Quote:
Code:
#============= ftpd_t ============== Code:
getsebool -a | grep ftp |
I thought about what chris suggested but that will cause issues with apache having access to the files due to selinux being enforeced. If it was in permissive mode or disabled it would work with the public_content_rw_t
Enable the boolean i suggested and it will work. No need to modify the context of the directories or files here. |
Quote:
For others in a similar situation, I'll summarize what I did in the end: Code:
[root@localhost ~]# chcon -t public_content_rw_t /var/www/html Code:
[root@localhost ~]# sestatus Lastly, per unSpawns request here are the resulting booleans: Code:
[root@localhost ~]# getsebool -a | grep ftp |
Yes that looks satisfactory. Is apache still able to serve your web files now that you have modified the directory selinux context? from my past experience it shouldnt work if selinux is in enforcing mode. just want to double check
|
Quote:
I've did a lot of monkeying around trying to solve my initial problem before posting my initial question, so perhaps I did something that I haven't described that makes my system is behaving differently than what you expected. Now that I've installed LAMP once, I have half a mind to so a completely fresh install to help set the process in my mind. Thanks to everyone for getting me over this hump. What a great community. Before I close the thread as solved, I've been researching how to give the same rw access to not just /var/www/html/ but all subsequent dir I put into it as any additional dir I've made such as /var/www/html/testdir/ all report the original 553 ftp error when I try to upload into it. I've tried variations of: Code:
[root@localhost ~]# chcon -R -t public_content_rw_t /var/www/html |
The -R is a recursive option, but remember that there are multiple attributes in selinux. The -t is the type context, you also have user and role which play a factor. Do an ls -Z on the new directory and compare to the the others
|
Quote:
Quote:
Quote:
Quote:
|
Thanks. I also just realized that anytime I create new directories within /var/www/html/ I also need to change the GROUP to apache and set the permissions to 755 if I want the FTP via httpd to be able to read/write to them. I'm currently doing this by:
# chown -R MYUSERNAME:apache /var/www/html/ # chmod 755 -R /var/www/html/ I still need to figure out how to set the "Folder Access" to read and write via the command line, but as I can currently do that via GNOME by right clicking a folder and clicking PERMISSIONS->and changing the GROUPS folder access to CREATE & DELETE manualy, I'll consider my problem solved and work on the rest by myself. Thanks again for your help guys! |
Your chmod command changes your permissions here is how the chmod goes.
There are actually 4 numeric permission digits, when you only specify 3 as is the usual case a leading 0 is appended. Ignore the first digit for now, its used for special permissions such as a sitcky bit Your numerical permissions are as follows: 4 = read 2 = write 1 = execute So if you do the math. 7 = 4+2+1 = read+write+execute 5 = 4+1 = read+execute 6 = 4+2 = read+write The location of the numeric digit indicates which set of permissions to apply. So you have chmod 755 The first digit is your owner the second digit is your group and the last digit is everyone else that is not a the owner of the file or a member of the group on the file. |
Actually, in my RH manual it says to try chcon first, then test it, then semanage to fix it in place.
Basically, chcon will last until an SELinux relabel occurs. semanage (as explained by unSpawn) actually alters the SELinux Policy, so that the change will even survive an SELinux relabel. |
This solution works for me:
Code:
[root@prodserver output]# getsebool -a | grep ftp |
a 5 year old nekro post panga
5 years later - today - the SElinux kernel almost never gives me issues except for a NEW system install on new hardware and the initial set up of NON standard software |
All times are GMT -5. The time now is 08:06 AM. |