解放 USER public_html
啟動 SELinux 後的限制。
即使設定 /etc/httpd/conf/httpd.conf 中 UserDir public_html, 外界還是無法瀏覽個人網頁(Forbidden 403)。解決方式如下:
Q: How do I make a user public_html directory work under SELinux?
A: This process presumes that you have enabled user public HTML directories in Apache HTTP configuration (/etc/httpd/conf/httpd.conf). This process only covers serving static Web content. For more information about Apache HTTP and SELinux, refer to http://fedora.redhat.com/docs/selinux-apache-fc3/.
1.
If you do not already have one, you will need to create the public_html directory and populate it with the files and folders to be served.
cd ~mkdir public_html
cp /path/to/content ~/public_html
2.
At this point, httpd is configured to serve the contents, but you will still receive a 403 forbidden error. This is because httpd is not allowed to read the security type for the directory and files as they are created in the user's home directory. To solve this, change the security context of the folder and its contents recursively using the -R option:
ls -Z -d public_html/
drwxrwxr-x auser auser user_u:object_r:user_home_t public_html
chcon -R -t httpd_user_content_t public_html/
ls -Z -d public_html/
drwxrwxr-x auser auser user_u:object_r:httpd_user_content_t public_html/
ls -Z public_html/
-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t bar.html
-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t baz.html
-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t foo.html
You may notice at a later date that the user field, set here to user_u, is changed to system_u. This does not affect how the targeted policy works; the field that matters is the type field.3.You should now be able to serve the static webpages. If you continue to have errors, check to see that the Boolean that enables user home directories is enabled. This can be set using system-config-securitylevel, under the SELinux tab within the Modify SELinux Policy area, enabling Allow HTTPD to read home directories. The changes take effect immediately.
注意第2步驟中的 chcon -R ... 的指令。就是這個指令改變權限。
即使設定 /etc/httpd/conf/httpd.conf 中 UserDir public_html, 外界還是無法瀏覽個人網頁(Forbidden 403)。解決方式如下:
Q: How do I make a user public_html directory work under SELinux?
A: This process presumes that you have enabled user public HTML directories in Apache HTTP configuration (/etc/httpd/conf/httpd.conf). This process only covers serving static Web content. For more information about Apache HTTP and SELinux, refer to http://fedora.redhat.com/docs/selinux-apache-fc3/.
1.
If you do not already have one, you will need to create the public_html directory and populate it with the files and folders to be served.
cd ~mkdir public_html
cp /path/to/content ~/public_html
2.
At this point, httpd is configured to serve the contents, but you will still receive a 403 forbidden error. This is because httpd is not allowed to read the security type for the directory and files as they are created in the user's home directory. To solve this, change the security context of the folder and its contents recursively using the -R option:
ls -Z -d public_html/
drwxrwxr-x auser auser user_u:object_r:user_home_t public_html
chcon -R -t httpd_user_content_t public_html/
ls -Z -d public_html/
drwxrwxr-x auser auser user_u:object_r:httpd_user_content_t public_html/
ls -Z public_html/
-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t bar.html
-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t baz.html
-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t foo.html
You may notice at a later date that the user field, set here to user_u, is changed to system_u. This does not affect how the targeted policy works; the field that matters is the type field.3.You should now be able to serve the static webpages. If you continue to have errors, check to see that the Boolean that enables user home directories is enabled. This can be set using system-config-securitylevel, under the SELinux tab within the Modify SELinux Policy area, enabling Allow HTTPD to read home directories. The changes take effect immediately.
注意第2步驟中的 chcon -R ... 的指令。就是這個指令改變權限。
留言