Permission denied for public_html

John Griffiths fedora at grifent.com
Mon Nov 6 21:34:52 UTC 2006 


Volker Englisch wrote:
> on 11/6/2006 2:08 PM John Griffiths said the following:
>>> I had set these values in order to get samba to work.  In fact, at 
>>> some point I thought I did have both samba and http access to the 
>>> public_html directory working but when I made additional changes 
>>> trying to allow a cgi script to write to a directory I must have 
>>> messed up the access to the user websites.
>>>
>> The context of the directory has to be public_content_rw_t for both 
>> Samba and httpd to access it.
>
> I actually did have this context set this way in the beginning but now 
> I would be happy if I could just access the user web pages again.  
> That's why I had changed it back to httpd_sys_content_t.
>
> Here is the context of the directory (after changing the context back 
> to public_content_rw_t:
>
> [root] ls -dZ public_html
> drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t
> public_html/
> PWD=/home/kate
> [root] ls -Z public_html
> drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t images/
> -rw-rw-r--  kate webedit user_u:object_r:public_content_rw_t index.html
> drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t pics/
> drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t Themes/
>
> [root] getsebool -a | grep enable_home
> httpd_enable_homedirs --> on
> samba_enable_home_dirs --> on
> spamd_enable_home_dirs --> on
>
> [root] getenforce
> Enforcing
>
> And the output from the /var/log/messages file when accessing the web 
> page:
> ...
> Nov  6 14:48:27 kepler kernel: audit(1162842507.522:72017): avc:  
> denied  { search } for  pid=31270 comm="httpd" name="kate" dev=sda5 
> ino=14942209 scontext=user_u:system_r:httpd_t:s0 
> tcontext=user_u:object_r:user_home_t:s0 tclass=dir
> Nov  6 14:48:27 kepler kernel: audit(1162842507.522:72018): avc:  
> denied  { getattr } for  pid=31270 comm="httpd" name="kate" dev=sda5 
> ino=14942209 scontext=user_u:system_r:httpd_t:s0 
> tcontext=user_u:object_r:user_home_t:s0 tclass=dir
> ...
>
The context is showing up as user_home_t , not public_content_rw_t. When 
you changed the context, did you only do the directory or recursively so 
the contents also got the context?

Regards,
John
>
> From all that I know everything looks good but maybe someone else can 
> see what is wrong with my setup.
>
>
> Thanks
>
>    Volker Englisch
>

More information about the fedora-selinux-list mailing list