Allow Apache/Lighttpd/Nginx to access content inside an NTFS partition behind SELinux

I stumbled upon this problem because in my dual-boot laptop I keep 3 main partitions:

50 GiB for my linux distro.

50 GiB for my Windows installation.

And all remaining space (about 400 GiB) for files and stuff.

I like to keep it this way for ease of management, in case of trouble I just format → reinstall without having to make an extensive backup, or no backup at all.

As you may assume, all my projects are inside my "stuff" partition (formatted as NTFS, beacuse of windows).

Then I installed my web server with NGINX and MySQL (MariaDB) and PHP support (thanks to http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-lemp-on-fedora-19).

With previous installations of Fedora, I used to completely disable selinux, but this time I tried to do things the right way, keeping it enabled; for ease of development I also used to place links inside the html/ directory (where all the web stuff is located) towards the projects I was working in (which were inside my "stuff" partition), but things didn't work this time.

Why? you may ask, well it's because selinux, as the protector it is, didn't let the web server to access anything inside my partition, and since NTFS directories do not support SELinux labels at all, the only 3 ways to go were:

1. Migrate all my projects inside the html/ folder, thus having to use Geany with root privileges and having to backup them everytime something with my distro went wrong, and with the risk of forgetting to backup them as well (silly me).
2. Mount the partition with the context option "httpd_sys_content_t" and anything a normal mount needs, by editing the fstab file.
3. Just telling SELinux that an httpd server can access content inside an NTFS partition (which is accessed via fuse).

Well, the two last ones were the most viable so this is the right procedure to do both:

#1 Mounting the NTFS partition with the "httpd_sys_content_t" context label:

Add the "context=system_u:object_r:httpd_sys_content_t" to the end of the "options" string of the fstab entry of the filesystem you want to use, example:

1.- Open /etc/fstab with the editor of your choice (mine is mousepad) with root privileges, of course:

Opening the /etc/fstab file

2.- Look for the fstab entry of your filesystem:

Locating the "options" string inside fstab

3.- Add "context=system_u:object_r:httpd_sys_content_t" (without quotes) to the end of the "options" string, located at the end of the filesystem entry (just before two numbers), it's a comma separated list:

Adding the "context" option with the "httpd_sys_content_t" parameter

4.- Save and reboot, or you can unmount → mount the partition again, it's now mounted with the new options.

#2 Telling SELinux to let web servers access another partitions

1.- Open a console and issue this command:

setsebool -P httpd_use_fusefs 1

2.- Done! Now any websever can access content inside any mounted partition via fuse, dont forget to add the -P option to make it persistent across reboots, otherwise SELinux will block access again.

You can always disable these two settings by either removing the option string from the fstab file or issuing the same command with a 0 instead.

Remember that SELinux is another layer of security added to your system, and since it's safe to disable it, it could save you someday, you never know.

Have a great day! ;)