-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/14/2011 06:29 AM, Varuna Seneviratna wrote: > On 14 April 2011 15:42, Bryn M. Reeves <bmr@xxxxxxxxxx> wrote: >> On 04/14/2011 11:06 AM, Bryn M. Reeves wrote: >>> On 04/14/2011 10:39 AM, Varuna Seneviratna wrote: >>>> When I try to Access the DocumentRoot which is /home/<User >>>> Name>/public_html by typing http://localhost I get a 403 Forbidden >>>> Page.What should I do gain Access to DocumentRoot Contents? >>> >>> If you're getting a 403 then something is denying the web server access to those >>> paths. If you have set the directory permissions correctly (iirc you need other >>> execute on the home directory (search permission) and other read/execute on the >>> public_html directory and its subdirectories) the you may need to set up SELinux >>> contexts for the directory if you have it enabled on your system. >>> >>> I normally do this by using a reference from /var/www/html since it is installed >>> with the correct context for httpd content: >>> >>> chcon -R --reference=/var/www/html public_html/ >> >> Heh, thought I might be out of date here.. I think that the correct context for >> home directory web content is now httpd_user_content_t (although I think >> httpd_sys_content_t still works - an SELinux expert can probably explain exactly >> why that's wrong or a bad idea but it certainly means there's no separation >> between user and system content so the policy can't distinguish them ;). >> >> More info in this bug: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=509943 >> >> Regards, >> Bryn. >> > Dear Bryn > I have been addressing this isuue for about two days and > has also posted on FedoraForum.org. The Thread is > http://forums.fedoraforum.org/showthread.php?t=260382.This thread was > not initially started by me.I have posted by the UserName Vefoda.On > that thread acording to the advice given by > jpollard(http://forums.fedoraforum.org/showpost.php?p=1461100&postcount=9) > I have carried out the following > > 1. enable the UserDir entry: "UserDir enable" > > 2. uncommment the next UserDIR line (and/or modify it for your > choice): "UserDir public_html > > 3.Set the SELinux boolean control "httpd_enable_homedirs" to "on" to > allow apache to access the users "public_html" (or whatever you called > it). > > 3a. restart apache > > 4. Let the user create their "public_html" directory in their home > directory, then use "chcon -t httpd_user_content_t public_html" to set > the security label. > > 5. Let the user set permission bits (chmod +rx public_html) on the directory. > > This will grant READ ONLY access to files (and php scripts). > > The URL for access is "//<host>/~<username>/". > > Before Doing the above I was not able to even start httpd.But now it > starts and the problem now is I am getting a Forbidden page?From what > I gather I think is that httpd is able to access > /home/varuna/public_html/ But the Web Browser is not able to access > the Home Directory contents, public_html contents to be exact > > Your Advice Please! > > Regards > Varuna Are you getting avcs? They are stored in /var/log/audit/audit.log ausearch -m avc -ts recent Will show recent AVC's man httpd_selinux Explains how apache and SELinux work together. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2m6Z8ACgkQrlYvE4MpobPq5wCfVNeApy2RTZeSFpfqhEHjv7RT TAYAoJXCwoSHzqwOIoFZu8v30sy8Oeon =WL89 -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
