Things were going great until I realized I needed to use some space assigned to /home to host some data. So, I setup a directory there (using Location in a an Apache .conf file). I restarted apache with
service httpd restart and launched my browser... and got a 500 error.Well. Well. So, went through the normal hoops - checking for permissions and usernames and lions and tigers and bears oh my. No joy. However, I saw a reference somewhere that SELinux might be causing the problem (which I kinda expected) and that I could test that proposition with
setenforce 0. Viola'! It worked!Of course, the whole reason for this charade was to try to live with SELinux (even though we use trivial passwords behind the firewall) as a learning experience. Hmmmmph. I was starting to regret this already. So, I used
setenforce 1 to turn the beast back on, and set off on my quest.A few googles away, I found the link below, which let me resolve the problem. The magic incantations I recited included the following two lines:
setsebool httpd_enable_homedirs true
chcon -R -t httpd_sys_content_t .
I was able to view the current extended attributes for SE by using:
ls -alZI'll include the entire blog post as a help to others, but there was no way I was gonna chmod 777 on the directories to make this work! Now, if I could just figure out WHERE those magic incantations come from, without having to learn 1,000 pages of arcana that don't really matter.
David Latham: Allow httpd ( apache ) to write to files and folde...: You may have read my previous post about configuring apache for public_html with selinux. Now today we look at extending this a little wit...
No comments:
Post a Comment