On 12/27/2016 07:43 PM, John Fawcett wrote:> On 12/28/2016 01:12 AM, Robert Moskowitz wrote: >> >> On 12/27/2016 07:06 PM, John Fawcett wrote: >>> On 12/28/2016 12:34 AM, Robert Moskowitz wrote: >>>> On 12/27/2016 05:44 PM, John Fawcett wrote: >>>>> That error should be caused by having MultiViews options but incorrect >>>>> permissions (711 instead of 755) on the directory. >>>> I just did chmod -R 755 /home/rgm/public_html and no change in >>>> behavior. >>>> >>>> Even tried chmod -R 755 /home/rgm >>> Are you actually using MultiViews? If you don't need that option, maybe >>> the easiest thing is to take it out and see if the error message >>> changes. >> I am using the default conf file for userdir. >> >> /etc/httpd/conf.d/userdir.conf >> >> So I deleted Multiviews and now the error is: >> >> [Tue Dec 27 19:09:31.013176 2016] [autoindex:error] [pid 2138] >> (13)Permission denied: [client 192.168.160.12:55762] AH01275: Can't >> open directory for index: /home/rgm/public_html/family/ >> >> >> ____ > I know this is not going to help, but that error means that apache does > not have access to read the directory /home/rgm/public_html/family/. > That doesn't really fit with the rest of the evidence, that you have > chmod 755 everything from /home/rgm/public_html downwards and that > apache can read specific files from /home/rgm/public_html.Which is why I wonder if there is some different config for the C7.3 version of apache. Or something with the C7-arm build...
On Wed, Dec 28, 2016 at 5:18 AM, Robert Moskowitz <rgm at htt-consult.com> wrote:> > Which is why I wonder if there is some different config for the C7.3 version > of apache. > > Or something with the C7-arm build...Can you check for SELinux warnings/errors in /var/log/audit/audit.log? Regards,
On 12/28/2016 05:11 AM, Todor Petkov wrote:> On Wed, Dec 28, 2016 at 5:18 AM, Robert Moskowitz <rgm at htt-consult.com> wrote: >> Which is why I wonder if there is some different config for the C7.3 version >> of apache. >> >> Or something with the C7-arm build... > Can you check for SELinux warnings/errors in /var/log/audit/audit.log?Good advice. As I suspect the problem is with SELinux. So I tried an access. What follows is the access_log entry, the error_log entry and the 3 entries in the audit.log: 192.168.160.12 - - [28/Dec/2016:11:59:10 -0500] "GET /~rgm/family/ HTTP/1.1" 403 214 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0" [Wed Dec 28 11:59:10.294915 2016] [autoindex:error] [pid 2141] (13)Permission denied: [client 192.168.160.12:56456] AH01275: Can't open directory for index: /home/rgm/public_html/family/ type=AVC msg=audit(1482944350.289:339): avc: denied { read } for pid=2141 comm="httpd" name="family" dev="sda3" ino=262199 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1482944350.289:339): arch=40000028 syscall=322 per=800000 success=no exit=-13 a0=ffffff9c a1=80657458 a2=a4800 a3=0 items=0 ppid=2135 pid=2141 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=PROCTITLE msg=audit(1482944350.289:339): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44 I will say that after enabling selinux on this image per the instructions of the team doing the Centos7-arm builds, I got the following messages when I did things like 'setsebool -P httpd_enable_homedirs on': [ 2273.047017] SELinux: Class binder not defined in policy. [ 2273.052531] SELinux: the above unknown classes and permissions will be allowed So something may well not be right with my SELinux. Bob