- 论坛徽章:
- 0
|
Recently I tried to add a new virtual host in my RHEL4 server, and added my own configuration file stanley.conf in /etc/http/conf.d/. But to my suprise, the browser told me that I was forbidden to access my virtual host. After checking the system log, I found some log like following:
kernel: audit(1225360594.692:0): avc: denied { search } for pid=8372 exe=/usr/sbin/httpd name=mywebsite ino=2246112 scontext=root:system_r:httpd_t tcontext=user_u:object_r:user_home_t tclass=dir
What caused this failure?
In fact, it is caused by the SELinux mechanism in RHEL4 (This article doesn't cover detail topic related to SELinux, you can refer other material for futhur information). When a file is created, its security context is derived from its parent directory. So you have to make sure that the directory specified as the DocumentRoot of your virtual host has the security context required by Apache. The labels related Apache are list in following tables:
Context Code
Description
httpd_sys_content_t
The type used by regular static web pages with .html and .htm extensions.
httpd_sys_script_ro_t
Required for CGI scripts to read files and directories.
httpd_sys_script_ra_t
Same as the httpd_sys_script_ro_t type but also allows appending data to files by the CGI script.
httpd_sys_script_rw_t
Files with this type may be changed by a CGI script in any way, including deletion.
httpd_sys_script_exec_t
The type required for the execution of CGI scripts
You can check the directory's security context by command:
ls -Z /home/mywebsite
to get its security context, such as user_u:object_r:user_home_t.
To modify the security context for Apache, you can use the command chcon, and then restart Apache server.
chcon -R -h -t httpd_sys_content_t /home/mywebsite
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/48729/showart_1354630.html |
|
免费注册
发表于 2008-10-30 18:30