Bug 163625 - selinux prevents httpd mod_userdir from working
selinux prevents httpd mod_userdir from working
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-19 12:50 EDT by long
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-19 13:42:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description long 2005-07-19 12:50:56 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.7.8-2

Description of problem:
httpd_enable_homedirs is set to active however a simple request of http://localhost/~username fails.  In the httpd error_log I get:

[Tue Jul 19 11:28:33 2005] [error] [client 127.0.0.1] (13)Permission denied: access to /~long denied

If I set httpd_disable_trans active then it works just fine.



Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.25.2-4

How reproducible:
Always

Steps to Reproduce:
1. Start apache with httpd_disable_trans not active
2. Try to access http://localhost/~username
3.
  

Actual Results:  Get Access Denied and message in httpd error_log.


Expected Results:  Should have seen normal web page.


Additional info:

n/a
Comment 1 Daniel Walsh 2005-07-19 13:26:05 EDT
Are you seeing avc messages?  Are you using ~long/public_html?

If yes can you restorecon -R -v ~long/public_html

Dan
Comment 2 long 2005-07-19 13:31:28 EDT
Wow, restorecon made a lot of noise but that seems to have fixed it.  I believe
there were some avc messages previously.  Would you like me to provide those or
is this a case of user error?

Comment 3 Daniel Walsh 2005-07-19 13:42:19 EDT
User error would be harsh.

In the man page this is discussed.

man httpd_selinux
...
       httpd  by  default is not allowed to access users home directories.  If
       you want to allow access to users home directories you need to set  the
       httpd_enable_homedirs  boolean and change the context of the files that
       you want people to access off the home dir.

              setsebool -P httpd_enable_homedirs 1
              chcon -R -t httpd_sys_content_t ~user/public_html
Comment 4 long 2005-07-19 13:45:32 EDT
aha!  I didn't know about that man page.  Thanks for pointing me to it.

Note You need to log in before you can comment on or make changes to this bug.