SCIENTIFIC-LINUX-USERS Archives

April 2013

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Owncloud install
From:
David Sommerseth <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Sun, 28 Apr 2013 13:16:36 +0200
Content-Type:
text/plain
Parts/Attachments:
text/plain (145 lines) 
Please also consider SELinux in this.  If you have SELinux enabled, your data 
directory in /home/owncload/owncloud needs to have the proper SELinux context.

To check if you have SELinux limiting you, check /var/log/audit/audit.log

    [root@host: ~] # grep denied /var/log/audit/audit.log

Also checkout audit2why to decode these errors slightly better.  Often this 
tool can give you more clues too.  You can also temporary disable SELinux to 
see if that solves it.

    [root@host: ~] # setenforce 0

To renable it, replace 0 to 1.  Disabling SELinux is not a really good 
solution for a production environment, rather adjust SELinux to allow these 
operations - it's not that hard once you get a grip of it.

If you see you have issues you might need to set the httpd_enable_homedirs 
SELinux boolean to true, and you will most likely also need to add the 
httpd_enable_homedirs SELinux label to all your files in /home/owncload/owncloud

    [root@host: ~] # setsebool -P httpd_enable_homedirs on
    [root@host: ~] # semanage fcontext -a -t httpd_user_content_t \
            /home/owncloud/owncloud(/.*)?
    [root@host: ~] # restorecon -Rv /home/owncloud/owncloud

The first line enables httpd to access home directories - this might not be 
really needed, but I don't recall the exact definition of this boolean.  It 
for sure enables the ~/public_html directory.

The second line adds a SELinux file context policy that the directory 
/home/owncloud/owncloud and everything indside this directory should be 
labelled with the httpd_user_content_t SELinux context type.  It's defined 
elsewhere in SELinux that a process running under the httpd context may access 
files labelled with httpd_user_content_t (and httpd_sys_content_t).

The third line relabels everything inside /home/owncloud/owncloud according to 
the SELinux policy.

Many people also use chcon to change file contexts.  But please beware that on 
the next file system relabelling (like running restorecon), all changes done 
with chcon only will be overwritten, as it's not defined in the SELinux 
policy.  The semanage command is the tool to use to modify the policy.


kind regards,

David Sommerseth



On 28/04/13 04:15, Fernando Andrés Muñoz Bravo wrote:
> Interesting... I didn't try that. I'll test with your suggestion, and will be
> here reporting...
>
> Thanks a lot for your help...
>
>
> On Sat, Apr 27, 2013 at 7:47 PM, John Lauro <[log in to unmask]
> <mailto:[log in to unmask]>> wrote:
>
>     Make sure every parent directory has is world rx (well, technically
>     probably only needs world x), especially /home/owncloud.  If that checks
>     out, check the apache error log and see if it says anything.  (Never used
>     owncloud, just know that a lot of times home directories are made with ---
>     for world, and that means other suers can't get to subdirectories inside
>     of them, unless the groups match...)
>
>
>     ------------------------------------------------------------------------------
>     *From: *"Fernando Andrés Muñoz Bravo" <[log in to unmask]
>     <mailto:[log in to unmask]>>
>     *To: *[log in to unmask] <mailto:[log in to unmask]>
>     *Sent: *Saturday, April 27, 2013 7:14:20 PM
>     *Subject: *Owncloud install
>
>
>     Hi guys...
>
>     I've downloaded Owncloud and un-compressed into
>     /var/www/htnl/apps/owncloud. Also, I've installed PostgreSQL for that
>     purpose, with user "owncloud" and a DB...
>
>     On my server there is a system user for management, which is called
>     "owncloud" too. Therefore, I would like to set OwnCloud's datadir into
>     "/home/owncloud/owncloud/data". As I've seen, Owncloud (software) and
>     data-dir need to has "apache" as user and group:
>
>     chown -R apache:apache /var/www/htnl/apps/owncloud
>     chown -R apache:apache /home/owncloud/owncloud
>
>     Then, at web-setup I've filled all fields (Owncloud username, Database
>     user and password...)
>
>     My problem is in data-dir: I ve filled with "/home/owncloud/owncloud/data"
>     -- because it needs to be outside from web access. But, after I setup
>     permissions and restart httpd, it doesnt work... I see a page with this
>     message:
>
>     Can't create data directory (/home/owncloud/owncloud/data)
>
>     You can usually fix this by giving the webserver write access to the
>     ownCloud directory '/var/www/html/apps/owncloud' (in a terminal, use the
>     command 'chown -R www-data:www-data /path/to/your/owncloud/install/data'
>
>
>     After that, I re-run:
>     chown -R apache:apache /var/www/htnl/apps/owncloud
>     chown -R apache:apache /home/owncloud/owncloud
>
>     And separately:
>     chown -R apache:apache /var/www/htnl/apps/owncloud/data
>
>     But that message is still there...
>
>     Any suggestion?
>
>
>     Thanks a lot...
>
>     --
>     Fernando Andrés Muñoz Bravo
>     *Tg.* Análisis y Desarollo de Sistemas de Información
>     I*M: [log in to unmask] <mailto:[log in to unmask]>/*
>
>     http://blogdrake.net/blog/waspper/ <http://blogdrake.net/blog/waspper/>
>     http://waspper.deviantart.com/ <http://waspper.deviantart.com/>
>     http://artdriva.deviantart.com/
>
>     Linux user #487547
>
>
>
>
> --
> Fernando Andrés Muñoz Bravo
> *Tg.* Análisis y Desarollo de Sistemas de Información
> I*M: [log in to unmask] <mailto:[log in to unmask]>/*
>
> http://blogdrake.net/blog/waspper/ <http://blogdrake.net/blog/waspper/>
> http://waspper.deviantart.com/ <http://waspper.deviantart.com/>
> http://artdriva.deviantart.com/
>
> Linux user #487547

ATOM RSS1 RSS2