Fresh install of Tumbleweed and Apache, and for the life of me I can’t seem to set permissions that allow for userdir access. I created a public_html folder under the username, but get a 403 error every time I try to view, even if I set the permissions to 777 for EVERYTHING (even the user folder).
I’ve enabled mod_userdir in Apache, and things seem to work fine from the “default” Apache folder (/srv/www/htdocs), so it has to be a permission issue with the user folder(s).
Please let me know what outputs you may need in order to assist.
Thank you!
Continuing the discussion from No userdir for fresh Apache install:
Thanks for this. I switched SELINUX to “Permissive” in /etc/selinux/config, and that seems to have fixed it. (It was set to “enforced”)
researching a bit more, it looks like Tumbleweed switched to selinux (insted of apparmour) by default in February, and that it’s set to “enforced” by default.
My other system was installed before February, and the setting was set to “permissive”, which is why it was working.
Weird.
Thank you!
@queequegaz Hi, but why set to permissive instead of fixing the issue? Hopefully your checking logs to see what is being allowed?
Sure. It “fixed” it by completely removing additional protection from all services. I hesitate to call it a “fix”, but whatever works for you …
The correct fix is to enable user directories and label files with the right context.
setsebool -P httpd_enable_homedirs 1
SELinux should already assign the right context to the files inside of the ~/public_html. When you create new files you may need to explicitly apply labels:
restorecon -R -v ~/public_html
If you want to use some other directory you will need to define the corresponding file contexts yourself.
No. It is working because SELinux is not active and AppArmor profile allows access to user home.
2 Likes
Appreciate your response! I set the setsebool as you instruct, switched SELINUX back to “enforced”, and all appears to be working.
Thank you!