Re: Permission denied for public_html

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Volker Englisch wrote:

on 11/6/2006 2:08 PM John Griffiths said the following:
I had set these values in order to get samba to work. In fact, at some point I thought I did have both samba and http access to the public_html directory working but when I made additional changes trying to allow a cgi script to write to a directory I must have messed up the access to the user websites.
The context of the directory has to be public_content_rw_t for both Samba and httpd to access it.
I actually did have this context set this way in the beginning but now I would be happy if I could just access the user web pages again. That's why I had changed it back to httpd_sys_content_t.
Here is the context of the directory (after changing the context back to public_content_rw_t: 

[root] ls -dZ public_html
drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t
public_html/
PWD=/home/kate
[root] ls -Z public_html
drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t images/
-rw-rw-r--  kate webedit user_u:object_r:public_content_rw_t index.html
drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t pics/
drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t Themes/

[root] getsebool -a | grep enable_home
httpd_enable_homedirs --> on
samba_enable_home_dirs --> on
spamd_enable_home_dirs --> on

[root] getenforce
Enforcing

And the output from the /var/log/messages file when accessing the web page:
...
Nov 6 14:48:27 kepler kernel: audit(1162842507.522:72017): avc: denied { search } for pid=31270 comm="httpd" name="kate" dev=sda5 ino=14942209 scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=dir Nov 6 14:48:27 kepler kernel: audit(1162842507.522:72018): avc: denied { getattr } for pid=31270 comm="httpd" name="kate" dev=sda5 ino=14942209 scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=dir 
...
From all that I know everything looks good but maybe someone else can see what is wrong with my setup.
It looks to me that /home/kate is user_home_t instead of user_home_dir_t. Fixing that should help. 

Paul.

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux