Curious symlink problem with Apache -- FC12

Tom H tomh0665 at gmail.com
Wed Nov 3 11:04:37 UTC 2010


On Wed, Nov 3, 2010 at 12:11 AM, Robert Moskowitz <rgm at htt-consult.com> wrote:
> On 11/02/2010 10:13 PM, Tom H wrote:
>> On Tue, Nov 2, 2010 at 9:39 PM, Robert Moskowitz<rgm at htt-consult.com>
>>  wrote:
>>>
>>> I have a very simple setup.  This is to create a simple repo.
>>>
>>> In /var/..../repo/html there are three files:
>>>
>>> # ls -ls
>>> total 8
>>> 4 lrwxrwxrwx 1 root root 60 2010-11-02 13:42 Centos-5.5 ->
>>> /media/d4ae05a3-c60f-489d-8159-e16c9a271f0b/repos/centos/5.5
>>> 0 lrwxrwxrwx 1 root root 31 2010-11-02 11:05 FC12 ->
>>> /var/hda/files/repo/fedora/FC12
>>> 4 -rw-r--r-- 1 root root 99 2010-11-02 13:43 index.html
>>>
>>> index.html has in it:
>>>
>>> <html>
>>> <UL>
>>> <LI><A HREF="FC12">Fedora 12</A>
>>> <LI><A HREF="Centos-5.5">Centos 5.5</A>
>>> </UL>
>>> </html>
>>>
>>> The link to FC12 works.  The link ot Centos-5.5 gets a 403 failure:
>>>
>>> You don't have permission to access /Centos-5.5 on this server.
>>>
>>> The permissions look the same, so why the failure?  And looking into
>>> these two symlinks:
>>>
>>> # ls -ls FC12/
>>> total 8
>>> 4 drwxr-xr-x 3 root root 4096 2009-11-21 19:35 os
>>> 4 drwxr-xr-x 3 root root 4096 2009-11-22 21:25 updates
>>>
>>> # ls -ls Centos-5.5/
>>> total 4
>>> 4 drwxr-xr-x 3 root root 4096 2010-11-02 14:04 os
>>>
>>> So what is wrong with the Centos-5.5 symlink?
>>
>> And "ls -lsd ..." for the two directories above?
>
> # ls -ls
> total 8
> 4 lrwxrwxrwx 1 root root 60 2010-11-02 13:42 Centos-5.5 ->
> /media/d4ae05a3-c60f-489d-8159-e16c9a271f0b/repos/centos/5.5
> 0 lrwxrwxrwx 1 root root 31 2010-11-02 11:05 FC12 ->
> /var/hda/files/repo/fedora/FC12
> 4 -rw-r--r-- 1 root root 99 2010-11-02 13:43 index.html
>
> # ls -lsd
> 4 drwxrwxr-x 2 apache users 4096 2010-11-02 13:43 .
>
> # ls -lsd FC12/
> 4 drwxr-xr-x 4 root root 4096 2010-11-02 11:04 FC12/
>
> # ls -lsd Centos-5.5/
> 4 drwxr-xr-x 3 root root 4096 2010-11-02 14:04 Centos-5.5/

I was hoping that it'd be a simple permissions problem but, as someone
else has pointed out, it must be an selinux issue.

You're going to have to compare the selinux contexts with the "-Z" ls
option and then apply the correct context (most probably with
"--type=httpd_sys_content_t") on the CentOS repository.


More information about the users mailing list