l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2006 Jun 23 00:44

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] re: selinux woes (Apache issue?)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] re: selinux woes (Apache issue?)



Hey all:

I'm running Apache webserver (duh) on a Fedora Core 5
system.

I admit that I erred slightly in my original post.
Perhaps  SELinux is not guilty after all, perhaps it
is.

I took another look at things last night and here's
the deal. Apache and SELinux will allow me to post
images on the page with <IMG SRC> just fine, *if* the
image is in the same directory as the .html document
calling it. However, if I place images in a separate
directory below the web folder (as I would prefer to
do), I get "broken gif" symbols where my pictures
should be. This holds true even after I've made sure
the image pathname in the <IMG SRC> tag is correct.
Why does the system want to give me a hard time about
this?

I also tried putting a hypertext document in the image
subdirectory, then calling it via a hyperlink from a
page located in the parent web folder. The image
hypertext doc dutifully shows up, but again, I get
broken gif symbols instead of my pictures. WTF?

The image directory and its contents have been
chmod'ed to 755 just to be sure...and what's even
stranger is that this scheme seemed to work fine back
when I used FrontPage to generate my HTML code instead
of writing it manually as I'm currently doing. (Long
story.) Why would that make a lick of difference?

As requested, here is the relevant snippet from
/var/log/httpd/error_log. Parentdocument.html is of
course the one containing the <A HREF="images.html">
images.html </A> link tag, while images.html is the
one inside the images folder itself where I've placed
an <IMG SRC> tag to actually call the picture.

[Thu Jun 22 01:12:57 2006] [error] [client
71.XXX.XXX.XXX] (13)Permission denied: access to
/images/picture012.jpg denied, referer:
http://www.<mydomain.com>/parentdocument.html

[Thu Jun 22 01:18:15 2006] [error] [client
71.XXX.XXX.XXX] File does not exist:
/var/www/html/<mydomain.com>/images/ranch_trip_032,
referer: http://www.<mydomain.com>/images/images.html

Doesn't exist? This is a joke, right?

[Thu Jun 22 01:19:24 2006] [error] [client
71.XXX.XXX.XXX] (13)Permission denied: access to
/images/ranch_trip_032.jpg denied, referer:
http://www.<mydomain.com>/images/images.html

Interesting...first it doesn't exist, now it does
exist but permission is denied.

[Thu Jun 22 01:21:29 2006] [error] [client
71.XXX.XXX.XXX] (13)Permission denied: access to
/images/ranch_trip_032.jpg denied, referer:
http://www.<mydomain.com>/images/images.html

[Thu Jun 22 01:21:30 2006] [error] [client
71.XXX.XXX.XXX] (13)Permission denied: access to
/images/ranch_trip_032.jpg denied, referer:
http://www.<mydomain.com>/images/images.html

[Thu Jun 22 01:21:39 2006] [error] [client
71.XXX.XXX.XXX] (13)Permission denied: access to
/images/ranch_trip_032.jpg denied, referer:
http://www.<mydomain.com>/images/images.html

[Thu Jun 22 01:38:58 2006] [error] [client
71.XXX.XXX.XXX] (13)Permission denied: access to
/images/ranch_trip_032.jpg denied, referer:
http://www.<mydomain.com>/images/images.html

One more detail, in case it's relevant. I chown'ed my
entire web folder to a regular user account I'd
created for the purpose, as I wasn't comfortable
having to log in as root just to work on my website.
Root still owns /var/www/html, but the web admin user
owns the *contents* of html and everything below that.
Why would that matter either, since all the files are
chmod'ed to be world-readable? Would it help to chown
www/html to the web user as well? (Obviously nobody
except root can own /var itself.)

This has GOT to be something having to do with
permissions or paths. Help, please. 

Matt

Message: 5
Date: Wed, 14 Jun 2006 11:53:18 -0700 (PDT)
From: Jan W <jcwynholds@yahoo.com>
Subject: Re: [vox-tech] selinux woes
To: lugod's technical discussion forum
<vox-tech@lists.lugod.org>
Message-ID:
<20060614185318.42324.qmail@web53601.mail.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1

Hi Z:

Check the logs.

The /var/log/messages should have entries about
selinux applying its
policy (if selinux is the problem).

Also, check the apache logs (/var/log/httpd by
default).

The logs should give you an idea if it's standard unix
permissions or
the selinux policy.  If the user that apache runs as
(check your
httpd.conf) does not have permission to read a
directory, or a file in
a directory, it sends 403 forbidden.

If there is something confusing or weird in the logs,
post them (with
hostnames/ip addy's XXXX'd out, of course).

The (meaningful and helpful) logs in *nix are alot of
the reason why I
switched in the first place.

--HTHO

jan




_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.