Difference between revisions of "User:Chris Tyler/Chris Tyler's Guide to Surviving OPS235 Assignment 2 with SELinux Enabled"
Chris Tyler (talk | contribs) (→diskfree.cgi Script) |
Chris Tyler (talk | contribs) (→diskfree.cgi Script) |
||
Line 14: | Line 14: | ||
chown apache:apache /var/log/httpd/suexec.log | chown apache:apache /var/log/httpd/suexec.log | ||
chmod 0755 /var/log/httpd | chmod 0755 /var/log/httpd | ||
− | chmod | + | chmod 0660 /var/log/httpd/suexec.log |
* Use a SELinux file context of <code>httpd_user_script_exec_t</code> on your <code>diskfree.cgi</code> script | * Use a SELinux file context of <code>httpd_user_script_exec_t</code> on your <code>diskfree.cgi</code> script | ||
* Permanently enable the SELinux boolean <code>httpd_enable_homedirs</code> using the <code>setsebool</code> command with appropriate options. | * Permanently enable the SELinux boolean <code>httpd_enable_homedirs</code> using the <code>setsebool</code> command with appropriate options. |
Latest revision as of 17:35, 9 April 2012
OPS235 Assignment 2 can be tricky with SELinux enabled. Here are some tips to get you through...
SELinux Tips
MediaWiki and SELinux
- Switch SELinux to permissive mode during MediaWiki configuration:
setenforce 0
- Once configured, copy the LocalSettings.php file from
/var/www/wiki/config
to/var/www/wiki
as directed by the message on the screen. - Switch SELinux to enforcing mode after MediaWiki configuration:
setenforce 1
diskfree.cgi Script
- The permissions on the file
/var/log/httpd/suexec.log
and the directory/var/log/httpd
may need to be adjusted:
touch /var/log/httpd/suexec.log chown apache:apache /var/log/httpd/suexec.log chmod 0755 /var/log/httpd chmod 0660 /var/log/httpd/suexec.log
- Use a SELinux file context of
httpd_user_script_exec_t
on yourdiskfree.cgi
script - Permanently enable the SELinux boolean
httpd_enable_homedirs
using thesetsebool
command with appropriate options.
General Tips
- If Apache is not doing what you expect, look in the log files in
/var/log/httpd
- Check your clock. If you clock is off, the error message times listed in /var/log/httpd may be wrong too.