Apache Userdir with SELinux on Fedora 26/25, CentOS/RHEL 7.3/6.9 - Comment Page: 2
This is quick guide howto enable Apache userdirs with SELinux on Fedora 26/25/24/23/22, CentOS 7.3/6.9 and Red Hat (RHEL) 7.3/6.9. This guide assumes that you have Apache (httpd) server installed on your system. This guide uses separeted userdir.conf without touching httpd.conf so later default httpd.conf can be overrided or whole configuration moved simply. This guide uses user called testuser...
54 Comments
ReynierPM
I’ve read and follow the all tutorial step from step and get a 404 Error every time I want to access a user dir. I created three users: guillermo, reynierpm and tomas and inside each home create a directory public_html, set the proper permissions and run the commands one by one but didn’t know why isn’t working. The ouput of command running above by others is this:
[root@devserver ~]# sed ‘/^ *#/d;s/#.*//’ /etc/httpd/conf.d/{php,userdir}.conf
LoadModule php5_module modules/libphp5.so
LoadModule php5_module modules/libphp5-zts.so
AddHandler php5-script .php
AddType text/html .php
DirectoryIndex index.php
UserDir enabled guillermo reynierpm tomas
Options Indexes Includes FollowSymLinks
AllowOverride All
Allow from all
Order deny,allow
Any help?
Cheers and thanks in advance
JR
Hi,
Could you tell your Linux distro?
Do you get any SELinux errors, when you try to access userdir?
Could you post output of following commands:
ReynierPM
nevermind was my bad, I miss the parameter “UserDir public_html” under IfModule directive. Also I notice that I can write the same in two flavours, one is the suggested by you in the post and the second one is what I’m using right now ins including the directive Directory inside the IfModule so my userdir.conf is as follow:
UserDir enabled testuser
UserDir public_html
Options Indexes Includes FollowSymLinks
AllowOverride All
Allow from all
Order deny,allow
Cheers and thanks for your time
Drayana
hi, i can’t access dir in my root direcotory..
i follow all tutorial in this web, but i have problem..
when i using this CLI
chcon -R -t httpd_sys_content_t /home/testuser/public_htmlmy OS show message
ls: cannot access /root/public_html/: No such file or directoryand when i using
chcon -R -t httpd_sys_content_t /home/thinkger/public_html/my system show message :
chcon: can’t apply partial context to unlabeled file
please help me, i’am sory if my english is bad. i’am from Indoneisa :D
B
I have tried everything and I am getting Forbidden 403: You don’t have permission to access /~testfolder/ on this server.
I have tried everything. This worked when I was using Fedora17, but I did a clean install of F18, and this is driving me crazy… I ALREADY CHANGED PERMISSIONS wtf…. so frustrating…
B
[brad@localhost public_html]$ ls -la /hometotal 28
drwxr-xr-x. 4 root root 4096 Mar 28 08:38 .
dr-xr-xr-x. 18 root root 4096 Mar 30 11:57 ..
drwx--x--x. 19 brad brad 4096 Mar 30 11:58 brad
drwx------. 2 root root 16384 Mar 28 08:21 lost+found
[brad@localhost public_html]$ ls -la ~/ |grep public_htmldrwx--x--x. 3 brad brad 4096 Mar 30 11:58 public_html
[brad@localhost public_html]$ ls -laZ ~/public_html/drwx--x--x. brad brad unconfined_u:object_r:httpd_sys_content_t:s0 .
drwx--x--x. brad brad unconfined_u:object_r:user_home_dir_t:s0 ..
drwxr-xr-x. brad brad unconfined_u:object_r:httpd_sys_content_t:s0 cryptothawte
-rwxr-xr-x. brad brad unconfined_u:object_r:httpd_sys_content_t:s0 test.html
B
This is where it works, in the default directories (/var/www/html)
[brad@localhost html]$ ls -la /var/www
total 16
drwxr-xr-x. 4 root root 4096 Mar 30 10:08 .
drwxr-xr-x. 21 root root 4096 Mar 30 10:08 ..
drwxr-xr-x. 2 root root 4096 Jan 8 05:47 cgi-bin
drwxr-xr-x. 2 root root 4096 Mar 30 10:10 html
[brad@localhost html]$ ls -la /var/www | grep html
drwxr-xr-x. 2 root root 4096 Mar 30 10:10 html
[brad@localhost html]$ ls -laZ /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 ..
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 test.php
JR
Hi B,
Sorry it take a while to check this. I updated this configuration working better with Apache 2.4, so try following config instead:
Then restart Apache and try again. Is it working then?
Xavier
Is there a way to configure the apache server to be accessed as http://testuser.localhost, or in the case I have changed my ‘hosts’ file to access apache server as project.net, so developers can access like http://testuser.project.net/
Please help…
JR
Hi Xavier,
Yes this is possible, you can just set that address to /etc/hosts file (pointing to right ip address) and add same address to your apache virtual host, like following:
Xavier
Ok, then I have to setup a virtual for each user? Is there a way to setup apache to read the testuser in the url and redirect it to his specific userdir, so when a testuser02 is created his url http://testuser02.project.net is automatically redirected to his own userdir?
JR
Hi Xavier,
You can do this first catching all subdomains with your virtual host, like:
Then create .htaccess with something like following content:
Another way is setup virtual hosts for each user, example using some simple bash script, which create folders and virtual host files.
Matthew
I got everything working I just can’t get it to abide by my modrewrite rules set by the .htacess file, this is my userdir.conf
# All users
UserDir public_html
Options Indexes Includes FollowSymLinks
Require all granted
JR
Hi Matthew,
Simply add AllowOverride FileInfo line to your userdir.conf:
And then restart apache:
Wagner
Thanks a lot !!! =D
Chris
Thanks for the setsebool command. That is what solved my problem. I have used Apache for many years and this was the only time I needed to use this command.
thorty
Great tutorial! But I have to add the following in my /etc/httpd/conf.d
/userdir.conf
[...]
Satisfy Any
[...]
Fault in the
/var/log/httpd/error_log
configuration error: couldn't perform authentication. AuthType not set!: ...
System: CentOS 6.5 / Apache 2.2
roel
I run on centos 6.5 and got this message:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.2.15 (CentOS) Server at 192.168.1.212 Port 80
JB
I store my web content in an external NTFS device, and it turns out that NTFS can’t be mounted with a provided context (bug: https://bugzilla.redhat.com/show_bug.cgi?id=631616). So in my case I needed to:
1) mount the device w/ group/owner set to me: –options defaults,auto,uid=1000,gid=1000,umask=002
2) needed to set read/exec permissions on /home/me
b
I am getting a 404 error