Difference between revisions of "User:Chris Tyler/Chris Tyler's Guide to Surviving OPS235 Assignment 2 with SELinux Enabled"
Chris Tyler (talk | contribs) (Created page with 'OPS235 Assignment 2 can be tricky with SELinux enabled. Here are some tips to get you through... == MediaWiki and SELinux == * Switch SELinux to permissive mode during Medi…') |
Chris Tyler (talk | contribs) (→diskfree.cgi Script) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[OPS235 Assignment 2]] can be tricky with SELinux enabled. Here are some tips to get you through... | [[OPS235 Assignment 2]] can be tricky with SELinux enabled. Here are some tips to get you through... | ||
| − | == MediaWiki and SELinux == | + | == SELinux Tips == |
| + | === MediaWiki and SELinux === | ||
* Switch SELinux to permissive mode during MediaWiki configuration: <code>setenforce 0</code> | * Switch SELinux to permissive mode during MediaWiki configuration: <code>setenforce 0</code> | ||
| Line 7: | Line 8: | ||
* Switch SELinux to enforcing mode after MediaWiki configuration: <code>setenforce 1</code> | * Switch SELinux to enforcing mode after MediaWiki configuration: <code>setenforce 1</code> | ||
| − | == diskfree.cgi Script == | + | === diskfree.cgi Script === |
* The permissions on the file <code>/var/log/httpd/suexec.log</code> and the directory <code>/var/log/httpd</code> may need to be adjusted: | * The permissions on the file <code>/var/log/httpd/suexec.log</code> and the directory <code>/var/log/httpd</code> may need to be adjusted: | ||
| Line 13: | Line 14: | ||
chown apache:apache /var/log/httpd/suexec.log | chown apache:apache /var/log/httpd/suexec.log | ||
chmod 0755 /var/log/httpd | chmod 0755 /var/log/httpd | ||
| − | chmod | + | chmod 0660 /var/log/httpd/suexec.log |
| − | * Use a SELinux file context of <code>httpd_user_script_exec_t</code> on your script | + | * Use a SELinux file context of <code>httpd_user_script_exec_t</code> on your <code>diskfree.cgi</code> script |
| − | * Permanently enable the SELinux boolean <code>httpd_enable_homedirs</code> | + | * Permanently enable the SELinux boolean <code>httpd_enable_homedirs</code> using the <code>setsebool</code> command with appropriate options. |
| + | |||
| + | == General Tips == | ||
| + | |||
| + | * If Apache is not doing what you expect, look in the log files in <code>/var/log/httpd</code> | ||
| + | * Check your clock. If you clock is off, the error message times listed in /var/log/httpd may be wrong too. | ||
Latest revision as of 17:35, 9 April 2012
OPS235 Assignment 2 can be tricky with SELinux enabled. Here are some tips to get you through...
SELinux Tips
MediaWiki and SELinux
- Switch SELinux to permissive mode during MediaWiki configuration:
setenforce 0 - Once configured, copy the LocalSettings.php file from
/var/www/wiki/configto/var/www/wikias directed by the message on the screen. - Switch SELinux to enforcing mode after MediaWiki configuration:
setenforce 1
diskfree.cgi Script
- The permissions on the file
/var/log/httpd/suexec.logand the directory/var/log/httpdmay need to be adjusted:
touch /var/log/httpd/suexec.log chown apache:apache /var/log/httpd/suexec.log chmod 0755 /var/log/httpd chmod 0660 /var/log/httpd/suexec.log
- Use a SELinux file context of
httpd_user_script_exec_ton yourdiskfree.cgiscript - Permanently enable the SELinux boolean
httpd_enable_homedirsusing thesetseboolcommand with appropriate options.
General Tips
- If Apache is not doing what you expect, look in the log files in
/var/log/httpd - Check your clock. If you clock is off, the error message times listed in /var/log/httpd may be wrong too.
