Have you done: # setsebool -P httpd_enable_homedirs true ? You may also need to do the following on each user's http exposed folder: # chcon -R -t httpd_sys_content_t ~<username>/public_html On Fri, Feb 3, 2017 at 3:59 PM, Robert Moskowitz <rgm at htt-consult.com> wrote: > > > On 02/03/2017 09:05 AM, Gordan Bobic wrote: > > On Fri, Feb 3, 2017 at 1:58 PM, Robert Moskowitz <rgm at htt-consult.com> > wrote: > >> Gordon, >> >> One would think that, but there is something off with at least the >> CubieTruck build. I will check that all those rpms are installed (pretty >> sure they are), but when I set up a web server with personal directories, i >> got permission errors on listing the files, but no problem displaying >> individual files. Plus there are all these SELinux warnings I am getting >> that seem to indicate something is amiss. >> >> I am reaching the point of focusing on Fedora server for now. I had >> hopes of pushing Centos7-arm in a couple of business venues. >> > > > > Are you certain it is an SELinux problem, and if so, are parent directory > labels correct? > The symptoms you are describing seem more typically indicative of an > Apache configuration problem. > Do tail -f on /var/log/audit/audit.log and see what appears there. If > there is a SELinux violation, it will show up in there. > > > OK. Here goes. I attached my web server drive to my CubieTruck; I had > left this drive all ready to go into production. SELinux enforced and all > that. When I started up the tail, a bunch of messages were sent to the > console. I then attempted to access one of my directories: > > http://medon.htt-consult.com/~rgm/cubieboard/ > > Note, that this is a public server, and you too could try this. For as > long as I have the server running on this address. > > I got: > > Forbidden > > You don't have permission to access /~rgm/cubieboard/ on this server. > > and all of the tail messages are: > > # tail -f on /var/log/audit/audit.log > tail: cannot open 'on' for reading: No such file or directory > ==> /var/log/audit/audit.log <== > type=SERVICE_STOP msg=audit(69.095:94): pid=1 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:init_t:s0 > msg='unit=systemd-readahead-done comm="systemd" > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' > type=USER_ACCT msg=audit(1486134062.358:95): pid=1760 uid=0 > auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 > msg='op=PAM:accounting grantors=pam_access,pam_unix acct="root" > exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' > type=CRED_ACQ msg=audit(1486134062.363:96): pid=1760 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 > msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" > exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' > type=LOGIN msg=audit(1486134062.363:97): pid=1760 uid=0 > subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 > old-ses=4294967295 ses=2 res=1 > type=USER_START msg=audit(1486134062.513:98): pid=1760 uid=0 auid=0 ses=2 > subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open > grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" > exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' > type=CRED_REFR msg=audit(1486134062.528:99): pid=1760 uid=0 auid=0 ses=2 > subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred > grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? > addr=? terminal=cron res=success' > type=CRED_DISP msg=audit(1486134062.773:100): pid=1760 uid=0 auid=0 ses=2 > subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred > grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? > addr=? terminal=cron res=success' > type=USER_END msg=audit(1486134062.783:101): pid=1760 uid=0 auid=0 ses=2 > subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close > grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" > exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' > type=SERVICE_START msg=audit(1486134482.523:102): pid=1 uid=0 > auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 > msg='unit=systemd-tmpfiles-clean comm="systemd" > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' > type=SERVICE_STOP msg=audit(1486134482.528:103): pid=1 uid=0 > auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 > msg='unit=systemd-tmpfiles-clean comm="systemd" > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' > type=AVC msg=audit(1486137172.395:104): avc: denied { read } for > pid=1866 comm="httpd" name="cubieboard" dev="sda3" ino=262190 > scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_user_content_t:s0 > tclass=dir permissive=0 > type=SYSCALL msg=audit(1486137172.395:104): arch=40000028 syscall=322 > per=800000 success=no exit=-13 a0=ffffff9c a1=7f844440 a2=a4800 a3=0 > items=0 ppid=624 pid=1866 auid=4294967295 uid=48 gid=48 euid=48 suid=48 > fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" > exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) > type=PROCTITLE msg=audit(1486137172.395:104): proctitle= > 2F7573722F7362696E2F6874747064002D44464F524547524F554E44 > > > I know from earlier testing, if I interactively change SELinux to > permissive, the directory display works. > > So what is next to try? > > Bob > > > _______________________________________________ > Arm-dev mailing list > Arm-dev at centos.org > https://lists.centos.org/mailman/listinfo/arm-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20170203/8cf572f8/attachment-0006.html>