On 28/04/13 22:13, Fernando Andrés Muñoz Bravo wrote:
> You're right... Its a SELinux issue... Thanks a lot...
> Finally, if I wish to change (later) or add a new HD, mounted at
> "/media/shd0", to make friends SELinux and httpd, did you mean that I
> just need to use this?
>
> semanage fcontext -a -t httpd_sys_content_t '/media/shd0(/.*)?'
> restorecon -R -v /media/shd0
Yes, this will relabel all files under /media/shd0 with a file context
where SELinux will allow httpd to access. Not sure what's more
appropriate between httpd_sys_content_t and httpd_user_content_t, but
both would grant the needed access.
> Thanks a lot a lot... you saved me :)
You're welcome! I'm really happy you solved your issue :)
kind regards,
David Sommerseth
> On Sun, Apr 28, 2013 at 6:16 AM, David Sommerseth
> <[log in to unmask]
> <mailto:[log in to unmask]>> wrote:
>
>
> Please also consider SELinux in this. If you have SELinux enabled,
> your data directory in /home/owncload/owncloud needs to have the
> proper SELinux context.
>
> To check if you have SELinux limiting you, check
> /var/log/audit/audit.log
>
> [root@host: ~] # grep denied /var/log/audit/audit.log
>
> Also checkout audit2why to decode these errors slightly better.
> Often this tool can give you more clues too. You can also
> temporary disable SELinux to see if that solves it.
>
> [root@host: ~] # setenforce 0
>
> To renable it, replace 0 to 1. Disabling SELinux is not a really
> good solution for a production environment, rather adjust SELinux to
> allow these operations - it's not that hard once you get a grip of it.
>
> If you see you have issues you might need to set the
> httpd_enable_homedirs SELinux boolean to true, and you will most
> likely also need to add the httpd_enable_homedirs SELinux label to
> all your files in /home/owncload/owncloud
>
> [root@host: ~] # setsebool -P httpd_enable_homedirs on
> [root@host: ~] # semanage fcontext -a -t httpd_user_content_t \
> /home/owncloud/owncloud(/.*)?
> [root@host: ~] # restorecon -Rv /home/owncloud/owncloud
>
> The first line enables httpd to access home directories - this might
> not be really needed, but I don't recall the exact definition of
> this boolean. It for sure enables the ~/public_html directory.
>
> The second line adds a SELinux file context policy that the
> directory /home/owncloud/owncloud and everything indside this
> directory should be labelled with the httpd_user_content_t SELinux
> context type. It's defined elsewhere in SELinux that a process
> running under the httpd context may access files labelled with
> httpd_user_content_t (and httpd_sys_content_t).
>
> The third line relabels everything inside /home/owncloud/owncloud
> according to the SELinux policy.
>
> Many people also use chcon to change file contexts. But please
> beware that on the next file system relabelling (like running
> restorecon), all changes done with chcon only will be overwritten,
> as it's not defined in the SELinux policy. The semanage command is
> the tool to use to modify the policy.
>
>
> kind regards,
>
> David Sommerseth
>
>
>
>
> On 28/04/13 04:15, Fernando Andrés Muñoz Bravo wrote:
>
> Interesting... I didn't try that. I'll test with your
> suggestion, and will be
> here reporting...
>
> Thanks a lot for your help...
>
>
> On Sat, Apr 27, 2013 at 7:47 PM, John Lauro
> <[log in to unmask] <mailto:[log in to unmask]>
> <mailto:[log in to unmask]
> <mailto:[log in to unmask]>>> wrote:
>
> Make sure every parent directory has is world rx (well,
> technically
> probably only needs world x), especially /home/owncloud. If
> that checks
> out, check the apache error log and see if it says anything.
> (Never used
> owncloud, just know that a lot of times home directories are
> made with ---
> for world, and that means other suers can't get to
> subdirectories inside
> of them, unless the groups match...)
>
>
>
> ------------------------------__------------------------------__------------------
> *From: *"Fernando Andrés Muñoz Bravo" <[log in to unmask]
> <mailto:[log in to unmask]>
> <mailto:[log in to unmask] <mailto:[log in to unmask]>>>
> *To: *[log in to unmask]
> <mailto:[log in to unmask]>
> <mailto:[log in to unmask]
> <mailto:[log in to unmask]>>
> *Sent: *Saturday, April 27, 2013 7:14:20 PM
> *Subject: *Owncloud install
>
>
>
> Hi guys...
>
> I've downloaded Owncloud and un-compressed into
> /var/www/htnl/apps/owncloud. Also, I've installed PostgreSQL
> for that
> purpose, with user "owncloud" and a DB...
>
> On my server there is a system user for management, which is
> called
> "owncloud" too. Therefore, I would like to set OwnCloud's
> datadir into
> "/home/owncloud/owncloud/data"__. As I've seen, Owncloud
> (software) and
> data-dir need to has "apache" as user and group:
>
> chown -R apache:apache /var/www/htnl/apps/owncloud
> chown -R apache:apache /home/owncloud/owncloud
>
> Then, at web-setup I've filled all fields (Owncloud
> username, Database
> user and password...)
>
> My problem is in data-dir: I ve filled with
> "/home/owncloud/owncloud/data"
> -- because it needs to be outside from web access. But,
> after I setup
> permissions and restart httpd, it doesnt work... I see a
> page with this
> message:
>
> Can't create data directory (/home/owncloud/owncloud/data)
>
> You can usually fix this by giving the webserver write
> access to the
> ownCloud directory '/var/www/html/apps/owncloud' (in a
> terminal, use the
> command 'chown -R www-data:www-data
> /path/to/your/owncloud/__install/data'
>
>
> After that, I re-run:
> chown -R apache:apache /var/www/htnl/apps/owncloud
> chown -R apache:apache /home/owncloud/owncloud
>
> And separately:
> chown -R apache:apache /var/www/htnl/apps/owncloud/__data
>
> But that message is still there...
>
> Any suggestion?
>
>
> Thanks a lot...
>
> --
> Fernando Andrés Muñoz Bravo
> *Tg.* Análisis y Desarollo de Sistemas de Información
> I*M: [log in to unmask] <mailto:[log in to unmask]>
> <mailto:[log in to unmask] <mailto:[log in to unmask]>>/__*
>
> http://blogdrake.net/blog/__waspper/
> <http://blogdrake.net/blog/waspper/>
> <http://blogdrake.net/blog/__waspper/
> <http://blogdrake.net/blog/waspper/>>
> http://waspper.deviantart.com/
> <http://waspper.deviantart.__com/ <http://waspper.deviantart.com/>>
>
> http://artdriva.deviantart.__com/
> <http://artdriva.deviantart.com/>
>
> Linux user #487547
>
>
>
>
> --
> Fernando Andrés Muñoz Bravo
> *Tg.* Análisis y Desarollo de Sistemas de Información
> I*M: [log in to unmask] <mailto:[log in to unmask]>
> <mailto:[log in to unmask] <mailto:[log in to unmask]>>/__*
>
> http://blogdrake.net/blog/__waspper/
> <http://blogdrake.net/blog/waspper/>
> <http://blogdrake.net/blog/__waspper/
> <http://blogdrake.net/blog/waspper/>>
> http://waspper.deviantart.com/ <http://waspper.deviantart.__com/
> <http://waspper.deviantart.com/>>
>
> http://artdriva.deviantart.__com/ <http://artdriva.deviantart.com/>
>
> Linux user #487547
>
>
>
>
>
> --
> Fernando Andrés Muñoz Bravo
> *Tg.* Análisis y Desarollo de Sistemas de Información
> Linux user #487547
|