jump to navigation

Apache vs SELinux 25 September 2006

Posted by Maulvi Bakar in : Linux,Work , trackback

Towards the end of the working week, I receive a request from a colleague to have access to the ftp account folder via http. The guy is on site in a foreign country and it seems that his net access is being regulated (read – no ftp).

Now that seems reasonable, considering I was not in the office for the whole week due to an extended training/seminar that I am attending. Luckily I thought, since the training premises gave me access to wifi internet -whee!!

Here I am thinking I can solve it in the next few minutes!

I have a folder in the /home directory – “/home/thefolder“. I thought a simple settings as below in httpd.conf is enough –

Alias /thefolder "/home/thefolder/"
<directory /home/thefolder>
Options MultiViews Indexes Includes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
AuthType Basic
AuthName "The Folder Authentication"
AuthUserFile /the/passwd/folder/thepasswdfile
Require user theaccount

Apparently not!

I keep getting 403 – Forbidden errors. Checked the permissions, double-checked it, even making it 777 – world-readable! FAIL!

I felt like screaming!

/var/log/httpd/error_log shows access is denied, even with 777 – world readable!

I felt some suspicions, the SELinux thingy began to smell fishy. Cursory examinations of the /var/log/messages logs shows some clues – Bleagh!

The analogy is like this –

Someone who does not have permission to a certain facility but has been given one, will still not be given access. That is what SELinux is all about.

Basically, it is Linux’s Last Line of Defence.

Read all about it and it’s relations to Apache here!



no comments yet - be the first?

Challenge *