<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Sorry. I'm new to Fedora and SE Linux. Forgot to look in
/var/log/audit/audit.log. There are many avc messages in
/var/log/audit/audit.log, but the ones that I think are relevant to
this are repeats of:<br>
<blockquote>type=AVC msg=audit(1122050110.135:15537760): avc: denied
{ getattr } for pid=<br>
3517 comm="httpd" name="<i><user name edited for security></i>"
dev=hdc1 ino=10780673 scontext=root:system_r:httpd<br>
_t tcontext=root:object_r:file_t tclass=dir<br>
</blockquote>
The user's home directory does not have the same security permissions
as the user's public_html directory since the How To did not specify
that it needed to be any more than have the permissions of 711.<br>
<br>
Regards,<br>
John<br>
<br>
Daniel J Walsh wrote:
<blockquote cite="mid42E4F60D.1030405@redhat.com" type="cite">John
Griffiths wrote:
<br>
<br>
<blockquote type="cite">None when I try to access the user's
public_html. There are some from when I turned enforcing off and back
on.
<br>
<br>
Jul 22 12:35:07 gei dbus: avc: received setenforce notice
<br>
(enforcing=0)
<br>
Jul 22 12:35:07 gei dbus: avc: received setenforce notice
<br>
(enforcing=0)
<br>
Jul 22 12:36:01 gei dbus: avc: received setenforce notice
<br>
(enforcing=1)
<br>
Jul 22 12:36:01 gei dbus: avc: received setenforce notice
<br>
(enforcing=1)
<br>
<br>
That was when I was confirming that I could see the user's public_html.
<br>
<br>
</blockquote>
You looked in both /var/log/audit/audit.log and /var/log/messages?
<br>
<br>
<blockquote type="cite">John
<br>
<br>
Daniel J Walsh wrote:
<br>
<br>
<blockquote type="cite">John Griffiths wrote:
<br>
<br>
<blockquote type="cite">I cannot get users public_html content to
publish in FC4. I keep getting "You don't have permission to access
/~<user>/ on this server." I can access the user's public_html
when I change SELinux to Permissive.
<br>
<br>
I searched the archives and did not find anything, and I followed the
direction in section 4 of "Understanding and Customizing the Apache
HTTP SELinux Policy" which was written for FC3.
<br>
<br>
The httpd booleans are:
<br>
httpd_builtin_scripting active
<br>
httpd_can_network_connect active
<br>
httpd_disable_trans inactive
<br>
httpd_enable_cgi active
<br>
httpd_enable_homedirs active
<br>
httpd_ssi_exec active
<br>
httpd_suexec_disable_trans inactive
<br>
httpd_tty_comm inactive
<br>
httpd_unified active
<br>
<br>
The security setting on the user's public_html and the files in the
directory is user_u:object_r:httpd_sys_content_t . Obviously the
standard UGW permissions are OK since turning off SELinux allows the
content to be accessed.
<br>
<br>
What am I missing, or is this a bug?
<br>
<br>
Thanks,
<br>
John Griffiths
<br>
<br>
-- <br>
fedora-selinux-list mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:fedora-selinux-list@redhat.com">fedora-selinux-list@redhat.com</a>
<br>
<a class="moz-txt-link-freetext" href="http://www.redhat.com/mailman/listinfo/fedora-selinux-list">http://www.redhat.com/mailman/listinfo/fedora-selinux-list</a>
<br>
</blockquote>
<br>
<br>
Any avc messages?
<br>
<br>
</blockquote>
</blockquote>
<br>
<br>
</blockquote>
</body>
</html>