Thanks for the info. I am serving my pages from /html on its own drive with a tree below that serves several domains. Is it better to change DocumentRoot as a symbolic link or as direct? I am running FC9 with Apache 2.2.8 and a generic disk install. Thanks, Charles On Thursday 22 May 2008 10:22:58 Tim wrote: > NB: This is NOT a top-posting list. > http://fedoraproject.org/wiki/Communicate/MailingListGuidelines#head-219316 >71219f9e2ecd6ec8655a3d582326699379 > > On Thu, 2008-05-22 at 09:26 -0400, Charles Layno wrote: > > It is the Selinux. I turned it off to check and apacher serves up the > > web pages with no problem. > > > > I know nothing about Selinux, so can you direct me on how to do that. > > I read some stuff on the net about it and it is all mush to me. > > Basic background information: > > SELinux allows/restricts access based on various contexts, files are > marked with the contexts that they can be used (e.g. user files, web > serveable, etc.), which allows files that should be web serveable to be > served, and disallows things that shouldn't. > > With SELinux-aware software and systems, when you "create" files they're > created with appropriate contexts. e.g. If you create a new file > in /var/www/html/ it'll be created in a serveable manner. Likewise, if > you copy a file to that place, the copy will be given appropriate > contexts. > > But if you move a file, it'll keep its originals contexts. Which will > probably mean it's not serveable. That sort of thing catches a lot of > people when they make new files in their homespace (which will have a > different file context), then move them to somewhere else. Or they > simply create them somewhere else. Relabelling *those* files solves > that problem (the restorecon command). > > You can see what contexts are applied to file and directories by using > the -Z parameter with the ls command, or using a file manager which > shows you them (e.g. Nautilus can be configured to show them). > > [tim@bigblack ~]$ ls -Z /var/www/ > drwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t > cgi-bin drwxr-xr-x root root system_u:object_r:httpd_sys_content_t > error drwxr-xr-x root root system_u:object_r:httpd_sys_content_t html > drwxr-xr-x root root system_u:object_r:httpd_sys_content_t icons > drwxr-xr-x root root system_u:object_r:httpd_sys_content_t manual > drwxr-xr-x webalizer root system_u:object_r:httpd_sys_content_t usage > > That's the file side of things. There's also policies which are applied > to the system. There's managing tools for that (system-config-selinux), > that allow you to set options (httpd boolean settings) such as whether > Apache can read files outside of /var/www/html, like from within > the /home directories. > > Running that configuration tool and looking at the appropriate booleans > might help you solve your problem. But since you mentioned not serving > out from the default location, earlier in the thread, you're probably > going to have to deal with setting the right contexts on your files. > That's probably easier if served from within /srv/ that some random > place on the directory tree, since /srv is meant for serving files from. > > But, again, we're hamstrung for giving advice since you've given no > specific information about what you're actually doing. > > FAQ about SELinux and Apache webserving: > http://docs.fedoraproject.org/selinux-apache-fc3/ > (old, but should still be applicable) > > -- > [tim@bigblack ~]$ uname -ipr > 2.6.23.15-80.fc7 i686 i386 > > Don't send private replies to my address, the mailbox is ignored. > I read messages from the public lists. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
