Question on a boolean related to httpd service.

Latest response

Hi,
I am trying to enable <access to user's home directory> option on my web server running on RHEL7. Configured accordingly for access to public_html directory under one of my user's(testuser) account and tested out things are working(Able to access index.html under ~testuser/public_html directory from a remote web client).

Here is my doubt:

selinux mode is enforcing and boolean related to httpd_enable_homedirs is off. I wonder why the content(index.html) under ~testuser/public_html is still accessible in spite of httpd_enable_homedirs is off/

Thanks

vy
Log in to join the conversation

Responses

JP Red Hat Community Member 25 points
16 July 2015 3:56 PM

Is it possible the SELinux label of the user's public_html folder and contents are properly set to httpd_sys_content_t already? I believe when the SELinux boolean is enabled it allows HTTPD to serve content when there are different SELinux context on the files located in user public_html locations.

 ls -laZ /home/user/public_html

Do you have a semanage policy enforced?

 semanage fcontext --list | grep 'public_html'
vy Community Member 25 points
17 July 2015 2:18 AM

Hi Joshua,
Thanks for the reply.
The selinux mode is enforcing.

I didn't create any specific fcontext policy for public_html directory. By default,as soon as i configured httpd for user directory access and created public_html directory it came with following label
httpd_user_content_t
for both directory(public_html) and created index.html file under it.

Now, as a quick test i created a new index.html under user directory and moved it to public_html.When i tried to access it selinux policy got enforced which means selinux is differentiating the file labels and my question still remains why not it is looking at the boolean or am i making any configuration error here.

Thanks,
Vijay

PS
As you mentioned,I tried to set the label to httpd_sys_content_t to public_html but still the label remains as httpd_user_content_t.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.