Re: users public_html access

[Daniel J Walsh <dwalsh@xxxxxxxxxx>]

John Griffiths wrote:

> Sorry. I'm new to Fedora and SE Linux. Forgot to look in 
> /var/log/audit/audit.log. There are many avc messages in 
> /var/log/audit/audit.log, but the ones that I think are relevant to 
> this are repeats of:
>
>     type=AVC msg=audit(1122050110.135:15537760): avc:  denied  {
>     getattr } for  pid=
>     3517 comm="httpd" name="/<user name edited for security>/"
>     dev=hdc1 ino=10780673 scontext=root:system_r:httpd
>     _t tcontext=root:object_r:file_t tclass=dir
file_t means that you have a labeling problem.

touch /.autorelabel
reboot

> The user's home directory does not have the same security permissions 
> as the user's public_html directory since the How To did not specify 
> that it needed to be any more than have the permissions of 711.
>
> Regards,
> John
>
> Daniel J Walsh wrote:
>
> > John Griffiths wrote:
> >
> > > None when I try to access the user's public_html. There are some 
> > > from when I turned enforcing off and back on.
> > >
> > >     Jul 22 12:35:07 gei dbus: avc:  received setenforce notice
> > >     (enforcing=0)
> > >     Jul 22 12:35:07 gei dbus: avc:  received setenforce notice
> > >     (enforcing=0)
> > >     Jul 22 12:36:01 gei dbus: avc:  received setenforce notice
> > >     (enforcing=1)
> > >     Jul 22 12:36:01 gei dbus: avc:  received setenforce notice
> > >     (enforcing=1)
> > >
> > > That was when I was confirming that I could see the user's public_html.
> > You looked in both /var/log/audit/audit.log and /var/log/messages?
> >
> > > John
> > >
> > > Daniel J Walsh wrote:
> > >
> > > > John Griffiths wrote:
> > > >
> > > > > I cannot get users public_html content to publish in FC4. I keep 
> > > > > getting "You don't have permission to access /~<user>/ on this 
> > > > > server." I can access the user's public_html when I change SELinux 
> > > > > to Permissive.
> > > > >
> > > > > I searched the archives and did not find anything, and I followed 
> > > > > the direction in section 4 of "Understanding and Customizing the 
> > > > > Apache HTTP SELinux Policy" which was written for FC3.
> > > > >
> > > > > The httpd booleans are:
> > > > > httpd_builtin_scripting         active
> > > > > httpd_can_network_connect       active
> > > > > httpd_disable_trans             inactive
> > > > > httpd_enable_cgi                active
> > > > > httpd_enable_homedirs           active
> > > > > httpd_ssi_exec                  active
> > > > > httpd_suexec_disable_trans      inactive
> > > > > httpd_tty_comm                  inactive
> > > > > httpd_unified                   active
> > > > >
> > > > > The security setting on the user's public_html and the files in 
> > > > > the directory is user_u:object_r:httpd_sys_content_t . Obviously 
> > > > > the standard UGW permissions are OK since turning off SELinux 
> > > > > allows the content to be accessed.
> > > > >
> > > > > What am I missing, or is this a bug?
> > > > >
> > > > > Thanks,
> > > > > John Griffiths
> > > > >
> > > > > --
> > > > > fedora-selinux-list mailing list
> > > > > fedora-selinux-list@xxxxxxxxxx
> > > > > http://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > >
> > > >
> > > >
> > > > Any avc messages?


--


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list