users public_html access
Daniel J Walsh
dwalsh at redhat.com
Mon Jul 25 15:53:45 UTC 2005
John Griffiths wrote:
> Sorry. I'm new to Fedora and SE Linux. Forgot to look in
> /var/log/audit/audit.log. There are many avc messages in
> /var/log/audit/audit.log, but the ones that I think are relevant to
> this are repeats of:
>
> type=AVC msg=audit(1122050110.135:15537760): avc: denied {
> getattr } for pid=
> 3517 comm="httpd" name="/<user name edited for security>/"
> dev=hdc1 ino=10780673 scontext=root:system_r:httpd
> _t tcontext=root:object_r:file_t tclass=dir
>
file_t means that you have a labeling problem.
touch /.autorelabel
reboot
> The user's home directory does not have the same security permissions
> as the user's public_html directory since the How To did not specify
> that it needed to be any more than have the permissions of 711.
>
> Regards,
> John
>
> Daniel J Walsh wrote:
>
>> John Griffiths wrote:
>>
>>> None when I try to access the user's public_html. There are some
>>> from when I turned enforcing off and back on.
>>>
>>> Jul 22 12:35:07 gei dbus: avc: received setenforce notice
>>> (enforcing=0)
>>> Jul 22 12:35:07 gei dbus: avc: received setenforce notice
>>> (enforcing=0)
>>> Jul 22 12:36:01 gei dbus: avc: received setenforce notice
>>> (enforcing=1)
>>> Jul 22 12:36:01 gei dbus: avc: received setenforce notice
>>> (enforcing=1)
>>>
>>> That was when I was confirming that I could see the user's public_html.
>>>
>> You looked in both /var/log/audit/audit.log and /var/log/messages?
>>
>>> John
>>>
>>> Daniel J Walsh wrote:
>>>
>>>> John Griffiths wrote:
>>>>
>>>>> I cannot get users public_html content to publish in FC4. I keep
>>>>> getting "You don't have permission to access /~<user>/ on this
>>>>> server." I can access the user's public_html when I change SELinux
>>>>> to Permissive.
>>>>>
>>>>> I searched the archives and did not find anything, and I followed
>>>>> the direction in section 4 of "Understanding and Customizing the
>>>>> Apache HTTP SELinux Policy" which was written for FC3.
>>>>>
>>>>> The httpd booleans are:
>>>>> httpd_builtin_scripting active
>>>>> httpd_can_network_connect active
>>>>> httpd_disable_trans inactive
>>>>> httpd_enable_cgi active
>>>>> httpd_enable_homedirs active
>>>>> httpd_ssi_exec active
>>>>> httpd_suexec_disable_trans inactive
>>>>> httpd_tty_comm inactive
>>>>> httpd_unified active
>>>>>
>>>>> The security setting on the user's public_html and the files in
>>>>> the directory is user_u:object_r:httpd_sys_content_t . Obviously
>>>>> the standard UGW permissions are OK since turning off SELinux
>>>>> allows the content to be accessed.
>>>>>
>>>>> What am I missing, or is this a bug?
>>>>>
>>>>> Thanks,
>>>>> John Griffiths
>>>>>
>>>>> --
>>>>> fedora-selinux-list mailing list
>>>>> fedora-selinux-list at redhat.com
>>>>> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>>
>>>>
>>>>
>>>> Any avc messages?
>>>>
>>
>>
--
More information about the fedora-selinux-list
mailing list