Red Hat Bugzilla – Bug 163625
selinux prevents httpd mod_userdir from working
Last modified: 2007-11-30 17:11:10 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.7.8-2
Description of problem:
httpd_enable_homedirs is set to active however a simple request of http://localhost/~username fails. In the httpd error_log I get:
[Tue Jul 19 11:28:33 2005] [error] [client 127.0.0.1] (13)Permission denied: access to /~long denied
If I set httpd_disable_trans active then it works just fine.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Start apache with httpd_disable_trans not active
2. Try to access http://localhost/~username
Actual Results: Get Access Denied and message in httpd error_log.
Expected Results: Should have seen normal web page.
Are you seeing avc messages? Are you using ~long/public_html?
If yes can you restorecon -R -v ~long/public_html
Wow, restorecon made a lot of noise but that seems to have fixed it. I believe
there were some avc messages previously. Would you like me to provide those or
is this a case of user error?
User error would be harsh.
In the man page this is discussed.
httpd by default is not allowed to access users home directories. If
you want to allow access to users home directories you need to set the
httpd_enable_homedirs boolean and change the context of the files that
you want people to access off the home dir.
setsebool -P httpd_enable_homedirs 1
chcon -R -t httpd_sys_content_t ~user/public_html
aha! I didn't know about that man page. Thanks for pointing me to it.