Apache, Virtual Servers and SELinux
Michael Shaw
mshaw at dowco.com
Sat Nov 12 19:06:12 UTC 2005
Paul Howarth wrote:
>On Fri, 2005-11-11 at 12:02 -0800, Michael Shaw wrote:
>
>
>>Hi all,
>>
>>I installed Apache on an FC4 machine, and I was trying to get Virtual
>>servers working. To do so, I had the following name based virtual
>>servers. I placed the following directives (among others) in my
>>httpd.conf file:
>>
>>~~~~~~~~~~~~
>># Virtual host default
>><VirtualHost 192.168.1.25>
>> ServerName default
>> DocumentRoot "/var/www/html"
>> DirectoryIndex index.php index.html index.htm index.shtml
>> LogLevel debug
>> HostNameLookups off
>></VirtualHost>
>>
>># Virtual host michael
>><VirtualHost 192.168.1.25>
>> ServerAdmin mshaw at dowco.com
>> DocumentRoot /home/michael/public_html/www
>> ServerName michael
>> DirectoryIndex index.html index.php
>></VirtualHost>
>>
>><Directory "/var/www/html">
>> Options Indexes Includes FollowSymLinks
>> AllowOverride None
>> Allow from all
>> Order allow,deny
>></Directory>
>>
>><Directory "/home/*/public_html/www">
>> Options Indexes Includes FollowSymLinks
>> AllowOverride None
>> Order allow,deny
>> Allow from all
>></Directory>
>>~~~~~~~~~~~~
>>
>>I was very fristrated that the virtual server michael get giving me
>>access denied errors. I disabled SELinux and everythign worked. So I
>>tried fiddling away with all the HTTPD settings but cou;dn't get it to
>>work with SELinux on, including "Allow HTTPD to read home directories".
>>
>>I have seen references to this on the Internet but not a cure. Which
>>check box am I missing?
>>
>>
>
>Make sure your httpd-readable files have the correct context:
>
>$ chcon -R -t httpd_user_content_t /home/michael/public_html/www
>
>Paul.
>
>
Never mind, changed my configuration to use the method at
http://httpd.apache.org/doc/2.0/vhosts/mass.html#simple and now SELinux
works when I allow access to home directories.
Though I will have to study what chcon mans: I know it means change
context, but I will have to get used to it with cmod and chown.
Thanks though.
Michael
More information about the fedora-selinux-list
mailing list