[Smaug] SELinux on Fedora

Peter Belew peterbe at sonic.net
Sun Jul 4 13:14:24 PDT 2010


I installed Fedora 13 along with Apache, PHP, and MySQL on Averatec laptop - the one which has had so much trouble with regarding the openchrome screen driver in Ubuntu 10.04. After trying the Fedora live CD, I decided to install Fedora.

There were some problems with screen resolution being set too high, but I resolved that issue, finally.

Today's issue is with home directories on Apache, restrictions imposed by SELinux, and how to get around them.

It seems that Fedora 13 installs SELinux by default.  This is a security program the controls what resources various programs can access. For example, the Apache server is by default allowed to access only directories under /var/www/.

In my case, I normally put my own website http://hostname/~peter/ or http://localhost/~peter/ in a subdirectory of my home directory, or in another directory under /home. This is because it can get pretty big, and there is much more room in /home than in /, which /var is typically a subdirectory of.

In addition, Apache (httpd in Fedora) needs to be configured to use user directories, which is done by making some changes in /etc/httpd/conf/httpd.conf . If the user directory is in fact under /var/www, then it will work.

  http://httpd.apache.org/docs/2.2/howto/public_html.html

The comments in the conf file are pretty explicit about how to make the changes. You need to restart httpd after editing httpd.conf.

But if one tries to put that somewhere under /home, Apache returns an error. Why? Because SELinux doesn't allow httpd files there. So the solution is in here:

 http://fedoraproject.org/wiki/SELinux/apache

>From that man page, running these commands will solve that problem

 setsebool -P httpd_enable_homedirs 1
 chcon -R -t httpd_sys_content_t ~user/public_html

where the user's public_html directory is under the user's home directory. In my case, my web pages are in /home/WWW/peter, so I put that path (actually "/home/WWW/*"  in the Apache conf file. Also, so I can find the directory easily, I symlink ~peter/public_html to /home/WWW/peter.

So I have essentially the same web site set up on the Averatec laptop as I have on my Dell netbook, which runs Ubuntu 10.04. This has some web pages accessing MySQL language databases.

And that's my first adventure with SELinux. (And with Fedora 13)

 Peter Belew

-- 
  It's completely normal that you lose data on "Windows" platforms.
  That's why you have a Linux/BSD/UNIX server for backups.

  SMAUG:        http://scruz.org/
  My Web:       http://littlegreenmen.armory.com/~peterbe/ 
  UBUNTU:       10.04 LTS April 2010
		https://wiki.ubuntu.com/LucidLynx
  SuSE:		http://en.opensuse.org/OpenSUSE_11.2



More information about the Smaug mailing list