CentOS 5.6: Apache access permission after .htaccess upload

Question

I was working on my home server remotely and wanted to make some changes to my .htaccess. I could not see this files using my FTP(filezilla) and thought there was none there. I decided to upload one I had in my computer to my server in public_html and although the upload was successful per FZ, this file is not listed anywhere, even when I physically access the server.

It looks like it is being hidden. The main problem is that after this, now I get the following error message and cannot access my test site:

You don't have permission to access / on this server.

If I access my server and DISABLE SELINUX or make it PERMISSIVE, my pages start working as normal. If I make it ENFORCING my webpage becomes unavailable and I see the error listed above.

Questions:

1. First of all, how can I make this .htaccess visible in a CentOS 5.6 system?
2. What is the difference between ENFORCING and PERMISSIVE?
3. Will I run into Security Risks if I leave my server setup as PERMISSIVE?

Thank you all,

Answer 1

Heh. No one has answered this in 4 months because it's hard to find an answer that is direct & specific (per the guidelines) and won't start a discussion. But I'll give it a try.

1. FileZilla can show hidden files, the method is different for different versions. Try the View or Server menu, or look for "hidden" in the built-in help.

2. ENFORCING means that selinux is running and prevents actions that violate its active policies. PERMISSIVE means that selinux is running and logs (but does not prevent) actions that violate its active policies.

3. Yes. Specifically, in ENFORCING mode, a hostile entity would have to both upload a file with malicious code and set the selinux context for the file in order to run it. In PERMISSIVE mode, they just need to upload the file. This is the most likely explanation for your experience: you uploaded a new .htaccess file, but did not set its selinux context.