Red Hat Bugzilla – Bug 163625
selinux prevents httpd mod_userdir from working
Last modified: 2007-11-30 17:11:10 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.7.8-2 Description of problem: httpd_enable_homedirs is set to active however a simple request of http://localhost/~username fails. In the httpd error_log I get: [Tue Jul 19 11:28:33 2005] [error] [client 127.0.0.1] (13)Permission denied: access to /~long denied If I set httpd_disable_trans active then it works just fine. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.25.2-4 How reproducible: Always Steps to Reproduce: 1. Start apache with httpd_disable_trans not active 2. Try to access http://localhost/~username 3. Actual Results: Get Access Denied and message in httpd error_log. Expected Results: Should have seen normal web page. Additional info: n/a
Are you seeing avc messages? Are you using ~long/public_html? If yes can you restorecon -R -v ~long/public_html Dan
Wow, restorecon made a lot of noise but that seems to have fixed it. I believe there were some avc messages previously. Would you like me to provide those or is this a case of user error?
User error would be harsh. In the man page this is discussed. man httpd_selinux ... httpd by default is not allowed to access users home directories. If you want to allow access to users home directories you need to set the httpd_enable_homedirs boolean and change the context of the files that you want people to access off the home dir. setsebool -P httpd_enable_homedirs 1 chcon -R -t httpd_sys_content_t ~user/public_html
aha! I didn't know about that man page. Thanks for pointing me to it.