Apache Userdir with SELinux on Fedora 28/27, CentOS/RHEL 7.5/6.10 - Comment Page: 2

This is quick guide howto enable Apache userdirs with SELinux on Fedora 28/27/26/25, CentOS 7.5/6.10 and Red Hat (RHEL) 7.5/6.10. This guide assumes that you have Apache (httpd) server installed on your system. This guide uses separeted userdir.conf without touching httpd.conf so later default httpd.conf can be overrided or whole configuration moved simply. This guide uses user called testuser and should be replaced by real user name(s). [inttf_post_ad1] Enable Apache Userdirs 1. Change root user su - ## OR ## sudo -i 2. Create /etc/httpd/conf.d/userdir.conf file Open file, with our favorite editor, like: nano -w /etc/httpd/conf.d/userdir.conf Add...

56 comments on “Apache Userdir with SELinux on Fedora 28/27, CentOS/RHEL 7.5/6.10 - Comment Page: 2

1 2 3
    1. Dear JR,

      Your guides save me a lot of time. Thank you very much.

      I’m following your guide to set up WordPress on my laptop with Fedora 16.

      In Step 6 of this post (‘Apache Userdir with SELinux’), i got an error:

      setsebool -P httpd_enable_homedirs true
      libsemanage.semanage_get_lock: Could not get direct transaction lock at /etc/selinux/targeted/modules/semanage.trans.LOCK. (Resource temporarily unavailable).
      Could not change policy booleans

      This may results that http://localhost/~testuser/ is ‘Not Found’.

      Could you help me to deal with this error or should i just skip it if i could setup WordPress anyway?

      Best Regards
      Yi

      Reply
    2. This article was a tremendous help!! After spending about 4 hours trying to get Fedora 16 php set up to work, I found this article and resolved my issues. Many, many thanks!!

      Reply
    3. I’ve read and follow the all tutorial step from step and get a 404 Error every time I want to access a user dir. I created three users: guillermo, reynierpm and tomas and inside each home create a directory public_html, set the proper permissions and run the commands one by one but didn’t know why isn’t working. The ouput of command running above by others is this:

      [[email protected] ~]# sed ‘/^ *#/d;s/#.*//’ /etc/httpd/conf.d/{php,userdir}.conf

      LoadModule php5_module modules/libphp5.so

      LoadModule php5_module modules/libphp5-zts.so

      AddHandler php5-script .php
      AddType text/html .php

      DirectoryIndex index.php

      UserDir enabled guillermo reynierpm tomas

      Options Indexes Includes FollowSymLinks

      AllowOverride All
      Allow from all

      Order deny,allow

      Any help?
      Cheers and thanks in advance

      Reply
      • Hi,

        Could you tell your Linux distro?

        Do you get any SELinux errors, when you try to access userdir?

        Could you post output of following commands:

        
        ls -la /home
         
        ls -la ~/ |grep public_html
        
        ls -laZ ~/ |grep public_html
         
        ls -laZ ~/public_html/
        
        Reply
    4. nevermind was my bad, I miss the parameter “UserDir public_html” under IfModule directive. Also I notice that I can write the same in two flavours, one is the suggested by you in the post and the second one is what I’m using right now ins including the directive Directory inside the IfModule so my userdir.conf is as follow:

      UserDir enabled testuser
      UserDir public_html

      Options Indexes Includes FollowSymLinks

      AllowOverride All
      Allow from all

      Order deny,allow

      Cheers and thanks for your time

      Reply
    5. hi, i can’t access dir in my root direcotory..
      i follow all tutorial in this web, but i have problem..
      when i using this CLI

      chcon -R -t httpd_sys_content_t /home/testuser/public_html
      my OS show message
      ls: cannot access /root/public_html/: No such file or directory

      and when i using
      chcon -R -t httpd_sys_content_t /home/thinkger/public_html/
      my system show message :
      chcon: can’t apply partial context to unlabeled file

      please help me, i’am sory if my english is bad. i’am from Indoneisa :D

      Reply
    6. I have tried everything and I am getting Forbidden 403: You don’t have permission to access /~testfolder/ on this server.

      I have tried everything. This worked when I was using Fedora17, but I did a clean install of F18, and this is driving me crazy… I ALREADY CHANGED PERMISSIONS wtf…. so frustrating…

      Reply
      • [[email protected] public_html]$ ls -la /home
        total 28
        drwxr-xr-x. 4 root root 4096 Mar 28 08:38 .
        dr-xr-xr-x. 18 root root 4096 Mar 30 11:57 ..
        drwx--x--x. 19 brad brad 4096 Mar 30 11:58 brad
        drwx------. 2 root root 16384 Mar 28 08:21 lost+found

        [[email protected] public_html]$ ls -la ~/ |grep public_html
        drwx--x--x. 3 brad brad 4096 Mar 30 11:58 public_html

        [[email protected] public_html]$ ls -laZ ~/public_html/
        drwx--x--x. brad brad unconfined_u:object_r:httpd_sys_content_t:s0 .
        drwx--x--x. brad brad unconfined_u:object_r:user_home_dir_t:s0 ..
        drwxr-xr-x. brad brad unconfined_u:object_r:httpd_sys_content_t:s0 cryptothawte
        -rwxr-xr-x. brad brad unconfined_u:object_r:httpd_sys_content_t:s0 test.html

        Reply
      • This is where it works, in the default directories (/var/www/html)

        [[email protected] html]$ ls -la /var/www
        total 16
        drwxr-xr-x. 4 root root 4096 Mar 30 10:08 .
        drwxr-xr-x. 21 root root 4096 Mar 30 10:08 ..
        drwxr-xr-x. 2 root root 4096 Jan 8 05:47 cgi-bin
        drwxr-xr-x. 2 root root 4096 Mar 30 10:10 html


        [[email protected] html]$ ls -la /var/www | grep html
        drwxr-xr-x. 2 root root 4096 Mar 30 10:10 html


        [[email protected] html]$ ls -laZ /var/www/html/
        drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
        drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 ..
        -rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 test.php

        Reply
        • Hi B,

          Sorry it take a while to check this. I updated this configuration working better with Apache 2.4, so try following config instead:

          
          ...
          
          
                  Options Indexes Includes FollowSymLinks
           
                  ## Apache 2.4 users use following ##
                  Require all granted
           
          

          Then restart Apache and try again. Is it working then?

          Reply
      • Hi Xavier,

        Yes this is possible, you can just set that address to /etc/hosts file (pointing to right ip address) and add same address to your apache virtual host, like following:

        
        
        ServerName testuser.project.net
        
        # Other directives here
        
        
        Reply
    7. Ok, then I have to setup a virtual for each user? Is there a way to setup apache to read the testuser in the url and redirect it to his specific userdir, so when a testuser02 is created his url http://testuser02.project.net is automatically redirected to his own userdir?

      Reply
      • Hi Xavier,

        You can do this first catching all subdomains with your virtual host, like:

        
        
        ServerName testuser.project.net
        ServerAlias *.project.net
         
        # Other directives here
        
        

        Then create .htaccess with something like following content:

        
        RewriteEngine On
        RewriteBase /
        
        #### URL Rewrite Handler for Subdomains (by Randall Krause) ####
        
        RewriteCond %{ENV:REDIRECT_SUBDOMAIN} ="" 
        RewriteCond %{HTTP_HOST} ^([a-z0-9][-a-z0-9]+)\.project\.net\.?(:80)?$ [NC] 
        RewriteCond %{DOCUMENT_ROOT}/subdomains/%1 -d 
        RewriteRule ^(.*) subdomains/%1/$1 [E=SUBDOMAIN:%1,L] 
        RewriteRule ^ - [E=SUBDOMAIN:%{ENV:REDIRECT_SUBDOMAIN},L] 
        

        Another way is setup virtual hosts for each user, example using some simple bash script, which create folders and virtual host files.

        Reply
    8. I got everything working I just can’t get it to abide by my modrewrite rules set by the .htacess file, this is my userdir.conf


      # All users
      UserDir public_html

      Options Indexes Includes FollowSymLinks
      Require all granted

      Reply
      • Hi Matthew,

        Simply add AllowOverride FileInfo line to your userdir.conf:

        
        
                Options Indexes Includes FollowSymLinks
         
                ## Apache 2.4 users use following ##
                Require all granted
         
                AllowOverride FileInfo
        
        

        And then restart apache:

        
        service httpd restart
        
        Reply
    9. Thanks a lot !!! =D

      Reply
    10. Thanks for the setsebool command. That is what solved my problem. I have used Apache for many years and this was the only time I needed to use this command.

      Reply
    11. Great tutorial! But I have to add the following in my /etc/httpd/conf.d

      /userdir.conf

      [...]
      Satisfy Any
      [...]

      Fault in the

      /var/log/httpd/error_log
      configuration error: couldn't perform authentication. AuthType not set!: ...

      System: CentOS 6.5 / Apache 2.2

      Reply
    12. I run on centos 6.5 and got this message:

      Internal Server Error

      The server encountered an internal error or misconfiguration and was unable to complete your request.

      Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

      More information about this error may be available in the server error log.

      Apache/2.2.15 (CentOS) Server at 192.168.1.212 Port 80

      Reply
    13. I store my web content in an external NTFS device, and it turns out that NTFS can’t be mounted with a provided context (bug: https://bugzilla.redhat.com/show_bug.cgi?id=631616). So in my case I needed to:

      1) mount the device w/ group/owner set to me: –options defaults,auto,uid=1000,gid=1000,umask=002
      2) needed to set read/exec permissions on /home/me

      Reply
    14. I am getting a 404 error

      Reply
1 2 3

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close