[CentOS] Help with httpd userdir recovery
Robert Moskowitz
rgm at htt-consult.com
Tue Dec 27 17:43:28 UTC 2016
On 12/27/2016 11:48 AM, Leonard den Ottolander wrote:
> Hello Robert,
>
> On Tue, 2016-12-27 at 10:25 -0500, Robert Moskowitz wrote:
>> I can display the /home/rgm/public_html/index.html file that only has
>> "Hello World' in it (to prevent anyone from walking my file tree from
>> the root).
> To prevent people walking a directory structure you better disable
> Options Indexes.
If I tell someone about ~rgm/mydir (really no such dir), then I want
them to find ~rgm/mydir/subdir, but not know about ~rgm/otherdir.
My understanding (most likely flawed) is that Indexes are needed to see
the list of files in mydir, and to be able to walk down to subdir. By
having a ~rgm/index.html file, they can't query what other files are
directly in the public_html directory.
>
>> But when I try to display the files in a subdir with ipaddr/~rgm/mydir
>>
>> I get
>>
>> You don't have permission to access /~rgm/mydir/ on this server.
> The fact that you see the index page makes me assume SELinux is not the
> problem. If you do have it enabled you might want to check out the
> sebooleans that affect apache.
>
> $ getsebool -a | grep http
>
> httpd_enable_homedirs is one of those.
I ran
setsebool -P httpd_enable_homedirs on
restorecon -Rv /home
And I see:
httpd_enable_homedirs --> on
> Remember that file access is based on file permissions in combination
> with file ownership. This means that if apache is neither owner nor
> group owner of a file world must have read access for apache to access
> such files. A 711 permission on a directory is then insufficient. It
> allows apache to cd to, but not read the directory.
the owner is rgm:rgm, but the permissions is 755, not 711.
So still scratching my head here..
More information about the CentOS
mailing list