awstats munged httpd rights in SElinux, how to fix?

Tim ignored_mailbox at yahoo.com.au
Thu Jul 31 03:20:07 UTC 2008 

On Wed, 2008-07-30 at 18:12 -0400, Gene Heskett wrote:
> Wanting to see who might have visited my simple web page, I installed awstats 
> from the fedora repo today.
> 
> The awstats selinux helper seems to be an empty file, yumex win't dl it or 
> install it even when checked.
> 
> >From the yumex screen:
> 7:59:02 : Package Queue:
> 17:59:02 :  Packages to install
> 17:59:02 :  ---> awstats-selinux-6.7-1.fc8.noarch 
> 17:59:02 : Preparing for install/remove/update
> 17:59:02 : --> Preparing for install
> 17:59:02 : Package awstats-selinux is obsoleted by awstats, trying to install 
> awstats-6.8-1.fc8.noarch instead
> 17:59:02 : Package awstats-6.8-1.fc8.noarch already installed and latest 
> version
> 17:59:06 : Error in Dependency Resolution
> 17:59:06 : Success - empty transaction
> 
> which is self-explanatory.
> 
> But on attempting to look at my page at localhost, I get connection refused.
> 
> So I as root, do:service httpd restart
> Stopping httpd:                                            [FAILED]
> Starting httpd: (13)Permission denied: httpd: could not open error log 
> file /etc/httpd/logs/error_log.
> Unable to open logs
>                                                            [FAILED]

Sounds more like Apache problems, not AWStats, this is Apache failing to
start.  AWStats just reads the logs, *separately*.  As a regular cron
job, as I recall.  Though it can be fired up on demand.

NB:  /etc/httpd/logs/ is a symlink to /var/log/httpd

> And an selinux denial that says I can fix it with this:
> #> setsebool -P httpd_unified=1 
> 
> But I've now executed that line several times without success.
> 
> I've also gone through the httpd stuff and made much of it 0644 and owned by 
> apache:apache.

Why and what?  Configuration and log files should be owned by root,
files to be served out of the website should be owned by the author.

Are you still using your computer as root, and messing up file and
directory ownerships as you go along?

-- 
[tim at localhost ~]$ uname -r
2.6.25.11-97.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.

More information about the fedora-list mailing list