users public_html access

Daniel J Walsh dwalsh at redhat.com
Mon Jul 25 15:53:45 UTC 2005 

John Griffiths wrote:

> Sorry. I'm new to Fedora and SE Linux. Forgot to look in 
> /var/log/audit/audit.log. There are many avc messages in 
> /var/log/audit/audit.log, but the ones that I think are relevant to 
> this are repeats of:
>
>     type=AVC msg=audit(1122050110.135:15537760): avc:  denied  {
>     getattr } for  pid=
>     3517 comm="httpd" name="/<user name edited for security>/"
>     dev=hdc1 ino=10780673 scontext=root:system_r:httpd
>     _t tcontext=root:object_r:file_t tclass=dir
>
file_t means that you have a labeling problem.

touch /.autorelabel
reboot

> The user's home directory does not have the same security permissions 
> as the user's public_html directory since the How To did not specify 
> that it needed to be any more than have the permissions of 711.
>
> Regards,
> John
>
> Daniel J Walsh wrote:
>
>> John Griffiths wrote:
>>
>>> None when I try to access the user's public_html. There are some 
>>> from when I turned enforcing off and back on.
>>>
>>>     Jul 22 12:35:07 gei dbus: avc:  received setenforce notice
>>>     (enforcing=0)
>>>     Jul 22 12:35:07 gei dbus: avc:  received setenforce notice
>>>     (enforcing=0)
>>>     Jul 22 12:36:01 gei dbus: avc:  received setenforce notice
>>>     (enforcing=1)
>>>     Jul 22 12:36:01 gei dbus: avc:  received setenforce notice
>>>     (enforcing=1)
>>>
>>> That was when I was confirming that I could see the user's public_html.
>>>
>> You looked in both /var/log/audit/audit.log and /var/log/messages?
>>
>>> John
>>>
>>> Daniel J Walsh wrote:
>>>
>>>> John Griffiths wrote:
>>>>
>>>>> I cannot get users public_html content to publish in FC4. I keep 
>>>>> getting "You don't have permission to access /~<user>/ on this 
>>>>> server." I can access the user's public_html when I change SELinux 
>>>>> to Permissive.
>>>>>
>>>>> I searched the archives and did not find anything, and I followed 
>>>>> the direction in section 4 of "Understanding and Customizing the 
>>>>> Apache HTTP SELinux Policy" which was written for FC3.
>>>>>
>>>>> The httpd booleans are:
>>>>> httpd_builtin_scripting         active
>>>>> httpd_can_network_connect       active
>>>>> httpd_disable_trans             inactive
>>>>> httpd_enable_cgi                active
>>>>> httpd_enable_homedirs           active
>>>>> httpd_ssi_exec                  active
>>>>> httpd_suexec_disable_trans      inactive
>>>>> httpd_tty_comm                  inactive
>>>>> httpd_unified                   active
>>>>>
>>>>> The security setting on the user's public_html and the files in 
>>>>> the directory is user_u:object_r:httpd_sys_content_t . Obviously 
>>>>> the standard UGW permissions are OK since turning off SELinux 
>>>>> allows the content to be accessed.
>>>>>
>>>>> What am I missing, or is this a bug?
>>>>>
>>>>> Thanks,
>>>>> John Griffiths
>>>>>
>>>>> -- 
>>>>> fedora-selinux-list mailing list
>>>>> fedora-selinux-list at redhat.com
>>>>> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>>
>>>>
>>>>
>>>> Any avc messages?
>>>>
>>
>>


--

More information about the fedora-selinux-list mailing list