LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 09-01-2010, 01:44 PM   #1
unix1adm
Member
 
Registered: Oct 2008
Posts: 624

Rep: Reputation: 30
question about selinux and apache


I just configured my apache on CentOS 5.5. It started up. I then configured my VirtualHosts to have 2 definitions. Copied the example from the file for now. Restarted the httpd process and I get this:
Code:
Starting httpd: Warning: DocumentRoot [/home/mysite] does not exist
I cd to the dir and a basic index.html file is there. I googled the error and found the following...
Quote:
Edit /etc/sysconfig/selinux and change it to disabled then reboot.
Now my question is this: Why would you want/need to disable selinux? I want selinux enabled especially on a www server. Should I disable/reboot then re-enable it? Is this a 1 time deal?

None of the posts I read explained why you needed to disable it and if you could re-enable it. I tried to go to the http://www.apache.org site and it says its not responding. So I cannot look things up there.

I found this link after some searching but I dont understand the chcon command and dont want to munge my system: http://www.centos.org/modules/newbb/...=2147&forum=31

Code:
ls -al --contex /home
drwxr-xr-x root root system_u:object_r:file_t .
drwxr-xr-x root root system_u:object_r:root_t ..
drwx------ root root system_u:object_r:file_t lost+found
drwxr-xr-x apache apache user_u:object_r:file_t www
Code:
[root@loxww35 audit]# ls -al --contex /home/www
drwxr-xr-x apache apache user_u:object_r:file_t .
drwxr-xr-x root root system_u:object_r:file_t ..
drwxr-xr-x apache apache user_u:object_r:file_t sample1_com
drwxr-xr-x apache apache user_u:object_r:file_t sample2_com
drwxr-xr-x apache apache user_u:object_r:file_t logs
I'm still reading up on it but not sure if what I am looking at is OK or not. It looks like apache.apache is the owner of the files OK.. I just noticed this too. I am wondering why it things there are not virtual hosts? I defined 2 of them.

Code:
$ service httpd start
Starting httpd: Warning: DocumentRoot [/home/wwww/sample1_com] does not exist
Warning: DocumentRoot [/home/www/sample2_com] does not exist
[Wed Sep 01 14:03:24 2010] [warn] NameVirtualHost *:80 has no VirtualHosts
[ OK ]
Some people remove the dirs and rebuilt them. I tried this and still does not work. I even tried new names and updated the httpd.conf file to reflect that.

Last edited by Matir; 09-07-2010 at 06:55 PM. Reason: Simplify post.
 
Old 09-01-2010, 02:18 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,261
Blog Entries: 54

Rep: Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841
Quote:
Originally Posted by unix1adm View Post
Why would you want/need to disable selinux?
Unfortunately a lot of tutorials and advice on the 'net are way old or written by ignoramuses. At the time SELinux was first offered the first tutorials would have made sense for most casual users as it definitely was not that easy to use. The latter category unfortunately is not bound by time and is more wide-spread than you would think as it includes professional / paid writers, software vendors, casual forum, mailing list and IRC banter and such. The problem is that a lot of people think what is written is true without checking things themselves. Then of course there's this typically human trait that anything new can't be good at all (16K being good enough) and that having it easy is always better than having to read and understand somebody elses documentation...
What does work is the documentation Centos and Fedora come with.

Httpd by default is not allowed to access users home directories. So first set the "httpd_sys_content_t" context reserved for serving content (see '\ls -dZ /var/www/html'): 'chcon -R -t httpd_sys_content_t /home/wwww/sample{1,2}_com ' and then enable with 'setsebool -P httpd_enable_homedirs 1'. See 'man httpd_selinux' for more.

* It would be better if you don't tack on posts to your OP because when you do you lose thread 0-reply state (best use the edit button).
** Remember that being precise (exact error messages) and complete (in this case: the complete setroubleshoot or /var/log/audit/audit.log message) beats any "this doesn't work" or "I've got an error saying" description.
 
Old 09-01-2010, 02:49 PM   #3
unix1adm
Member
 
Registered: Oct 2008
Posts: 624

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by unSpawn View Post
Unfortunately a lot of tutorials and advice on the 'net are way old or written by ignoramuses. At the time SELinux was first offered the first tutorials would have made sense for most casual users as it definitely was not that easy to use. The latter category unfortunately is not bound by time and is more wide-spread than you would think as it includes professional / paid writers, software vendors, casual forum, mailing list and IRC banter and such. The problem is that a lot of people think what is written is true without checking things themselves. Then of course there's this typically human trait that anything new can't be good at all (16K being good enough) and that having it easy is always better than having to read and understand somebody elses documentation...
What does work is the documentation Centos and Fedora come with.

Httpd by default is not allowed to access users home directories. So first set the "httpd_sys_content_t" context reserved for serving content (see '\ls -dZ /var/www/html'): 'chcon -R -t httpd_sys_content_t /home/wwww/sample{1,2}_com ' and then enable with 'setsebool -P httpd_enable_homedirs 1'. See 'man httpd_selinux' for more.

* It would be better if you don't tack on posts to your OP because when you do you lose thread 0-reply state (best use the edit button).
** Remember that being precise (exact error messages) and complete (in this case: the complete setroubleshoot or /var/log/audit/audit.log message) beats any "this doesn't work" or "I've got an error saying" description.
Thank you for the information. As I stated this site was doing strange things to me so I could not post as one post. I think it was the smilies code causing the problem.

I will look up those articles you posted.
 
Old 09-01-2010, 03:02 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,261
Blog Entries: 54

Rep: Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841
If you want to you could start here: http://wiki.centos.org/HowTos/SELinux and here: http://docs.fedoraproject.org/en-US/..._examples.html.
 
Old 09-03-2010, 01:55 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,261
Blog Entries: 54

Rep: Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841
// FUP
 
Old 09-07-2010, 06:57 PM   #6
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
unix1adm: I've combined your first 5 posts into a single post to make it a little easier for people to read. I've also inserted some code tags. I have not, however, changed any of the contents of your posts.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: SELinux with Apache LXer Syndicated Linux News 0 04-19-2008 10:41 AM
SELinux and Apache Treason Uncloaked error! keysorsoze Linux - Security 6 04-19-2008 04:16 AM
SELINUX or ls -Z..no control of Apache mikeghet Suse/Novell 0 10-28-2005 12:57 AM
SELinux + Apache + MySQL + PHP SADANA Fedora 6 03-28-2005 10:06 PM
Apache and selinux azrael808 Linux - Software 1 02-10-2005 12:41 PM


All times are GMT -5. The time now is 03:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration