LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-13-2006, 11:18 PM   #1
cylarz
Member
 
Registered: Aug 2005
Location: California
Distribution: CentOS 5
Posts: 54

Rep: Reputation: 15
SE Linux woes


Hey all,

For the two people on Earth who don't yet know it, I'm running Fedora Core 5 from Redhat. You probably also know that this comes equipped with SE Linux, which I've left on for, well, enhanced security.

I'm hosting a website on the system and want to post some pictures as part of the site. I'm coding my HTML manually
and am calling my images with a standard <IMG SRC="mypic.jpg"> tag. Trouble is, when I point my browser to the server's webpage and try to view the images, I get "broken gif" images. If I try posting a link to the image with <A HREF blah blah </A> instead, I get "403 forbidden" when I click on the link.

I've never had this problem before I switched to using later versions of FC that have SE Linux installed, so I've reason to suspect it's the problem. Any ideas?

Matt
 
Old 06-13-2006, 11:19 PM   #2
cylarz
Member
 
Registered: Aug 2005
Location: California
Distribution: CentOS 5
Posts: 54

Original Poster
Rep: Reputation: 15
Addendum: I've already double-checked that file permissions on the images files themselves are set correctly and that the HTML code is referring to the right pathname in the <IMG SRC> tag.
 
Old 06-13-2006, 11:53 PM   #3
fedora4002
Member
 
Registered: Mar 2004
Posts: 135

Rep: Reputation: 15
try disable selinux by using
/usr/sbin/setenforce 0

Then run your webpage to see whether it works or not. If yes. It means the root problem lies at selinxu. You can edit the policy file to get it work.
 
Old 06-14-2006, 01:43 AM   #4
joseph
Member
 
Registered: Jun 2003
Location: Batam
Distribution: Ubuntu 10 And Linux Mint
Posts: 414

Rep: Reputation: 30
try

setsebool httpd_disable_trans 1
 
Old 06-14-2006, 04:16 AM   #5
spooon
Senior Member
 
Registered: Aug 2005
Posts: 1,755

Rep: Reputation: 51
Quote:
Originally Posted by cylarz
Hey all,

For the two people on Earth who don't yet know it, I'm running Fedora Core 5 from Redhat. You probably also know that this comes equipped with SE Linux, which I've left on for, well, enhanced security.

I'm hosting a website on the system and want to post some pictures as part of the site. I'm coding my HTML manually
and am calling my images with a standard <IMG SRC="mypic.jpg"> tag. Trouble is, when I point my browser to the server's webpage and try to view the images, I get "broken gif" images. If I try posting a link to the image with <A HREF blah blah </A> instead, I get "403 forbidden" when I click on the link.

I've never had this problem before I switched to using later versions of FC that have SE Linux installed, so I've reason to suspect it's the problem. Any ideas?

Matt
A file needs to have the right "context" to be accessible by Apache. Files created in the /var/www/html directory will inherit the correct context; but if you move files from other places, it won't have the correct context. You can restore context with the "restorecon" command, like:
Code:
restorecon mypic.jpg
or
Code:
restorecon -R /var/www/html
Turning off security is not a good idea.
 
Old 06-15-2006, 01:33 AM   #6
akamol
LQ Newbie
 
Registered: Jul 2003
Location: India
Posts: 12

Rep: Reputation: 0
Disable SELinux

edit file /etc/selinux/config.
set SELINUX=disable
your problem wil be solved.
 
Old 06-15-2006, 02:13 PM   #7
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 901

Rep: Reputation: 320Reputation: 320Reputation: 320Reputation: 320
Quote:
Originally Posted by cylarz
...I'm coding my HTML manually
and am calling my images with a standard <IMG SRC="mypic.jpg"> tag. Trouble is, when I point my browser to the server's webpage and try to view the images, I get "broken gif" images. If I try posting a link to the image with <A HREF blah blah </A> instead, I get "403 forbidden" when I click on the link.

I've never had this problem before I switched to using later versions of FC that have SE Linux installed...
Now that's hardened.
 
Old 06-20-2006, 09:01 AM   #8
doublejoon
Member
 
Registered: Oct 2003
Location: King George, VA
Distribution: RHEL/CentOS/Scientific/Fedora, LinuxMint
Posts: 370

Rep: Reputation: 44
Quote:
Originally Posted by akamol
edit file /etc/selinux/config.
set SELINUX=disable
your problem wil be solved.

disabling security solves problems? Well I think SElinux is implemented for a reason

If in fact it is SElinux. He just needs to set the proper SElinux permissions with chcon command
 
Old 06-20-2006, 09:36 AM   #9
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
If security gets in the way of usability, then disabling (some) security does solve the problem. A typical desktop PC user really has no need for SELinux at all. Running an Apache web server though... well, if it uses a public IP disabling SELinux might not be such a good idea.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux for PPC woes bakuretsu Linux - General 3 07-11-2003 09:12 AM
Linux MD RAID woes eck Linux - Hardware 0 01-11-2003 08:52 PM
Linux woes Eoin Linux From Scratch 3 12-21-2002 02:09 PM
Yet even more Linux woes..... johnnyd Linux - General 5 05-01-2001 02:59 PM
Linux installation/questions and woes...... johnnyd Linux - General 1 04-25-2001 10:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration