On Saturday 07 May 2005 11:45, Trevor "TeC" Christian wrote: > Richard Crawford wrote: > >I'm missing something fundamental in how Apache works, I think. > > > >In /etc/httpd/conf/httpd.conf, I have the following Alias declaration: > > > >========================================================== > > > >Alias /icons/ "/var/www/icons/" > > > ><Directory "/var/www/icons"> > > Options Indexes MultiViews > > AllowOverride None > > Order allow,deny > > Allow from All > ></Directory> > > > > > >Alias /pictures/ "/var/shared/shared_files/Pictures/" > > > ><Directory "/var/shared/shared_files/Pictures"> > > Options Indexes MultiViews > > AllowOverride None > > Order allow,deny > > Allow from All > ></Directory> > > > >========================================================== > > > >Now, the permissions on the two directories, /var/www/icons/ > >and /var/shared/shared_files/Pictures are identical. When I browse to > >http://server/icons/, the files in that directory display as expected. > >However, when I browse to http://server/pictures/, I get a 403-Forbidden > >error. I've messed with file permissions and with the access elements of > > the Alias directive, but the permissions on the two directories are > > identical. I've looked through the documentation of the Alias module at > >http://httpd.apache.org/docs-2.0/mod/mod_alias.html, but I can't find > >anything that I'm missing. > > > >I have other aliases -- notably, webmail -- which point to other > > directories outside of the server document root, so that can't be it. > > > >Any ideas, anyone? This is driving me batty. > > > > > > This may be an SELinux related issue. It was in my similar experience. > > Is SELinux enabled on ur system? Also check the /var/log/messages to > see if there are any avc error messages. Yep, checking /var/log/messages shows a ton of avc messages. SELinux is enabled on my system. > If so, use ls -Z to see the context properties of a folder that works > and use chcon to change that of the folders that don't work executing ls -Z on the Pictures folder shows the following: drwxrwxrwx richard crawford root:object_r:var_t Pictures and executing ls -Z on the squirrelmail folder shows the following: drwxr-xr-x root root system_u:object_r:usr_t squirrelmail So I can certainly see the differences between the two files. Unfortunately, I don't honestly know what I'd be doing with chcon. The Pictures folder is also a Samba share so that my wife can access it directly from her WinXP laptop, so I want to ensure that any changes I execute on the folder with chcon will allow that folder to still be shared out via Samba. Can you point me to any good SELinux resources meant for novices? Thanks. -- Richard S. Crawford http://www.mossroot.com
Attachment:
pgpsKbOrZnc4J.pgp
Description: PGP signature
