Unable to access webserver folder
 

SELinux restricting access to a folder which in turn prevents my apache config access the document root.

- I have SELinux turned on.

=== No Problem with the following: ===
/etc/httpd/conf/httpd.conf:
<VirtualHost *:80>
ServerAdmin root@www.clare.com
DocumentRoot /var/www/html/clare.dev
ServerName www.clare.com
ErrorLog logs/www.clare.com-error_log
CustomLog logs/www.clare.com-access_log common
</VirtualHost>

I can access the site.

=== Problem arises when: ===
I change the folder to a higher level:
DocumentRoot to /claresite

[error] [client 127.0.0.1] client denied by server configuration: /claresite/

Here are my return results:

root@linux1 logs/ # ls -Z /claresite/
-rw-r--r-- root root root:object_r:httpd_sys_content_t index.html
root@linux1 logs/ # ls -Z /var/www/html/clare.dev/
-rw-r--r-- root root root:object_r:httpd_sys_content_t index.html

I'm new to SELinux and I can't find out why this is happening? Can anyone share some ideas on why this is occurring?

TIA

A typical webserver log entry. This does not show any evidence of SELinux restricting access to that folder. If there is any you'd find it in /var/log/audit/audit.log (or /var/log/messages if you don't run Auditd) but not in /var/log/httpd/.

SELinux restricts access to files and folders by their labels; what do you get for the output of this: As unSpawn says, the error you're getting doesn't point to SELinux; you should check the audit.log file to be sure. If it is an SELinux issue, then this should help you setting up the right rules and labels: http://stuff.mit.edu/afs/athena.mit....pter-0017.html

Since the error refers to the server configuration, it seems more likely that you are missing a <Document> or <Location> tag entry for the document or folder that you're reading from in Apache's httpd.conf file (or an included configuration file for the site).

- Thanks guys, ok its not a SELinux problem after all. I've checked the audit.log and there was no entry.
- I made a test to see if the Virtual Host's DocumentRoot can see a folder higher than the general DocumentRoot which was '/var/www/html'.
---- I changed the /claresite to a symbolic link to /var/www/html/clare.dev instead. So I believe that even the SELinux labels are preserved when accessing this folder. Result: still wasn't able to access the index.html file inside.

Still haven't solved it; but I'm still intrigued.

I've reflected your growing insight by changing your thread title to read "Unable to access webserver folder". Furthermore I think you should adjust your webservers configuration instead of symlinking. I'll move this thread to the Linux Server forum as it is not a Linux Security issue. The symlink will dissolve in 5 days.

If your linux system is unable to access webserver then do following:
Step 1. Configure Apache to Allow Access Authorization.
Step 2. Identify the Folder/Directory to Protect.
Step 3. Add Access Files to the Folder.
Step 4. Add Additional Users.
Step 5. Test the Password Function.