Change Apache2 DocumentRoot to "/home/pierrick/www" in Tumbleweed

phil524 · January 12, 2026, 1:42pm

Good deduction

SELinux define some files context which are visible by command ls -alZ.

By default /srv/www/htdocs is the apache root directory and have context:

philippe@hpprol2:/srv/www/htdocs> ls -alZ
total 72
drwxr-xr-x. 13 root   root system_u:object_r:httpd_sys_content_t:s0     4096 janv.  4 21:47 .
drwxr-xr-x.  7 root   root system_u:object_r:httpd_sys_content_t:s0     4096 janv.  4 21:47 ..
drwxr-xr-x.  2 wwwrun www  system_u:object_r:httpd_sys_content_t:s0     4096 juil. 13  2014 backup
drwxr-xr-x. 25 wwwrun www  system_u:object_r:httpd_sys_content_t:s0     4096 janv. 20  2023 catalog
drwxr-xr-x. 16 wwwrun www  system_u:object_r:httpd_sys_content_t:s0     4096 juil. 18 12:21 gedview
drwxr-xr-x. 17 wwwrun www  system_u:object_r:httpd_sys_content_t:s0     4096 déc.   9  2021 gedview7302
drwxr-xr-x.  2 wwwrun www  system_u:object_r:httpd_sys_content_t:s0     4096 févr. 11  2021 gif
drwxr-xr-x. 33 wwwrun www  system_u:object_r:httpd_sys_content_t:s0     4096 août  30  2019 obiblio1
drwxr-xr-x. 18 wwwrun www  system_u:object_r:httpd_sys_content_t:s0     4096 juil. 15  2019 openbiblio
drwxr-xr-x.  3 root   root system_u:object_r:httpd_sys_content_t:s0     4096 oct.  22  2019 phpldapadmin
drwxr-xr-x. 16 wwwrun www  system_u:object_r:httpd_sys_content_t:s0     4096 déc.  10 11:16 piwigo
-rw-r--r--.  1 wwwrun www  system_u:object_r:httpd_sys_content_t:s0       43 janv.  8  2020 a.gif
-rw-rw-rw-.  1 wwwrun www  system_u:object_r:httpd_sys_content_t:s0       77 déc.  24  2019 check_pear.php
-rw-r--r--.  1 wwwrun www  system_u:object_r:httpd_sys_content_t:s0       67 juin   5  2021 find_php_ini.php
-rw-r--r--.  1 wwwrun www  system_u:object_r:httpd_sys_content_t:s0     2356 févr. 11  2021 info2html.css
-rw-rw-r--.  1 wwwrun www  system_u:object_r:httpd_sys_content_t:s0       69 févr. 27  2014 phpinfo.php
philippe@hpprol2:/srv/www/htdocs>

The ‘httpd_sys_content’ give read access for apache2. If apache2 needs saving some data in one of this directory or subdirectory you need to set the context to “httpd_sys_rw_content” on the files or on the directory.
Be aware that SELinux semanage command use alias for /srv/www/htdocs → /var/www see file /etc/selinux/targeted/contexts/files/file_contexts.subs_dist

Regards
Philippe

mhurron · January 12, 2026, 4:28pm

Irrelevant. What it does allow though is you to develop something that works as long as you completely relax all security settings and potentially fails on any system configured correctly.

If you want to develop something robust, you develop targeting the environment it is to be deployed into. What you are setting up is a situation where something gets deployed by someone correctly and it doesn’t work and you come back with ‘well it worked in development.’

The correct fix to your problem in the first place was use /srv/www/htdocs, not do the wrong thing and start giving Apache access to a users home directory.

The correct fix to your permissions setup for uploads is a directory that the Apache user is the owner of, not set some directory to world writable.

pierrick · January 12, 2026, 11:07pm

@karlmistelberger
@phil524
Thank you both for your extensive responses.
I don’t have the time at the moment to dedicate to a in-depth study of apache’s Alias and SELinux.
I’ve decided, for security’s sake to revert to the OpenSuse default DocumentRoot (/srv/www/htdocs) and get on with the work.
When I get some free time I can revisit this.

Thank you all for your help.

system · February 11, 2026, 11:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.