Re: users public_html access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sorry. I'm new to Fedora and SE Linux. Forgot to look in /var/log/audit/audit.log. There are many avc messages in /var/log/audit/audit.log, but the ones that I think are relevant to this are repeats of:
type=AVC msg=audit(1122050110.135:15537760): avc:  denied  { getattr } for  pid=
3517 comm="httpd" name="<user name edited for security>" dev=hdc1 ino=10780673 scontext=root:system_r:httpd
_t tcontext=root:object_r:file_t tclass=dir
The user's home directory does not have the same security permissions as the user's public_html directory since the How To did not specify that it needed to be any more than have the permissions of 711.

Regards,
John

Daniel J Walsh wrote:
John Griffiths wrote:

None when I try to access the user's public_html. There are some from when I turned enforcing off and back on.

    Jul 22 12:35:07 gei dbus: avc:  received setenforce notice
    (enforcing=0)
    Jul 22 12:35:07 gei dbus: avc:  received setenforce notice
    (enforcing=0)
    Jul 22 12:36:01 gei dbus: avc:  received setenforce notice
    (enforcing=1)
    Jul 22 12:36:01 gei dbus: avc:  received setenforce notice
    (enforcing=1)

That was when I was confirming that I could see the user's public_html.

You looked in both /var/log/audit/audit.log and /var/log/messages?

John

Daniel J Walsh wrote:

John Griffiths wrote:

I cannot get users public_html content to publish in FC4. I keep getting "You don't have permission to access /~<user>/ on this server." I can access the user's public_html when I change SELinux to Permissive.

I searched the archives and did not find anything, and I followed the direction in section 4 of "Understanding and Customizing the Apache HTTP SELinux Policy" which was written for FC3.

The httpd booleans are:
httpd_builtin_scripting         active
httpd_can_network_connect       active
httpd_disable_trans             inactive
httpd_enable_cgi                active
httpd_enable_homedirs           active
httpd_ssi_exec                  active
httpd_suexec_disable_trans      inactive
httpd_tty_comm                  inactive
httpd_unified                   active

The security setting on the user's public_html and the files in the directory is user_u:object_r:httpd_sys_content_t . Obviously the standard UGW permissions are OK since turning off SELinux allows the content to be accessed.

What am I missing, or is this a bug?

Thanks,
John Griffiths

-- 
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list


Any avc messages? 



--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux