Alexander Farber sent a missive onĀ 2010-09-29:
On Wed, Sep 29, 2010 at 5:29 PM, Simon Billis wrote:
Can you show the output of ls -laZ please? This will show the selinux context information for the files - the error is usually to do with the context of the files.
Hello and thanks for your reply. The SELinux stuff is new for me.
Yes I have moved that Alex.html from my home dir and (the 1st one fails):
# ls -laZ /var/www/html/Alex.html -r--r--r-- root root system_u:object_r:user_home_t /var/www/html/Alex.html
You can see here that the context is incorrect for the file to be served by apache. You can change it using:
"chcon user_u:object_r:httpd_sys_content_t /var/www/html/Alex.html" with no quotes.
This will change the file to the specific context needed. You can also use restorecon -R as others have mentioned
# ls -laZ /var/www/html/test/Alex.html -r--r--r-- root root user_u:object_r:httpd_sys_content_t /var/www/html/test/Alex.html
# ls -laZ /var/www/html/index.php -rw-r--r-- root root user_u:object_r:httpd_sys_content_t /var/www/html/index.php
# ls -laZ /var/www/html/hello-world.php -rw-r--r-- afarber afarber user_u:object_r:httpd_sys_content_t /var/www/html/hello-world.php
I'm using http, not https. And /usr/sbin/getenforce prints "Enforcing".
You can use "setenforce 0" without the quotes to disable selinux from the command line till next reboot or until you issue "setenforce 1" - this is useful for testing as is looking at /var/log/audit/audit.log and also using commands such as audit2why and audit2allow (I strongly recommend reading at least the man pages and also such websites as (google selinux))
I didn't know that there were additional attributes for the files. And I don't know how to stop/start SELinux (it is not a service in /etc/init.d, right?) but I'd like to keep SELinux running, since all other programs I've listed seem to cope okay with it.
I recommend that you keep selinux running and enforcing and that you spend some time learning it. It is very useful. The config files are located here: /etc/selinux and you can set selinux to be disabled or if you want permissive i.e. it will not stop you or others doing things but will report on the violations.
Have fun