Hello all, I hope I'm addressing this question to the correct group.I am trying to run apache (version 2.0.52-22) on a RedHat system (kernel version 2.6.9-22.0.2), and SELinux is preventing access to the site (Forbidden).
I have done quite a bit of googling on this, including the archives for this list, and haven't found the answer. So, here goes.
We have our web pages in directory /home/httpd. The cgi apps are in /home/httpd/cgi-bin, and the logs are in /home/httpd/logs.
I used chcon on the root directory first: # chcon -R -t httpd_sys_content_t /home/httpdThis allowed the server to start (the server needed permission to access the logs) and it made the home page appear in my web browser. I then used this command again on the cgi-bin directory:
# chcon -R -t httpd_sys_script_exec_t /home/httpd/cgi-binThis made the scripts work. The problem comes in because some of these cgi's call binary executables, which reside in /home/httpd/bin, and THOSE executables call data files located in /home/httpd/data.
I could not get the binaries to execute at all at first. Then I executed this: # chcon -R -t httpd_sys_script_exec_t /home/httpd/binwithout knowing whether or not it was proper to do so. This *seems* to make the binaries start execution, but they seem to fail when trying to access the data files. Those data files are located in a directory that has *.html files, so I didn't change the SELinux properties of that directory, but I *did* change them on the data files. No joy. I'm not even sure *what* I should change those properties to, anyway.
Does anyone know how to fix this? TIA, Bill Tangren --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|