Apache Userdir with SELinux on Fedora 31/30, CentOS/RHEL 8.0/7.7
Table of Contents
This is quick guide howto enable Apache userdirs with SELinux on Fedora 31/30/29/28, CentOS 8.0/7.7/6.10 and Red Hat (RHEL) 8.0/7.7/6.10. This guide assumes that you have Apache (httpd) server installed on your system. This guide uses separeted userdir.conf without touching httpd.conf so later default httpd.conf can be overrided or whole configuration moved simply. This guide uses user called testuser and should be replaced by real user name(s).
Enable Apache Userdirs⌗
1. Change root user⌗
su -
## OR ##
sudo -i
2. Create /etc/httpd/conf.d/userdir.conf file⌗
Open file, with our favorite editor, like:
nano -w /etc/httpd/conf.d/userdir.conf
Add something like following content to file:
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir enabled testuser
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disabled" line above, and uncomment
# the following line instead:
#
UserDir public_html
</IfModule>
<Directory /home/*/public_html>
## Apache 2.4 users use following ##
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
## Apache 2.2 users use following ##
Options Indexes Includes FollowSymLinks
AllowOverride All
Allow from all
Order deny,allow
</Directory>
And save file.
Note:
To allow a few users to have UserDir directories, but not anyone else, use the following:
UserDir disabled
UserDir enabled testuser1 testuser2 testuser3
To allow most users to have UserDir directories, but deny this to a few, use the following:
UserDir enabled
UserDir disabled testuser4 testuser5 testuser6
3. Start/Restart Apache (httpd)⌗
## Fedora 31/30/29, CentOS 8.0/7.7 and RHEL 8.0/7.7 ##
systemctl start httpd.service
## OR ##
systemctl restart httpd.service
## CentOS / RHEL 6.10 ##
service httpd start
## OR ##
/etc/init.d/httpd start
## OR ##
service httpd restart
## OR ##
service httpd restart
4. Create public_html directory/directories⌗
Make public_html directory/directories on user/users home dirs.
mkdir /home/testuser/public_html
5. Change the correct permissions to home and public_html directories⌗
## home directory ##
chmod 711 /home/testuser
## public_html directory ##
chown testuser:testuser /home/testuser/public_html
chmod 755 /home/testuser/public_html
6. Set proper SELinux settings for Apache homedirs (httpd_enable_homedirs)⌗
setsebool -P httpd_enable_homedirs true
Looks like older SELinux versions needs also following (example CentOS and Red Hat):
chcon -R -t httpd_sys_content_t /home/testuser/public_html
Test Enabled Apache Userdir⌗
Go to url http://localhost/~testuser/
Should look something like following:
Test HTML and PHP under Apache Userdir⌗
Create following files ~/public_html/test.html and ~/public_html/test.php
~/public_html/test.html content
<html>
<head>
<title>Testing Apache Userdir</title>
</head>
<body>
<h1>Testing Apache Userdir!</h1>
</body>
</html>
~/public_html/test.php content
<?php
phpinfo();
?>