Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 163625 - selinux prevents httpd mod_userdir from working
selinux prevents httpd mod_userdir from working
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-19 12:50 EDT by long
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-19 13:42:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description long 2005-07-19 12:50:56 EDT 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.7.8-2

Description of problem:
httpd_enable_homedirs is set to active however a simple request of http://localhost/~username fails.  In the httpd error_log I get:

[Tue Jul 19 11:28:33 2005] [error] [client 127.0.0.1] (13)Permission denied: access to /~long denied

If I set httpd_disable_trans active then it works just fine.



Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.25.2-4

How reproducible:
Always

Steps to Reproduce:
1. Start apache with httpd_disable_trans not active
2. Try to access http://localhost/~username
3.
  

Actual Results:  Get Access Denied and message in httpd error_log.


Expected Results:  Should have seen normal web page.


Additional info:

n/a
Comment 1 Daniel Walsh 2005-07-19 13:26:05 EDT 
Are you seeing avc messages?  Are you using ~long/public_html?

If yes can you restorecon -R -v ~long/public_html

Dan
Comment 2 long 2005-07-19 13:31:28 EDT 
Wow, restorecon made a lot of noise but that seems to have fixed it.  I believe
there were some avc messages previously.  Would you like me to provide those or
is this a case of user error?
Comment 3 Daniel Walsh 2005-07-19 13:42:19 EDT 
User error would be harsh.

In the man page this is discussed.

man httpd_selinux
...
       httpd  by  default is not allowed to access users home directories.  If
       you want to allow access to users home directories you need to set  the
       httpd_enable_homedirs  boolean and change the context of the files that
       you want people to access off the home dir.

              setsebool -P httpd_enable_homedirs 1
              chcon -R -t httpd_sys_content_t ~user/public_html
Comment 4 long 2005-07-19 13:45:32 EDT 
aha!  I didn't know about that man page.  Thanks for pointing me to it.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.