Am Di, den 23.11.2004 schrieb Neil Marjoram um 16:06: Please don't top-post. Now replying to your mail makes it necessary that I resort the mail to make your initial question and the rest to anything understandable. >>> I installed FC3 and I wanted to move my apache2 documentroot from its > >> default /var/www/html to another volume located at /space/vhosts. > >> When I do this apache2 complains: > >> > >> Syntax error on line 265 of /etc/httpd/conf/httpd.conf: > >> DocumentRoot must be a directory > >> >> The directory and all files in it must be writable by apache and (if I > > remember correctly) must be owned by the user running httpd. > > See if changing this will allow httpd to run. > > > I am sorry I picked up on this late, but I have the same trouble. Did > this fix the problem? The above problem and error message is not caused by wrong filesystem permissions but due to SELinux. Please see the beta doc http://fedora.redhat.com/docs/selinux-apache-fc3/ > I have a small issue with the fix (if it did). Apache runs as user > apache, so naturally I set all my file ownership to my webdev user who > has write access, and group to apache who only has read access (accept > directories of course where apache has execute), with no permissions for > other. This means if Apache is compromised it can't write into the > directory or over write a file with something very probably unwanted. > If the apache user needs write access this security model would be > rather useless!! Any comments anyone? Right, I share your opinion. Give a service just those permission it needs. Apache (the user/group it runs as, on Fedora as apache:apache) does not need write permission to ordinary files. It is only then needed if you run dynamic content where Apache itself creates content. James McKenzie's answer was incorrect and even dangerous if followed. Simply take the default DocumentRoot and all directories above: $ ls -ld /var /var/www /var/www/html drwxr-xr-x 21 root root 4096 11. Sep 21:18 /var drwxr-xr-x 9 root root 4096 25. Okt 21:23 /var/www drwxr-xr-x 23 root root 4096 2. Nov 00:22 /var/www/html Obvious that the default setup works. You see any write permissions for apache:apache? No, because not needed. Apache only has to be able to see the files it shall process. > Neil. Btw. I thought it was already clear from the thread that the whole trouble was caused by moving the DocumentRoot to a custom location and not paying attention at least not customizing the SELinux setup. SELinux enforces you to take care for other permissions than the usual filesystem permissions when handling protected daemons, like httpd. Alexander -- Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp Serendipity 19:48:45 up 3 days, 14:36, load average: 0.19, 0.15, 0.19
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
