[olug] Apache config
Barry Von Ahsen
barry at vonahsen.com
Thu Sep 27 17:32:37 UTC 2012
yeah, you're probably missing the SELinux context then. errors are logged to /var/log/audit/audit.log and usually tell you the issue (once you learn to parse the line)
do ls -lZ on /var/www/html and on your new custom directory and make sure they match - I think it's httpd_sys_content_t
then you'll need to run semanage and restorecon to make that persistent - see the end of 5.1 - http://wiki.centos.org/HowTos/SELinux#head-0f6390ddacfab39ee973ed8018a32212c2a02199
you may or may not need the httpd_read_user_content boolean too - do 'getsebool -a | grep http' to see the options
you can probably see why people tend to turn selinux off, but once you get used to it, it's very helpful
-barry
On Sep 27, 2012, at 11:17 AM, Sam Flint wrote:
> yeah CENTOS, I modified it slightly, to enable and use a custom
> directory. SE is enabled, I just havent disabled it yet, it has been
> a headache on my laptop in the past\
>
> Sam
>
> On Thu, Sep 27, 2012 at 11:09 AM, Barry Von Ahsen <barry at vonahsen.com> wrote:
>> is it a red hat-ish distro?
>>
>> what does sestatus say (as root)?
>>
>> # sestatus
>> SELinux status: disabled
>>
>> here's the chunk of the default CentOS userdir configuration, did you tweak that?
>>
>> #
>> # UserDir: The name of the directory that is appended onto a user's home
>> # directory if a ~user request is received.
>> #
>> # The path to the end user account 'public_html' directory must be
>> # accessible to the webserver userid. This usually means that ~userid
>> # must have permissions of 711, ~userid/public_html must have permissions
>> # of 755, and documents contained therein must be world-readable.
>> # Otherwise, the client will only receive a "403 Forbidden" message.
>> #
>> # See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
>> #
>> <IfModule mod_userdir.c>
>> #
>> # UserDir is disabled by default since it can confirm the presence
>> # of a username on the system (depending on home directory
>> # permissions).
>> #
>> UserDir disable
>>
>> #
>> # To enable requests to /~user/ to serve the user's public_html
>> # directory, remove the "UserDir disable" line above, and uncomment
>> # the following line instead:
>> #
>> #UserDir public_html
>>
>> </IfModule>
>>
>> -barry
>>
>>
>> On Sep 27, 2012, at 10:59 AM, Sam Flint wrote:
>>
>>> Ok, that might be it, probably is, but it needs to be apache owned
>>> through and through, I am uasing vhosts if that makes any difference,
>>> along with userdirs.
>>>
>>> Sam
>>>
>>> On Thu, Sep 27, 2012 at 10:36 AM, Barry Von Ahsen <barry at vonahsen.com> wrote:
>>>> sure - my first SWAG is that you're serving from a non-standard directory and don't have a <Directory> allow directive (or that plus a missing SElinux context)
>>>>
>>>> -barry
>>>>
>>>>
>>>> On Sep 27, 2012, at 10:29 AM, Sam Flint wrote:
>>>>
>>>>> I was wondering, would any of you be willing to look at my apache
>>>>> config file and tell me why i get access denied errors?
>>>>>
>>>>> Sam
>>>>>
>>>>> --
>>>>> Sam Flint
>>>>> flintfam.org/~swflint
>>>>> _______________________________________________
>>>>> OLUG mailing list
>>>>> OLUG at olug.org
>>>>> https://lists.olug.org/mailman/listinfo/olug
>>>>
>>>> _______________________________________________
>>>> OLUG mailing list
>>>> OLUG at olug.org
>>>> https://lists.olug.org/mailman/listinfo/olug
>>>
>>>
>>>
>>> --
>>> Sam Flint
>>> flintfam.org/~swflint
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>>
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>
>
>
> --
> Sam Flint
> flintfam.org/~swflint
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list