tony(a)specialistdevelopment.com wrote:
Hi,
Wishing everyone a happy new year!
Can anyone point me in the right direction with a problem im having
with selinux and httpd please?
I have created a virtual host and have created the directory structure:
/vhosts/domain.tld/htdocs # Document root
/vhosts/domain.tld/logs # Log root
/vhosts/domain.tld/private # Private root
I have set the contexts and they display as:
[root@server htdocs]# ls -laZ /vhosts/domain.tld/htdocs
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0 ..
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0
index.html
[root@server htdocs]# ls -laZ /vhosts/domain.tld/logs
drwxr-xr-x. root root unconfined_u:object_r:httpd_log_t:s0 .
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0 ..
so to me this looks like it has the right contexts.
when i try to start apache i get the following error:
[root@server htdocs]# /sbin/service httpd start
Starting httpd: Warning: DocumentRoot [/vhosts/domain.tld/htdocs] does
not exist
httpd: Could not reliably determine the server's fully qualified
domain name, using ::1 for ServerName
[FAILED]
now i know the directory exists, which confuses me. below are the error
logs:
[root@server htdocs]# tail /var/log/httpd/error_log
(13)Permission denied: httpd: could not open error log file
/wb01/specialistdevelopment.com/www.specialistdevelopment.com/logs/erro
r.l
og.
Unable to open logs
Can anyone help as i am really stuck.
Thankyou in advance!
Tony
I have found that apache needs at least search access to _all_ the
directories in the hierarchy - so your /vhosts and your
/vhosts/domain.tld directories both need to be some type that apache can
search.
Also check /var/log/audit/audit.log (or ausearch) for the precise denial
message.
Moray.
"To err is human. To purr, feline"