John Griffiths wrote:
Sorry. I'm new to Fedora and SE Linux. Forgot to look in
/var/log/audit/audit.log. There are many avc messages in
/var/log/audit/audit.log, but the ones that I think are relevant to
this are repeats of:
type=AVC msg=audit(1122050110.135:15537760): avc: denied {
getattr } for pid=
3517 comm="httpd" name="/<user name edited for security>/"
dev=hdc1 ino=10780673 scontext=root:system_r:httpd
_t tcontext=root:object_r:file_t tclass=dir
file_t means that you have a labeling problem.
touch /.autorelabel
reboot
The user's home directory does not have the same security
permissions
as the user's public_html directory since the How To did not specify
that it needed to be any more than have the permissions of 711.
Regards,
John
Daniel J Walsh wrote:
> John Griffiths wrote:
>
>> None when I try to access the user's public_html. There are some
>> from when I turned enforcing off and back on.
>>
>> Jul 22 12:35:07 gei dbus: avc: received setenforce notice
>> (enforcing=0)
>> Jul 22 12:35:07 gei dbus: avc: received setenforce notice
>> (enforcing=0)
>> Jul 22 12:36:01 gei dbus: avc: received setenforce notice
>> (enforcing=1)
>> Jul 22 12:36:01 gei dbus: avc: received setenforce notice
>> (enforcing=1)
>>
>> That was when I was confirming that I could see the user's public_html.
>>
> You looked in both /var/log/audit/audit.log and /var/log/messages?
>
>> John
>>
>> Daniel J Walsh wrote:
>>
>>> John Griffiths wrote:
>>>
>>>> I cannot get users public_html content to publish in FC4. I keep
>>>> getting "You don't have permission to access /~<user>/ on
this
>>>> server." I can access the user's public_html when I change
SELinux
>>>> to Permissive.
>>>>
>>>> I searched the archives and did not find anything, and I followed
>>>> the direction in section 4 of "Understanding and Customizing the
>>>> Apache HTTP SELinux Policy" which was written for FC3.
>>>>
>>>> The httpd booleans are:
>>>> httpd_builtin_scripting active
>>>> httpd_can_network_connect active
>>>> httpd_disable_trans inactive
>>>> httpd_enable_cgi active
>>>> httpd_enable_homedirs active
>>>> httpd_ssi_exec active
>>>> httpd_suexec_disable_trans inactive
>>>> httpd_tty_comm inactive
>>>> httpd_unified active
>>>>
>>>> The security setting on the user's public_html and the files in
>>>> the directory is user_u:object_r:httpd_sys_content_t . Obviously
>>>> the standard UGW permissions are OK since turning off SELinux
>>>> allows the content to be accessed.
>>>>
>>>> What am I missing, or is this a bug?
>>>>
>>>> Thanks,
>>>> John Griffiths
>>>>
>>>> --
>>>> fedora-selinux-list mailing list
>>>> fedora-selinux-list(a)redhat.com
>>>>
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>
>>>
>>>
>>> Any avc messages?
>>>
>
>
--