache user directories, you should enable both.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.