LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

April 2012

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS April 2012

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: iptables + vhost access
From:	Terry Northren <[log in to unmask]>
Reply To:	Terry Northren <[log in to unmask]>
Date:	Wed, 11 Apr 2012 10:53:35 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (86 lines)

Tam,
I followed your directions.  I ran into an error when I executed the
semanage command:

semanage fcontext -a -t httpd_sys_content_t public_html

Here is my output error:
-bash: /usr/sbin/semanage: No such file or directory

I went ahead and followed the rest of your tutorial.  It worked!!
Does this mean I will have to re-configure SELinux after every reboot?


On 4/11/12, Tam Nguyen <[log in to unmask]> wrote:
> Not knowing the configuration of your httpd.conf file and the configuration
> of the local users' home directory, there is no direct answer.  Therefore,
> my approach to your question is to give you a very basic setup, which would
> allow users to access files in their home's directory.  You can base off of
> this to make it works on your machine.
> Before you do anything, backup your httpd.conf file.
> Even better, do this on a test VM.
>
> In the file httpd.conf, change these 2 directives to look like this:
>
>    #UserDir disabled
>
>     UserDir *public_html*
>
> this enables local users to access html files inside the the *public_html *
> directory.
>
> Let's say we want UserX to have access to his/her home directory:
> mkdir /home/UserX*/public_html*
>
> Then create an html file in the *public_html *directory,
>
> Now comes the fun part, permission and SELinux :).
> Permission:  Make sure UserX is the owner of the *public_html* directory
> and all files within it (hence, recursively).
> chown userx:userx *public_html*
>
> Directory and files need read and execute permission
> chmod 755
>
> Selinux:  public_html and all files within must have one of these context
> types:
>       httpd_sys_content_t
>  or
>       public_content_rw_t
>
> sample command:
> chcon -R -t httpd_sys_content_t *public_html
>
> *then make sure SELinux setting survives reboot, run command:
> semanage fcontext -a -t httpd_sys_content_t *public_html*
>
> verify the directory and do the same to all files inside *public_html*:
>      ll  -Z
>
> Finally, enable SELinux boolean:
>  setsebool -P httpd_enable_homedirs on
>
> Restart Apache without interrupting the users:
>  apachectl graceful
>
> Now access UserX' home directory:
> http://servername_or_ip_address/~userx/
>
> This is just a basic configuration to give you a general idea.  You will
> have to customize the settings and permissions according to your server's
> needs.
>
> good luck
> -Tam
>
>
> On Mon, Apr 9, 2012 at 8:33 PM, Terry Northren <[log in to unmask]> wrote:
>
>> Hi again,
>> on Apache server, how do I allow users to access files in their home
>> folders?
>>
>>
>>
>

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV