SELinux and Apache userdirs


Normally I disable SELinux – for a home user, the additional security it provides isn’t worth much.

But for some reason I left it enabled on this install of Fedora 15. Which led to problems when I tried to get phpMyAdmin working out of my home directory.

Easy thing was running “setsebool -P httpd_enable_homedirs=1”. Which, for some reason, didn’t return as fast as I expected it too. Looking at it in top, setsebool pegged the CPU for nearly a minute. No idea why it did that.

But, continuing, I was still getting [error] [client 127.0.0.1] (13)Permission denied: access to /~kyl191/pma/ denied in httpd/error_log . Poked around a bit more, didn’t look like SELinux. Took a look at the permissions on /home. Oh… my home dir is set to 700. So Apache can’t list the files inside it. Which means it can’t get to ~/public_html.

Temporary fix was to chmod 711 ~ . PMA works, but it’s an ugly hack. I’m wondering if there’s a way for SELinux to override the 700 permissions and grant access to httpd.

But, if SELinux overrides permissions, there goes my other hack of chmod 777 -R ~/public_html when there are other problems.

Looked-useful links:

  1. No comments yet.
(will not be published)