Apache Userdir with SELinux on Fedora 16/15, CentOS/RHEL 6.2/5.7

Updated by on Jan 12, 2012 in CentOS, Fedora, Linux, Red Hat (RHEL), Server Guides, Servers | 23 comments

This is quick guide howto enable Apache userdirs with SELinux on Fedora 16/15/14/13/12, CentOS 6.2/6.1/6/5.7 and Red Hat (RHEL) 6.2/6.1/6/5.7. This guide assumes that you have Apache (httpd) server installed on your system. This guide uses separeted userdir.conf without touching httpd.conf so later default httpd.conf can be overrided or whole configuration moved simply. This guide uses user called testuser and should be replaced by real user name(s).

Enable Apache Userdirs

1. Change root user

su -
## OR ##
sudo -i

2. Create /etc/httpd/conf.d/userdir.conf file

Open file, with our favorite editor, like:

nano -w /etc/httpd/conf.d/userdir.conf

Add something like following content to file:

<IfModule mod_userdir.c>
    #
    # UserDir is disabled by default since it can confirm the presence
    # of a username on the system (depending on home directory
    # permissions).
    #
    UserDir enabled testuser
 
    #
    # To enable requests to /~user/ to serve the user's public_html
    # directory, remove the "UserDir disabled" line above, and uncomment
    # the following line instead:
    #
    UserDir public_html
 
</IfModule>
 
<Directory /home/*/public_html>
        Options Indexes Includes FollowSymLinks
 
        AllowOverride All
        Allow from all
 
        Order deny,allow
</Directory>

And save file.

Note:
To allow a few users to have UserDir directories, but not anyone else, use the following:

UserDir disabled
UserDir enabled testuser1 testuser2 testuser3

To allow most users to have UserDir directories, but deny this to a few, use the following:

UserDir enabled
UserDir disabled testuser4 testuser5 testuser6

3. Start/Restart Apache (httpd)

/etc/init.d/httpd start
## OR ##
/etc/init.d/httpd restart

4. Create public_html directory/directories

Make public_html directory/directories on user/users home dirs.

mkdir /home/testuser/public_html

5. Change the correct permissions to home and public_html directories

## home directory ##
chmod 711 /home/testuser
 
## public_html directory ##
chown testuser:testuser /home/testuser/public_html
chmod 755 /home/testuser/public_html

6. Set proper SELinux settings for Apache homedirs (httpd_enable_homedirs)

setsebool -P httpd_enable_homedirs true

Looks like older SELinux versions needs also following (example CentOS and Red Hat):

chcon -R -t httpd_sys_content_t /home/testuser/public_html

Test Enabled Apache Userdir

Go to url http://localhost/~testuser/

Should look something like following:
Testuser Apache Homedir

Test HTML and PHP under Apache Userdir

Create following files ~/public_html/test.html and ~/public_html/test.php
~/public_html/test.html content

<html>
  <head>
    <title>Testing Apache Userdir</title>
  </head>
  <body>
    <h1>Testing Apache Userdir!</h1>
  </body>
</html>

~/public_html/test.php content

<?php
  phpinfo();
?>

Reload browser:
Testuser Apache Userdir Test Files Added

Check test files:
Testing apache Userdir
Testing Apache Userdir PHP

trademarks
Follow If Not True Then False Updates!

Related posts:

  1. LAMP on Fedora 16/15, CentOS/Red Hat (RHEL) 6.2/5.7 – (Linux, Apache, MySQL, PHP)
  2. Install Apache/PHP 5.3.10 on Fedora 16/15, CentOS/Red Hat (RHEL) 6.2/5.7
  3. Install WordPress 3.3.1 on Fedora 16/15, CentOS/RHEL 6.2/5.7
  4. Install Nginx/PHP-FPM on Fedora 16/15, CentOS/RHEL 6.2/5.7
  5. Install SVN (Subversion) Server on Fedora 16/15, CentOS/Red Hat (RHEL) 6/5.7

23 Comments

  1. krcg / October 29, 2010

    Nice one, there are actually some good facts on this post many of my subscribers just might find this useful, I will send them a link, thank you

    Reply
  2. Jozsef / November 5, 2010

    Works! Nice :)

    I found out that if I set UseCanonicalName On in /etc/httpd/conf/httpd.conf – apache is changing localhost in the browser to the ServerName specified in httpd.conf and the pages in ~/public_html are not loading at all. So I set UseCanonicalName Off again :)

    Best,
    Jozsef

    Reply
  3. Jozsef / November 5, 2010

    Or else,
    It could be fixed in /etc/hosts by adding:
    127.0.0.1 nameOFtheSERVER

    :)

    Best,
    Jozsef

    Reply
  4. Fhon / November 27, 2010

    I follow your step html is working but php just show me blank screen.

    Is there any light on how and why?

    Best!
    Fhon

    Reply
    • JR / November 30, 2010

      Hi Fhon,

      Is your PHP working on any other dir?
      Is it working example on /var/www/html dir?

      Reply
  5. Fhon / November 30, 2010

    Hi JR,

    Php is working on /var/www/html

    but not /home/user/public_html

    When try to access test.php file it just show download the file.
    Run test.html work show the page without problem.

    Best!
    Fhon

    Reply
    • JR / December 1, 2010

      Hi again Fhon,

      A few additional questions.

      What operating system (and version) are you using?

      Did you execute following command?

      chcon -R -t httpd_sys_content_t /home/testuser/public_html

      Post following commands output:

      sed '/^ *#/d;s/#.*//' /etc/httpd/conf.d/{php,userdir}.conf
 
## AND ##
 
ls -laZ ~/public_html/
      Reply
      • Adods / January 14, 2012

        Hello,

        I have the same problem as Fhon

        and here is my output for those commands:

         
  LoadModule php5_module modules/libphp5.so
 
 
  LoadModule php5_module modules/libphp5-zts.so
 
 
AddHandler php5-script .php
AddType text/html .php
 
DirectoryIndex index.php
 
sed: can't read /etc/httpd/conf.d/userdir.conf: No such file or directory

        userdir.conf didn’t exists because I enable the mod directly from httpd.conf, and here is the configuration for userdir:

         
    AllowOverride All
    Options MultiViews Indexes FollowSymLinks Includes
    Order allow,deny
    Allow from all

        and here is output from ls command:

        drwxr-xr-x. server webdev unconfined_u:object_r:httpd_sys_content_t:s0 .
drwx--x--x. server server unconfined_u:object_r:user_home_dir_t:s0 ..
-rwxr-xr-x. server server unconfined_u:object_r:httpd_sys_content_t:s0 test.php
-rwxr-xr-x. server server unconfined_u:object_r:httpd_sys_content_t:s0 test.php~
-rw-rw-r--. server server unconfined_u:object_r:httpd_sys_content_t:s0 text.html
-rw-rw-r--. server server unconfined_u:object_r:httpd_sys_content_t:s0 text.html~

        Is there something wrong with my configuration?

        Reply
        • JR / January 14, 2012

          Hi Adods,

          Is PHP working normally on /var/www/html directory?

          Is HTML files working normally from user directory?

          Could you post your full httpd.conf file and full path of your Apache userdir what you are using?

          Reply
  6. Fred / December 4, 2010

    Great Tutorials, thanks you.

    On Fedora 14 I had to :

    setsebool -P httpd_read_user_content 1

    Reply
  7. Doufanat / October 3, 2011

    Hi JR,

    I’m running Fedora 14
    I followed this tutorial to first install mysql, and then to install Apache (httpd) with php, the PHP test page creation succeed but not the last test remote connection.
    And also while enabling Apache Userdir i couldn’t succeed and got this error in the browser: “Not Found
    The requested URL /~testuser/ was not found on this server.
    Apache/2.2.17 (Fedora) Server at localhost Port 80″

    Please help i’m a new user.
    Thanks!

    Reply
    • JR / October 3, 2011

      Hi Doufanat,

      What problems you have with remote connections? Do you opened iptables firewall port? Or are you behind some other firewall?

      Do you actually have testuser with home dir on your Linux? Could you check your apache error_logs and post last errors here when you try to access testuser dir?

      Reply
  8. Doufanat / October 3, 2011

    Hi,

    I have some access problem

    [root@Xia Xia]# chown testuser:testuser /home/testuser/public_html
    chown: invalid user: `testuser:testuser’
    [root@Xia Xia]# chmod 755 /home/tesuser/public_html
    chmod: cannot access `/home/tesuser/public_html’: No such file or directory
    [root@Xia Xia]#

    Need help please

    Reply
    • JR / October 3, 2011

      Hi,

      So it looks like, that you don’t have testuser. I used this testuser just an example here…so if your username is example doufanat then you should use doufanat instead of testuser.

      Reply
      • Doufanat / October 3, 2011

        Hi JR

        Thanks a lot, I’ve finished enabling Apache userdirs and it succeed, but the problem with the test remote connection till remain.

        How to check my Apache error_logs? how to check either the port is open or not.

        Best

        Reply
        • JR / October 3, 2011

          Hi Doufanat,

          Actually you don’t need Apache error_logs anymore if yoy get userdirs working… :)

          First check, you could run following command:

          iptables -L

          Then next thing is ensure that you have own and public ip address?

          Reply
  9. Doufanat / October 3, 2011

    Hi JR

    This is result of iptables -L

    [root@Xia Xia]# iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT icmp — anywhere anywhere
    ACCEPT all — anywhere anywhere
    ACCEPT tcp — anywhere anywhere state NEW tcp dpt:ssh
    ACCEPT tcp — anywhere anywhere state NEW tcp dpt:http
    REJECT all — anywhere anywhere reject-with icmp-host-prohibited

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    REJECT all — anywhere anywhere reject-with icmp-host-prohibited

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    [root@Xia Xia]#

    Do I need

    Reply
    • JR / October 4, 2011

      You iptables rules looks good, but then next thing is have public ip, if you want open your server to whole world or lan ip, if you want open your server locally?

      Reply
  10. alphadogg / October 15, 2011

    FYI, in my case, I had to modify the UserDir settings I found in /etc/httpd/conf/httpd.conf. Following your instructions and creating a userdir.conf file was overriden by the defaults in httpd.conf.

    Reply
  11. Nicholas / January 11, 2012

    Thank you for your tutorial, I couldn’ find much out explaining how to do this. Right now I am having this problem after running the command

    setsebool -P httpd_enable_homedirs true

    I get

    “-bash: setsebool: command not found”

    I am running Centos 6.0, what could be causing the issue?

    Thanks

    Reply
    • JR / January 11, 2012

      Hi Nicholas,

      Could you post output of following commands:

      rpm -qa *selinux* *policy* |sort
 
ls -la /usr/sbin/setsebool
 
whereis setsebool

      CentOS 6.0 should not be a problem…

      Reply
  12. Alice / January 23, 2012

    I keep getting a 403 Forbidden saying I don’t have permission to access this…can you help me?

    Reply
    • JR / January 24, 2012

      Hi Alice,

      What system you are running?

      Could you post output of following commands:

      ls -la /home
 
ls -la ~/ |grep public_html
 
ls -laZ ~/public_html/
      Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">

store

Trackbacks/Pingbacks

  1. Apache Userdir with SELinux on Fedora 13, CentOS 5.5, Red Hat … « apache - [...] Pełny artykuł na: Apache Userdir with SELinux on Fedora 13, CentOS 5.5, Red Hat … [...]
  2. Activar Apache Userdir para Fedora 15, Centos5.5 y Red Hat Linux 6 « The Beatech - [...] Fuente: if-not-true-then-false [...]
Bear