I was so proud of myself getting UserDir to work in Apache. I thought I was set. But when I tried to log into my account on my web server I got an error message saying it could not find my user directory so it was dropping me in /. This was not good. I let it go for a little while since this was a learning platform and not a production system. But today I decided to find out why this was happening.
I looked at the file name (remember that in Unix/Linux everything is a file) and it was okay. I checked the permissions on the file and they were okay. Then I looked at the SELinux settings
ls -dZ ~
and what I saw was
drwx--x--x. <username> <groupname> unconfirmed_t:object_r:httpd_sys_content_t:s0 /home/<username>
which was how the instructions I read said they should be. On another VM I ran the same command and I saw user_home_dir_t instead of httpd_sys_content_t and I had no problems with the home directory there so I changed the context back on the web server VM
chcon -t user_home_dir_t ~
and then I logged out and back in. Hurrah! I was in my home directory again. I wanted to verify the web server was still able to access my test PHP scripts in ~/public_html directory. Not a chance. The dreaded 403 Forbidden message was displayed. Now what do I do?
I did a Google search to see if I could set two context types in SELinux but I couldn't find anything that indicated I could. The tool chcon has an option for a range of contexts but I couldn't find an example of how it worked. My next option was to try the end user forum for the Linux distro I'm using for my test server. Since I didn't have an account at CentOS I created one. Why not? It's always nice to have ready access to information.
A search of the CentOS forums showed an option that I didn't see, or glossed over, the first time I tried setting up UserDir. So I typed the command
setsebool -P httpd_enable_home_dirs 1
and tried to access the web server again. Success! Now I can have my cake (UserDir access on my web server) and eat it too (access to my home dir in my web server).
Lesson learned: read all the documentation.
No comments:
Post a Comment