[CentOS] Forbidden: can't access *.html files in /var/www/html

m.roth at 5-cent.us m.roth at 5-cent.us
Wed Sep 29 17:34:37 UTC 2010


Simon Billis wrote:
> Alexander Farber sent a missive on 2010-09-29:
>> On Wed, Sep 29, 2010 at 5:29 PM, Simon Billis <simon at houxou.com> wrote:
<snip>
> You can use "setenforce 0" without the quotes to disable selinux from the
> command line till next reboot or until you issue "setenforce 1" - this is
> useful for testing as is looking at /var/log/audit/audit.log and also
> using commands such as audit2why and audit2allow (I strongly recommend
reading
> at least the man pages and also such websites as
> http://www.nsa.gov/research/selinux/docs.shtml (google selinux))
>
Yeah, and the sealert messages in /var/log/messages *sometimes* help, and
other times are garbage. (Yes, I filed a bug with the sealert team: for
some things, it 100% repeatably keeps telling me that I should set
httpd_unified to on... when it's been on for months. Obviously, they
missed a condition, and fall through to an incorrect default.)
>>
>> I didn't know that there were additional attributes for the files.
>> And I don't know how to stop/start SELinux (it is not a service in
>> /etc/init.d, right?) but I'd like to keep SELinux running, since all
>> other programs I've listed seem to cope okay with it.
>
> I recommend that you keep selinux running and enforcing and that you spend
> some time learning it. It is very useful. The config files are located
> here:
> /etc/selinux and you can set selinux to be disabled or if you want
> permissive i.e. it will not stop you or others doing things but will
> report
> on the violations.

*bleah* to selinux.

         mark




More information about the CentOS mailing list