SELinux: Fix HTTPD 'Access Denied' Problem
I reconfigured the httpd service and changed DocumentRoot. However each time when I tried to visit the web site, I always got an 'access denied' error. Checking the error log under /var/log/httpd, I got lines like:
[Mon Jan 30 20:01:09 2006] [error] [client 127.0.0.1] (13)Permission denied: access to / denied
As I believed the permissions on the DocumentRoot are correctly set (0755, which is quite standard), I suspected the bad-famed SELinux was doing its trick again.
This time I was just doing the "brutal" job: disable SELinux protection on httpd completely:
setsebool -P httpd_disable_trans 1,
and
/sbin/service httpd restart.
Then... exactly as what I expected, the "access denied" error disappeared.
Now what an ironic story: I initially wanted to secure my whitebox with SELinux, yet I finished with completely disabling it on ftp, samba, and http services. I really wonder how many end-users are really utilizing SELinux in a serious way...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment