Re: httpd permission problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 02/18/2013 03:07 PM, Daniel J Walsh wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/16/2013 12:37 PM, Dominick Grift wrote:

On Sat, 2013-02-16 at 17:12 +0100, Gergely Buday wrote:

Hi there,

I got the advice on the Apache mailing list that this might be an selinux
problem.

I have a directory under my home dir, and I would like that Apache served
that. It says 403 Forbidden. I have created a web group that includes my
user and apache. It is set in the httpd.conf file. After using chcon, ls
-Z tells me

drwxr-x---. gergoe web    system_u:object_r:httpd_sys_content_t:s0
wordpress

and the same for all the files under. Still, I cannot access the content
in that dir.

What else should I set?


Does it work if you test it in permissive mode?:

setenforce 0 getenforce ! do test setenforce 1 getenforce

if it works in permissive mode but not in enforcing mode than it is likely
selinux blocking

if it does not work in permissive mode either then  its likely not an
selinux related issue



- Gergely -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux


-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux


getsebool httpd_enable_homedirs

This boolean has to be turned on for this to work.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlEiNaUACgkQrlYvE4MpobPNXwCdEHa8LIYOBsCCIpGC1ZboEGZe
QUMAnR1CzNvW1k9GP2vfaxNhQ3YOPB9t
=KJ5J
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

Also audit2allow could help you. For example

# ausearch -m avc -ts recent |audit2allow

#!!!! This avc can be allowed using one of the these booleans:
#     httpd_read_user_content, httpd_enable_homedirs
allow httpd_t user_home_dir_t:dir { read getattr open };



--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux