Web server permission in FC9

Tim ignored_mailbox at yahoo.com.au
Fri May 23 06:08:06 UTC 2008 

THIS IS NOT A TOP POSTING LIST.  I will NOT answer any further top posts
on this thread, and I won't be the only one that feels that way.  If you
want help from the members, conform to this list's etiquette.

See here:  http://fedoraproject.org/wiki/Communicate/MailingListGuidelines#head-21931671219f9e2ecd6ec8655a3d582326699379

On Thu, 2008-05-22 at 13:16 -0400, Charles Layno wrote:
> Thanks for the info. I am serving my pages from /html on its own drive
> with a tree below that serves several domains.  Is it better to change
> DocumentRoot as a symbolic link or as direct? I am running FC9 with
> Apache 2.2.8 and a generic disk install. 

I don't think that playing with links is going to help you.  I've not
looked into how Apache handles that, but some systems will see around
symlink tricks and apply rules based on the real location, and I expect
a webserver to work that way.  It stops people doing something like
symlinking to /etc from their homespace.

However, mounting your html drive onto /var/www/html should work fine.
Everything will see the webserving files in the location that it expects
them to be.  Mounts are seen as virtually the same as files in a
directory in the same filesystem.

Based on prior information, I think that what you need to do is set the
right SELinux contexts on your webserving files with the restorecon
command (recursively applied to the "html" directory and all contents).
The restorecon command restores the usual expected contexts for the
location.

e.g. restorecon -rv /var/www/html
     Would fix broken contexts in the usual webserving location.

But because you're serving from a non-standard location (/html) you
might have to keep on setting contexts (with the "chcon" command),
unless you mount it as I suggest.  That gives you the convenience of
your separate HTML discdrive, but works within the usual filetree.

i.e. chcon -R root:object_r:httpd_sys_content_t /html

I'm not using FC9, and I can't say whether setting the right contexts
once on a non-standard parent location will mean that any more files
created within it will inherit the parent contexts.  But, with prior
releases, it doesn't.  You would have to keep manually setting custom
contexts for non-standard locations everytime you added new files and
sub-directories.

But if you were to keep working in a standard locatation (i.e. mounted
inside the /var/www/ path), the right contexts will prevail whenever you
create new sub-folders and files, and you use tools which understand
this.  e.g. When you cp files to the location, or create new files with
vi in there.  That's not an exhaustive list of examples, plenty of other
things will work fine, too.

My system has /var/www/html/ holding the files served by default
(connections to my IP that don't match a virtual hostname), and virtual
hosts are kept within sub-directories in /var/www/virtual-hosts/.  I
don't have SELinux problems when I create new content, it just works.

-- 
(This box runs Centos 5.0, my others still run FC 4, 5, 6, & 7, in case that's
 important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

More information about the fedora-list mailing list