We're glad to be able to help you. The package setools-console is very handy when it comes to setting the SELinux's user, role, and type for a specific file to allow specific access to a specific services.
After installing setools-console, you can find out the list of SELinux context "type": seinfo -t Or a list of SELinux context "user": seinfo -u Or "role" seinfo -r You will get a long list of context types. An example I've gave you earlier was httpd_sys_content_t. Try this command: seinfo -t | grep httpd_sys Output: httpd_sys_content_t <==== recognize that? :) httpd_sys_htaccess_t httpd_sys_ra_content_t httpd_sys_rw_content_t httpd_sys_script_t httpd_sys_script_exec_t Another example, find the SELinux context type for Samba share file. seinfo -t | grep samba Output: samba_secrets_t samba_unconfined_script_exec_t samba_net_t samba_var_t samba_net_exec_t samba_net_tmp_t samba_unconfined_net_t samba_unconfined_script_t sambagui_exec_t samba_share_t <========= general samba share privilege samba_initrc_exec_t sambagui_t samba_etc_t samba_log_t Lastly, to make sure your hard-work SELinux survives reboot, run: semanage fcontext -a -t context_type_goes_here_t file_name_goes_here If you assigned context "user", then run: semanage fcontext -a -s context_user_goes_here_t -t context_type_goes_here_t file_name Actual example: semanage fcontext -a -s system_u -t samba_share_t /samba/sharedir And of course, you can always have the option to turn off SELinux but I would not recommend it. The only time I turned off SELinux was when I tested a service that kept spitting out permission denied or service not accessible... On Apr 3, zxq9 provided an excellent intro to SELinux. Take a look at his post. Wish you the best. -Tam On Wed, Apr 11, 2012 at 11:32 AM, Terry Northren <tnorth...@gmail.com>wrote: > Tam and Alan, > thanks for the package. That solved it. > > Tam, what do I do with setools-console package? > > Our Linux Admin was working on a test Apache server. Most of the > configuration was done by him, but he left the company. I am picking > up the left behind. Coming from the Windows side, I am new to many > aspects of Linux. Still learning my rope. The Scientific Linux > community has been extremely helpful and resourceful :D. > > > On 4/11/12, Tam Nguyen <tam8gu...@gmail.com> wrote: > > That error means you do not have the prerequisite package installs. > > Install the package: > > > > yum -y install policycoreutils-python > > > > Since we are on the SELinux topic, I would recommend you also install: > > > > yum -y install setools-console > > > > Btw, looking back at your first post about Apache authentication and > access > > deny and allow, how did you manage to get your Apache to work in the > first > > place, especially configuring SELinux settings? > > > > > > On Wed, Apr 11, 2012 at 10:53 AM, Terry Northren <tnorth...@gmail.com > >wrote: > > > >> Tam, > >> I followed your directions. I ran into an error when I executed the > >> semanage command: > >> > >> semanage fcontext -a -t httpd_sys_content_t public_html > >> > >> Here is my output error: > >> -bash: /usr/sbin/semanage: No such file or directory > >> > >> I went ahead and followed the rest of your tutorial. It worked!! > >> Does this mean I will have to re-configure SELinux after every reboot? > >> > >> > >> On 4/11/12, Tam Nguyen <tam8gu...@gmail.com> wrote: > >> > Not knowing the configuration of your httpd.conf file and the > >> configuration > >> > of the local users' home directory, there is no direct answer. > >> Therefore, > >> > my approach to your question is to give you a very basic setup, which > >> would > >> > allow users to access files in their home's directory. You can base > off > >> of > >> > this to make it works on your machine. > >> > Before you do anything, backup your httpd.conf file. > >> > Even better, do this on a test VM. > >> > > >> > In the file httpd.conf, change these 2 directives to look like this: > >> > > >> > #UserDir disabled > >> > > >> > UserDir *public_html* > >> > > >> > this enables local users to access html files inside the the > >> *public_html * > >> > directory. > >> > > >> > Let's say we want UserX to have access to his/her home directory: > >> > mkdir /home/UserX*/public_html* > >> > > >> > Then create an html file in the *public_html *directory, > >> > > >> > Now comes the fun part, permission and SELinux :). > >> > Permission: Make sure UserX is the owner of the *public_html* > directory > >> > and all files within it (hence, recursively). > >> > chown userx:userx *public_html* > >> > > >> > Directory and files need read and execute permission > >> > chmod 755 > >> > > >> > Selinux: public_html and all files within must have one of these > >> > context > >> > types: > >> > httpd_sys_content_t > >> > or > >> > public_content_rw_t > >> > > >> > sample command: > >> > chcon -R -t httpd_sys_content_t *public_html > >> > > >> > *then make sure SELinux setting survives reboot, run command: > >> > semanage fcontext -a -t httpd_sys_content_t *public_html* > >> > > >> > verify the directory and do the same to all files inside > *public_html*: > >> > ll -Z > >> > > >> > Finally, enable SELinux boolean: > >> > setsebool -P httpd_enable_homedirs on > >> > > >> > Restart Apache without interrupting the users: > >> > apachectl graceful > >> > > >> > Now access UserX' home directory: > >> > http://servername_or_ip_address/~userx/ > >> > > >> > This is just a basic configuration to give you a general idea. You > will > >> > have to customize the settings and permissions according to your > >> > server's > >> > needs. > >> > > >> > good luck > >> > -Tam > >> > > >> > > >> > On Mon, Apr 9, 2012 at 8:33 PM, Terry Northren <tnorth...@gmail.com> > >> wrote: > >> > > >> >> Hi again, > >> >> on Apache server, how do I allow users to access files in their home > >> >> folders? > >> >> > >> >> > >> >> > >> > > >> > > >
