SELinux notes: Difference between revisions
Jump to navigation
Jump to search
(Created page based on "Selinux and httpd" from Lab Manual) |
(asdf) |
||
Line 31: | Line 31: | ||
setsebool -P httpd_enable_homedirs on <br /> | setsebool -P httpd_enable_homedirs on <br /> | ||
2097148404 1572864000 2097152000 1269939 | 2097148404 1572864000 2097152000 1269939 | ||
== on alpha == | |||
cd /nfs/db4/dbraw/zinc | |||
chcon system_u:object_r:nfs_t:s0 ?? | |||
rebuild, etc |
Revision as of 19:31, 28 June 2017
Some notes on selinux: To see the context of a file type ls -lZ The contexts are listed like this: user:role:type
Usually if there is a problem with an selinux context, it’s usually the type.g For http you want the types to match what’s in the /etc/httpd/ directory. There are generally three types for http: content, logs and conf. Here is how I got the wiki to work:
chcon -t httpd_config_t /domains/wiki.ucsf.bkslab.org/wiki.ucsf.bkslab.org.conf chcon -R -t httpd_log_t /domains/wiki.ucsf.bkslab.org/logs chcon -R -t httpd_user_content_t /domains/wiki.ucsf.bkslab.org/htdocs chcon -R -t httpd_sys_script_rw_t /domains/wiki.ucsf.bkslab.org/htdocs/images chcon -R -t httpd_sys_script_exec_t /domains/wiki.ucsf.bkslab.org/htdocs/extensions chcon -R -t httpd_user_script_exec_t /usr/share/pear chcon -R -t httpd_user_script_exec_t /usr/share/php chcon -R -t httpd_user_script_exec_t /usr/share/mysql (?) setsebool -P httpd_can_sendmail 1
Debugging:
sestatus getsebool -a | grep httpd
HOW I GOT SELINUX WORKING RIGHT FOR USER WEBSITES:
chcon -R -t httpd_log_t logs chcon -R -t httpd_user_content_t public_html chcon -R -t httpd_config_t tdemers.ucsf.bkslab.org.conf chcon -R -t httpd_user_script_exec_t /usr/share/pear chcon -R -t httpd_user_script_exec_t /usr/share/php chcon -R -t httpd_user_script_exec_t /usr/share/mysql (?) setsebool -P httpd_can_sendmail 1 setsebool -P httpd_can_network_connect on setsebool -P httpd_can_network_connect_db on setsebool -P httpd_enable_homedirs on
2097148404 1572864000 2097152000 1269939
on alpha
cd /nfs/db4/dbraw/zinc chcon system_u:object_r:nfs_t:s0 ??
rebuild, etc