Tim: >> Why are you trying to write log files into your homespace? Alex: > It's a legacy system (think webalizer era), but there are also > multiple virtual hosts and it makes it easier to keep them segmented. > The document root is in /home/httpd/www.mysite.com/html. > > There's not enough space on /var to move it. Okay, I understand the space issue, but it's just as easy to keep virtual hosts separated in place as another, and you're not fighting against security settings (which should not be fought against). But webalizer never needed things to be *there* on my systems. My system is /var/www/cgi-bin/ (the CGIs) /var/www/html/ (the default webserver if accessed by bare IP) /var/www/virtuals/ (inside are various virtual servers) e.g. /var/www/virtuals/lanserver/ /var/www/virtuals/test/ /var/www/virtuals/wanserver/ /srv/ is another location that is expected to allow things to be served from. Which way is easier for someone to go depends on how their filesystem and disk partitions are structured. It's also possible to mount a larger partition inside /var/. There is something to be said for keeping websites gubbins in their own drive or partition, wherever they're eventually mounted. Come a system upgrade, it's easier to keep them from being clobbered. >> chcon -u unconfined_u -t httpd_sys_content_t <file> > selinux was disabled with security=0 at boot time. selinux was not > helpful here. There has been cases where disabling SELinux hasn't actually done what was expected. You could always set up a small test site stored in a different location, see if that gets the same denials. But if you're certain its not SELinux, then perhaps it's basic file permissions. Taking any filepath as example: /something/more/here/whatever Each of those directories right back to "something" in the root has to be world readable (the "others" permissions), likewise for any files to be served in them. And, if you're going to write logs (or other things) into them, you may have to do the same thing for the write permissions. Remembering that the directories and files should not be *owned* by Apache, but by the site author. Hence why it's a really bad idea to serve from odd directories without SELinux. It doesn't take much for someone to get a webserver to write something where it shouldn't, particularly if you use any kind of blogging software. -- http://www.CameraTim.com/ Over 30 years experience In Modbury, a suburb north-east of Adelaide, South Australia. For urgent or confidential messages, phone instead of email. Mobile: 0410 930024 -- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
