Permission denied for public_html

Paul Howarth paul at city-fan.org
Tue Nov 7 11:16:27 UTC 2006 

Volker Englisch wrote:
> on 11/6/2006 2:08 PM John Griffiths said the following:
>>> I had set these values in order to get samba to work.  In fact, at 
>>> some point I thought I did have both samba and http access to the 
>>> public_html directory working but when I made additional changes 
>>> trying to allow a cgi script to write to a directory I must have 
>>> messed up the access to the user websites.
>>>
>> The context of the directory has to be public_content_rw_t for both 
>> Samba and httpd to access it.
> 
> I actually did have this context set this way in the beginning but now I 
> would be happy if I could just access the user web pages again.  That's 
> why I had changed it back to httpd_sys_content_t.
> 
> Here is the context of the directory (after changing the context back to 
> public_content_rw_t:
> 
> [root] ls -dZ public_html
> drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t
> public_html/
> PWD=/home/kate
> [root] ls -Z public_html
> drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t images/
> -rw-rw-r--  kate webedit user_u:object_r:public_content_rw_t index.html
> drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t pics/
> drwxr-xr-x  kate webedit user_u:object_r:public_content_rw_t Themes/
> 
> [root] getsebool -a | grep enable_home
> httpd_enable_homedirs --> on
> samba_enable_home_dirs --> on
> spamd_enable_home_dirs --> on
> 
> [root] getenforce
> Enforcing
> 
> And the output from the /var/log/messages file when accessing the web page:
> ...
> Nov  6 14:48:27 kepler kernel: audit(1162842507.522:72017): avc:  denied 
>  { search } for  pid=31270 comm="httpd" name="kate" dev=sda5 
> ino=14942209 scontext=user_u:system_r:httpd_t:s0 
> tcontext=user_u:object_r:user_home_t:s0 tclass=dir
> Nov  6 14:48:27 kepler kernel: audit(1162842507.522:72018): avc:  denied 
>  { getattr } for  pid=31270 comm="httpd" name="kate" dev=sda5 
> ino=14942209 scontext=user_u:system_r:httpd_t:s0 
> tcontext=user_u:object_r:user_home_t:s0 tclass=dir
> ...
> 
> 
>  From all that I know everything looks good but maybe someone else can 
> see what is wrong with my setup.

It looks to me that /home/kate is user_home_t instead of 
user_home_dir_t. Fixing that should help.

Paul.

More information about the fedora-selinux-list mailing list