Apache Userdir with SELinux on Fedora 31/30, CentOS/RHEL 8.0/7.7 - Comment Page: 2
This is quick guide howto enable Apache userdirs with SELinux on Fedora 31/30/29/28, CentOS 8.0/7.7/6.10 and Red Hat (RHEL) 8.0/7.7/6.10. This guide assumes that you have Apache (httpd) server installed on your system. This guide uses separeted userdir.conf without touching httpd.conf so later default httpd.conf can be overrided or whole configuration moved simply. This guide uses user called testuser and should be replaced by real user name(s).
[inttf_post_ad1]
Enable Apache Userdirs
1. Change root user
su -
## OR ##
sudo -i
2. Create /etc/httpd/conf.d/userdir.conf file
Open file, with our favorite editor, like:
nano -w...
Dear JR,
Your guides save me a lot of time. Thank you very much.
I’m following your guide to set up WordPress on my laptop with Fedora 16.
In Step 6 of this post (‘Apache Userdir with SELinux’), i got an error:
setsebool -P httpd_enable_homedirs true
libsemanage.semanage_get_lock: Could not get direct transaction lock at /etc/selinux/targeted/modules/semanage.trans.LOCK. (Resource temporarily unavailable).
Could not change policy booleans
This may results that http://localhost/~testuser/ is ‘Not Found’.
Could you help me to deal with this error or should i just skip it if i could setup WordPress anyway?
Best Regards
Yi
This article was a tremendous help!! After spending about 4 hours trying to get Fedora 16 php set up to work, I found this article and resolved my issues. Many, many thanks!!
I’ve read and follow the all tutorial step from step and get a 404 Error every time I want to access a user dir. I created three users: guillermo, reynierpm and tomas and inside each home create a directory public_html, set the proper permissions and run the commands one by one but didn’t know why isn’t working. The ouput of command running above by others is this:
[[email protected] ~]# sed ‘/^ *#/d;s/#.*//’ /etc/httpd/conf.d/{php,userdir}.conf
LoadModule php5_module modules/libphp5.so
LoadModule php5_module modules/libphp5-zts.so
AddHandler php5-script .php
AddType text/html .php
DirectoryIndex index.php
UserDir enabled guillermo reynierpm tomas
Options Indexes Includes FollowSymLinks
AllowOverride All
Allow from all
Order deny,allow
Any help?
Cheers and thanks in advance
Hi,
Could you tell your Linux distro?
Do you get any SELinux errors, when you try to access userdir?
Could you post output of following commands:
nevermind was my bad, I miss the parameter “UserDir public_html” under IfModule directive. Also I notice that I can write the same in two flavours, one is the suggested by you in the post and the second one is what I’m using right now ins including the directive Directory inside the IfModule so my userdir.conf is as follow:
UserDir enabled testuser
UserDir public_html
Options Indexes Includes FollowSymLinks
AllowOverride All
Allow from all
Order deny,allow
Cheers and thanks for your time
hi, i can’t access dir in my root direcotory..
i follow all tutorial in this web, but i have problem..
when i using this CLI
chcon -R -t httpd_sys_content_t /home/testuser/public_html
my OS show message
ls: cannot access /root/public_html/: No such file or directory
and when i using
chcon -R -t httpd_sys_content_t /home/thinkger/public_html/
my system show message :
chcon: can’t apply partial context to unlabeled file
please help me, i’am sory if my english is bad. i’am from Indoneisa :D
I have tried everything and I am getting Forbidden 403: You don’t have permission to access /~testfolder/ on this server.
I have tried everything. This worked when I was using Fedora17, but I did a clean install of F18, and this is driving me crazy… I ALREADY CHANGED PERMISSIONS wtf…. so frustrating…
[[email protected] public_html]$ ls -la /home
total 28
drwxr-xr-x. 4 root root 4096 Mar 28 08:38 .
dr-xr-xr-x. 18 root root 4096 Mar 30 11:57 ..
drwx--x--x. 19 brad brad 4096 Mar 30 11:58 brad
drwx------. 2 root root 16384 Mar 28 08:21 lost+found
[[email protected] public_html]$ ls -la ~/ |grep public_html
drwx--x--x. 3 brad brad 4096 Mar 30 11:58 public_html
[[email protected] public_html]$ ls -laZ ~/public_html/
drwx--x--x. brad brad unconfined_u:object_r:httpd_sys_content_t:s0 .
drwx--x--x. brad brad unconfined_u:object_r:user_home_dir_t:s0 ..
drwxr-xr-x. brad brad unconfined_u:object_r:httpd_sys_content_t:s0 cryptothawte
-rwxr-xr-x. brad brad unconfined_u:object_r:httpd_sys_content_t:s0 test.html
This is where it works, in the default directories (/var/www/html)
[[email protected] html]$ ls -la /var/www
total 16
drwxr-xr-x. 4 root root 4096 Mar 30 10:08 .
drwxr-xr-x. 21 root root 4096 Mar 30 10:08 ..
drwxr-xr-x. 2 root root 4096 Jan 8 05:47 cgi-bin
drwxr-xr-x. 2 root root 4096 Mar 30 10:10 html
[[email protected] html]$ ls -la /var/www | grep html
drwxr-xr-x. 2 root root 4096 Mar 30 10:10 html
[[email protected] html]$ ls -laZ /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 ..
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 test.php
Hi B,
Sorry it take a while to check this. I updated this configuration working better with Apache 2.4, so try following config instead:
Then restart Apache and try again. Is it working then?
Is there a way to configure the apache server to be accessed as http://testuser.localhost, or in the case I have changed my ‘hosts’ file to access apache server as project.net, so developers can access like http://testuser.project.net/
Please help…
Hi Xavier,
Yes this is possible, you can just set that address to /etc/hosts file (pointing to right ip address) and add same address to your apache virtual host, like following:
Ok, then I have to setup a virtual for each user? Is there a way to setup apache to read the testuser in the url and redirect it to his specific userdir, so when a testuser02 is created his url http://testuser02.project.net is automatically redirected to his own userdir?
Hi Xavier,
You can do this first catching all subdomains with your virtual host, like:
Then create .htaccess with something like following content:
Another way is setup virtual hosts for each user, example using some simple bash script, which create folders and virtual host files.
I got everything working I just can’t get it to abide by my modrewrite rules set by the .htacess file, this is my userdir.conf
# All users
UserDir public_html
Options Indexes Includes FollowSymLinks
Require all granted
Hi Matthew,
Simply add AllowOverride FileInfo line to your userdir.conf:
And then restart apache:
Thanks a lot !!! =D
Thanks for the setsebool command. That is what solved my problem. I have used Apache for many years and this was the only time I needed to use this command.
Great tutorial! But I have to add the following in my /etc/httpd/conf.d
/userdir.conf
[...]
Satisfy Any
[...]
Fault in the
/var/log/httpd/error_log
configuration error: couldn't perform authentication. AuthType not set!: ...
System: CentOS 6.5 / Apache 2.2
I run on centos 6.5 and got this message:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.2.15 (CentOS) Server at 192.168.1.212 Port 80
I store my web content in an external NTFS device, and it turns out that NTFS can’t be mounted with a provided context (bug: https://bugzilla.redhat.com/show_bug.cgi?id=631616). So in my case I needed to:
1) mount the device w/ group/owner set to me: –options defaults,auto,uid=1000,gid=1000,umask=002
2) needed to set read/exec permissions on /home/me
I am getting a 404 error