SELinux & apache/httpd access to /home/*/www
Daniel J Walsh
dwalsh at redhat.com
Wed Sep 15 14:57:33 UTC 2004
Cream[DONut] wrote:
> Hello,
>
> My problem is this:
> I host some small PHP & MySQL websites for friends and family, they
> have their VirtualHost DocumentRoot's in "/home/[name]/www" (and is
> working fine with SELinux disabled).
>
> I am running SELinux with SELINUX=enforcing, SELINUXTYPE=targeted.
>
> SELinux seems to be blocking httpd from accessing /home/name/www,
> atleast when trying to start apache it complains:
> Starting httpd: Warning: DocumentRoot [/home/xxxxxx/www] does not exist
> Warning: DocumentRoot [/home/yyyyy/www] does not exist
> [FAILED]
>
There are a couple of ways to handle this. This is in the order of most
protection.
1. In order to maintain the SELinux protection on Apache, you could
change the context of the directrory and files you wish to share.
a chcon -t -R httpd_user_content_t /home/*/www
b Then restart apache and try to access the pages.
service httpd restart
2. You can disable SELinux protextion for apache.
a. Run selinux-config-securitylevel and select the SELinux tab.
b. In the Modify SELinux Policy box, select the transitions list
item and expand.
c. Check the Disable SELinux protection for httpd daemon line.
d. Click ok
e. Restart apache
service httpd restart
3. Disable SELinux
a. Run selinux-config-securitylevel and select the SELinux tab.
b. UnClick Enabled
c. Click Ok
d. Reboot.
More information about the fedora-selinux-list
mailing list