awstats munged httpd rights in SElinux, how to fix?
gene.heskett at verizon.net
Thu Jul 31 03:35:06 UTC 2008
On Wednesday 30 July 2008, Tim wrote:
>On Wed, 2008-07-30 at 18:12 -0400, Gene Heskett wrote:
>> Wanting to see who might have visited my simple web page, I installed
>> awstats from the fedora repo today.
>> The awstats selinux helper seems to be an empty file, yumex win't dl it or
>> install it even when checked.
>> >From the yumex screen:
>> 7:59:02 : Package Queue:
>> 17:59:02 : Packages to install
>> 17:59:02 : ---> awstats-selinux-6.7-1.fc8.noarch
>> 17:59:02 : Preparing for install/remove/update
>> 17:59:02 : --> Preparing for install
>> 17:59:02 : Package awstats-selinux is obsoleted by awstats, trying to
>> install awstats-6.8-1.fc8.noarch instead
>> 17:59:02 : Package awstats-6.8-1.fc8.noarch already installed and latest
>> 17:59:06 : Error in Dependency Resolution
>> 17:59:06 : Success - empty transaction
>> which is self-explanatory.
>> But on attempting to look at my page at localhost, I get connection
>> So I as root, do:service httpd restart
>> Stopping httpd: [FAILED]
>> Starting httpd: (13)Permission denied: httpd: could not open error log
>> file /etc/httpd/logs/error_log.
>> Unable to open logs
>Sounds more like Apache problems, not AWStats, this is Apache failing to
>start. AWStats just reads the logs, *separately*. As a regular cron
>job, as I recall. Though it can be fired up on demand.
Actually, its something in the new 2.6.27-rc1 kernel that is stopping it.
I just rebooted to 2.6.26 final, and its happy as a clam. The 2.6.27-rc1
kernel has some newer options targeted at net security that I haven't quite
Back to awstats, where does this output show up? As a web page on localhost,
or something it takes mrtg to look at?
Also, what user does the cron entry belong to?
>NB: /etc/httpd/logs/ is a symlink to /var/log/httpd
That I had figured out.
>> And an selinux denial that says I can fix it with this:
>> #> setsebool -P httpd_unified=1
>> But I've now executed that line several times without success.
>> I've also gone through the httpd stuff and made much of it 0644 and owned
>> by apache:apache.
>Why and what? Configuration and log files should be owned by root,
>files to be served out of the website should be owned by the author.
I'll switch them back then.
>Are you still using your computer as root, and messing up file and
>directory ownerships as you go along?
Here and there. If fedora would give me what I want to do, I'd use it as is,
but it doesn't.
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
May I ask a question?
More information about the fedora-list