Am Sa, den 27.11.2004 schrieb Arthur Stephens um 2:00:
> I am new to SELinux
> I transfered our websites over and discovered I had to have them all under /usr/www/
Who or what does tell you this should be this way? /usr/ is the wrong
place.
> After shuffling files around, correcting httpd.conf and running fixfiles I have been able to get all but this one stubborn one to work.
>
> httpd/error_log
> (13)Permission denied: httpd: could not open error log file /usr/www/spokanewines.com/logs/error_log.
> Unable to open logs
>
> /var/log/message
> Nov 26 19:26:20 webmail kernel: audit(1101525980.703:0): avc: denied { write } for pid=2345 exe=/usr/sbin/httpd name=logs dev=dm-0 ino=552202 scontext=root:system_r:httpd_t tcontext=system_u:object_r:usr_t tclass=dir
> Nov 26 19:26:20 webmail httpd: httpd startup failed
> Arthur Stephens
ls -aZ /usr/www/spokanewines.com/logs
ls -ldZ /usr /usr/www /usr/www/spokanewines.com
/usr/www/spokanewines.com/logs
The default Apache log file permissions and contexts are:
$ ls -aZ /var/log/httpd
drwx------ root root system_u:object_r:httpd_log_t .
drwxr-xr-x root root system_u:object_r:var_log_t ..
-rw-r--r-- root root system_u:object_r:httpd_log_t
access_log
-rw-r--r-- root root system_u:object_r:httpd_log_t error_log
$ ls -ldZ /var /var/log /var/log/httpd
drwxr-xr-x root root system_u:object_r:var_t /var
drwxr-xr-x root root system_u:object_r:var_log_t /var/log
drwx------ root root system_u:object_r:httpd_log_t
/var/log/httpd
You will have to adjust the SELinux context.
Alexander
--
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp
Serendipity 03:59:12 up 6 days, 22:46, load average: 0.21, 0.72, 0.85
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
