Permission denied for public_html

Volker Englisch Volker at englisch.us
Mon Nov 6 20:03:27 UTC 2006


on 11/6/2006 2:08 PM John Griffiths said the following:
>> I had set these values in order to get samba to work.  In fact, at 
>> some point I thought I did have both samba and http access to the 
>> public_html directory working but when I made additional changes 
>> trying to allow a cgi script to write to a directory I must have 
>> messed up the access to the user websites.
>>
> The context of the directory has to be public_content_rw_t for both 
> Samba and httpd to access it.

I actually did have this context set this way in the beginning but now I 
would be happy if I could just access the user web pages again.  That's 
why I had changed it back to httpd_sys_content_t.

Here is the context of the directory (after changing the context back to 
public_content_rw_t:

[root] ls -dZ public_html
drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t
public_html/
PWD=/home/kate
[root] ls -Z public_html
drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t images/
-rw-rw-r--  kate webedit user_u:object_r:public_content_rw_t index.html
drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t pics/
drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t Themes/

[root] getsebool -a | grep enable_home
httpd_enable_homedirs --> on
samba_enable_home_dirs --> on
spamd_enable_home_dirs --> on

[root] getenforce
Enforcing

And the output from the /var/log/messages file when accessing the web page:
...
Nov  6 14:48:27 kepler kernel: audit(1162842507.522:72017): avc:  denied 
  { search } for  pid=31270 comm="httpd" name="kate" dev=sda5 
ino=14942209 scontext=user_u:system_r:httpd_t:s0 
tcontext=user_u:object_r:user_home_t:s0 tclass=dir
Nov  6 14:48:27 kepler kernel: audit(1162842507.522:72018): avc:  denied 
  { getattr } for  pid=31270 comm="httpd" name="kate" dev=sda5 
ino=14942209 scontext=user_u:system_r:httpd_t:s0 
tcontext=user_u:object_r:user_home_t:s0 tclass=dir
...


 From all that I know everything looks good but maybe someone else can 
see what is wrong with my setup.


Thanks

    Volker Englisch




More information about the fedora-selinux-list mailing list