Yes, We really want the protection afforded our servers with SELInux,
but then there are all these policies to apply when we need to open
things up some.
Very challenging for sure.
On 03/06/2017 09:16 AM, David B Snyder wrote:
Thanks, this seems to have worked!
I guess I need to learn about SELinux now. :)
On 03/05/2017 06:04 PM, Robert Moskowitz wrote:
Are you running SELinux?
Have you done the needed:
chcon -R -t httpd_sys_content_rw_t /diretory
commands?
On 03/05/2017 05:48 PM, David B Snyder wrote:
I am trying to set up httpd across several file systems on a Fedora
25 Linux
system, and I'm doing something wrong.
I haven't succeeded in getting httpd to serve pages across the
mounted file systems.
example errors:
[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001]
(13)Permission denied: [client ::1:50082] AH00035: access to
/snyder/index.html denied (filesystem path
'/mnt/Workspace/snyder/www/index.html') because search permissions
are missing on a component of the path
[Sun Mar 05 13:32:01.840581 2017] [core:error] [pid 999]
(13)Permission denied: [client ::1:50084] AH00035: access to
/local/index.html denied (filesystem path '/home/snyder/index.html')
because search permissions are missing on a component of the path
As far as I can tell, the permissions are correct, allowing read and
execute
drwxr-xr-x. 14 root root 4096 Feb 3 09:51 /mnt #this works
drwxr-xr-x. 6 root root 4096 Mar 4 15:55 /mnt/Workspace #does not
work
drwxr-xr-x. 9 snyder snyder 4096 Dec 9 10:31 /home #does not work
From httpd.conf:
...
<Directory "/mnt">
Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted
</Directory>
<Directory "/home/snyder">
Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted
</Directory>
<Directory "/mnt/Workspace">
Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted
</Directory>
alias /local/ /home/snyder/
alias /mnt/ /mnt/
alias /snyder/ /mnt/Workspace/snyder/www/
...
From my browser [Firefox]
'localhost' displays the index.html
'localhost/mnt/' produces a directory listing, however clicking on the
Workspace entry [localhost/mnt/Workspace] produces 403 "Forbidden /n
You don't have permission to access /mnt/Workspace/ on this server."
'localhost/local/' produces a similar 403 "Forbidden" message.
The error_log messages are
[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001]
(13)Permission denied: [client ::1:50082] AH00035: access to
/snyder/index.html denied (filesystem path
'/mnt/Workspace/snyder/www/index.html') because search permissions
are missing on a component of the path
[Sun Mar 05 14:07:25.405553 2017] [autoindex:error] [pid 1000]
(13)Permission denied: [client ::1:50688] AH01275: Can't open
directory for index: /mnt/Workspace/, referer: http://localhost/mnt/
from /etc/mtab:
/dev/sda6 /mnt/Workspace ext4 rw,seclabel,relatime,data=ordered 0 0
/dev/mapper/fedora_snydercpu-home /home ext4
rw,seclabel,relatime,data=ordered 0 0
I'm running Fedora 25 with
httpd.x86_64 2.4.25-1.fc25 @updates
httpd-filesystem.noarch 2.4.25-1.fc25 @updates
httpd-manual.noarch 2.4.25-1.fc25 @updates
httpd-tools.x86_64 2.4.25-1.fc25 @updates
I suppose I could work exclusively within the root file system, But
I think I
should not have to :).
Thanks for any advice
-David Snyder
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
