CentOS - Apr 2006 - Apache and '(13)Permission denied: access to ...'

I'm attempting to install Hobbit and at the point of web access via
Apache.

 

The error_log states:

(13)Permission denied: access to /hobbit denied

 

I've tried a number of things and am still getting this:

 

1)                   /hobbit is located in /home/hobbit/server/www

2)                   Made sure all files are in the apache group

3)                   I've even chcon the files to httpd_sys_content_t

 

Does CentOs 4.3 have SELinux enabled as shipped?  (I'm not producing any
files in /var/log/audit)  (How do you tell if it's active?)

 

Frank M. Ramaekers Jr. <mailto:FRamaekers at AILife.com> 

Systems Programmer; MCP, MCP+I, MCSE & RHCE

American Income Life Insurance Company 

Phone: (254) 761-6649     Fax: (254) 741-5777



 

 

Murphy's Second Law: Everything takes longer than you think.
 

 


----------------------------------------
This message contains information which is privileged and confidential and is
solely for the use of the intended recipient.  If you are not the intended
recipient, be aware that any review, disclosure, copying, distribution, or use
of the contents of this message is strictly prohibited. If you have received
this in error, please destroy it immediately and notify us at PrivacyAct at
ailife.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20060419/e2dca808/attachment.html>

On Wed, 2006-04-19 at 08:24 -0500, Frank M. Ramaekers
wrote:
> I?m attempting to install Hobbit and at the point of web access via
> Apache.
> 
>  
> 
> The error_log states:
> 
> (13)Permission denied: access to /hobbit denied
> 
>  
> 
> I?ve tried a number of things and am still getting this:
> 
>  
> 
> 1)                  /hobbit is located in /home/hobbit/server/www
> 
> 2)                  Made sure all files are in the apache group
> 
> 3)                  I?ve even chcon the files to httpd_sys_content_t
> 
>  
> 
> Does CentOs 4.3 have SELinux enabled as shipped?  (I?m not producing
> any files in /var/log/audit)  (How do you tell if it?s active?)
edit the file:

/etc/sysconfig/selinux and set per the instructions there.  If changes
are needed, reboot the machine.

The directory (and all others up the path to /) need to have:

rwxr-xr-x permissions ... and the files inside the directory need:

rw-r--r--

cgi files need rwxr-xr-x

If the owner and group of the files and/or the directory are the apache
user and group ...then the last 3 can be --- for all the above
permissions.

so...

rw-r-----

and
rwxr-x---

etc.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.centos.org/pipermail/centos/attachments/20060419/7d5e529d/attachment.sig>

On 4/19/06, Frank M. Ramaekers <FRamaekers at ailife.com>
wrote:
>
>
>
> 1)                   /hobbit is located in /home/hobbit/server/www
Does apache have access to this location through normal permissions?
Is your alias for /hobbit set up correctly?
> 3)                   I've even chcon the files to httpd_sys_content_t
This has to be done on more than just the files. It has to follow the
whole path. Under default selinux rules, apache cannot access / so it
can't get to /home to even begin looking.
> Does CentOs 4.3 have SELinux enabled as shipped?  (I'm not producing
any files in /var/log/audit)  (How do you tell if it's active?)
Yes, selinux is enabled by default on RHEL4 and CentOS4, unless you
disable it during install. To tell if it's active use the command
'getsebool'. It'll tell you if it's enabled and what type of
policy
it's using (enforcing or permissive).  Messages only log to
/var/log/audit if auditd is running, otherwise it logs in
/var/log/messages. Check there for AVC messages.
> This message contains information which is privileged and confidential and
is solely for the use of the intended recipient.  If you are not the intended
recipient, be aware that any review, disclosure, copying, distribution, or use
of the contents of this message is strictly prohibited. If you have received
this in error, please destroy it immediately and notify us at PrivacyAct at
ailife.com."
Privileged you say? On a mailing list huh... I think not. These things
are cute, but have no actual value. </mini-rant>


--
Any sufficiently advanced technology is indistinguishable from magic.
-Arthur C. Clarke

Thanks that helped (plus the disabling of it in /etc/sysconfig/selinux).


Oh BTW: 
Privileged you say? On a mailing list huh... I think not. These things
are cute, but have no actual value. </mini-rant>

Yeah, the company adds this...like it will do a lot of good!

Frank M. Ramaekers Jr.
Systems Programmer; MCP, MCP+I, MCSE & RHCE
American Income Life Insurance Company 
Phone: (254) 761-6649     Fax: (254) 741-5777


-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf Of Jim Perrin
Sent: Wednesday, April 19, 2006 9:20 AM
To: CentOS mailing list
Subject: Re: [CentOS] Apache and '(13)Permission denied: access to ...'

On 4/19/06, Frank M. Ramaekers <FRamaekers at ailife.com>
wrote:
>
>
>
> 1)                   /hobbit is located in /home/hobbit/server/www
Does apache have access to this location through normal permissions?
Is your alias for /hobbit set up correctly?
> 3)                   I've even chcon the files to httpd_sys_content_t
This has to be done on more than just the files. It has to follow the
whole path. Under default selinux rules, apache cannot access / so it
can't get to /home to even begin looking.
> Does CentOs 4.3 have SELinux enabled as shipped?  (I'm not producing
any files in /var/log/audit)  (How do you tell if it's active?)

Yes, selinux is enabled by default on RHEL4 and CentOS4, unless you
disable it during install. To tell if it's active use the command
'getsebool'. It'll tell you if it's enabled and what type of
policy
it's using (enforcing or permissive).  Messages only log to
/var/log/audit if auditd is running, otherwise it logs in
/var/log/messages. Check there for AVC messages.
> This message contains information which is privileged and confidential
and is solely for the use of the intended recipient.  If you are not the
intended recipient, be aware that any review, disclosure, copying,
distribution, or use of the contents of this message is strictly
prohibited. If you have received this in error, please destroy it
immediately and notify us at PrivacyAct at ailife.com."

Privileged you say? On a mailing list huh... I think not. These things
are cute, but have no actual value. </mini-rant>


--
Any sufficiently advanced technology is indistinguishable from magic.
-Arthur C. Clarke
_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos