[CentOS] Forbidden: You don't have permission to access/phpMyAdmin/ on this server.
Herta Van den Eynde
herta.vandeneynde at gmail.com
Thu Jun 19 08:18:53 UTC 2008
2008/6/19 Filipe Brandenburger <filbranden at gmail.com>:
> On Wed, Jun 18, 2008 at 5:45 PM, Herta Van den Eynde
> <herta.vandeneynde at gmail.com> wrote:
>> Joshua previously suggested SELinux might have something to do with
>> it, but being new to it, I didn't know what to do with that info.
>>
>> I'll need to read up on what this means exactly. I originally
>> untarred the phpMyAdmin in my non-priv'ed home directory - which must
>> be the "user_home_t" reference - and then moved it over to its current
>> location.
>>
>> I meanwhile switched to permissive mode. If SELinux is this tricky,
>> I'll have to find time to study it before enabling it again.
>
> Why don't you install it from an RPM?
>
> Dag/rpmforge has an RPM for 2.11.5:
> http://dag.wieers.com/rpm/packages/phpmyadmin/
>
> RPMs will usually set SELinux permissions the right way for you, so
> you usually don't have to bother doing that. They also have the
> advantage that it's usually easier to do upgrades to newer versions
> once they're out.
>
> You should try to keep your SELinux in enforcing mode, since that will
> harden your system's security (and once it's off, it's hard to get it
> on again).
>
> With web tools that connect to databases, you will probably set some
> booleans to allow them to connect to the databases. You can control
> that with "setsebool", you will probably need to "setsebool -P
> httpd_can_network_connect 1" or most probably "setsebool -P
> httpd_can_network_connect_db 1", but try first without setting them to
> see if it works, if it doesn't, try setting them and seeing if it
> fixes the problem. See "man httpd_selinux" and "man setsebool" for
> some of the details.
>
> Please let us know how your experiences go, and what you needed to set
> up for it to work.
>
> HTH,
> Filipe
That sounded like good advice, Filipe, so I gave it a try (even though
it's going to be hell to get the security team to open yet another
hole in their firewall).
It installs fine, and an initial test displays the phpmyadmin page,
which - understandably - complains about the blowfish_secret. So I
edit config.inc.php to define it, and am back to the wonderful "403
Forbidden". Only this time, even "setenforce 0" doesn't get me out of
the woods.
I'll go back to my initial install, as I really cannot afford to lose
more time over this. (Two other projects need to be finished by
tomorrow evening.) SELinux is on my list of to-be-learned.
Kind regards,
Herta
--
"Life on Earth may be expensive,
but it comes with a free ride around the Sun."
More information about the CentOS
mailing list