NB: This is NOT a top-posting list. http://fedoraproject.org/wiki/Communicate/MailingListGuidelines#head-21931671219f9e2ecd6ec8655a3d582326699379 On Thu, 2008-05-22 at 09:26 -0400, Charles Layno wrote: > It is the Selinux. I turned it off to check and apacher serves up the > web pages with no problem. > > I know nothing about Selinux, so can you direct me on how to do that. > I read some stuff on the net about it and it is all mush to me. Basic background information: SELinux allows/restricts access based on various contexts, files are marked with the contexts that they can be used (e.g. user files, web serveable, etc.), which allows files that should be web serveable to be served, and disallows things that shouldn't. With SELinux-aware software and systems, when you "create" files they're created with appropriate contexts. e.g. If you create a new file in /var/www/html/ it'll be created in a serveable manner. Likewise, if you copy a file to that place, the copy will be given appropriate contexts. But if you move a file, it'll keep its originals contexts. Which will probably mean it's not serveable. That sort of thing catches a lot of people when they make new files in their homespace (which will have a different file context), then move them to somewhere else. Or they simply create them somewhere else. Relabelling *those* files solves that problem (the restorecon command). You can see what contexts are applied to file and directories by using the -Z parameter with the ls command, or using a file manager which shows you them (e.g. Nautilus can be configured to show them). [tim@bigblack ~]$ ls -Z /var/www/ drwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t cgi-bin drwxr-xr-x root root system_u:object_r:httpd_sys_content_t error drwxr-xr-x root root system_u:object_r:httpd_sys_content_t html drwxr-xr-x root root system_u:object_r:httpd_sys_content_t icons drwxr-xr-x root root system_u:object_r:httpd_sys_content_t manual drwxr-xr-x webalizer root system_u:object_r:httpd_sys_content_t usage That's the file side of things. There's also policies which are applied to the system. There's managing tools for that (system-config-selinux), that allow you to set options (httpd boolean settings) such as whether Apache can read files outside of /var/www/html, like from within the /home directories. Running that configuration tool and looking at the appropriate booleans might help you solve your problem. But since you mentioned not serving out from the default location, earlier in the thread, you're probably going to have to deal with setting the right contexts on your files. That's probably easier if served from within /srv/ that some random place on the directory tree, since /srv is meant for serving files from. But, again, we're hamstrung for giving advice since you've given no specific information about what you're actually doing. FAQ about SELinux and Apache webserving: http://docs.fedoraproject.org/selinux-apache-fc3/ (old, but should still be applicable) -- [tim@bigblack ~]$ uname -ipr 2.6.23.15-80.fc7 i686 i386 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
