Difference between revisions of "User:Chris Tyler/Chris Tyler's Guide to Surviving OPS235 Assignment 2 with SELinux Enabled"

Latest revision as of 17:35, 9 April 2012

OPS235 Assignment 2 can be tricky with SELinux enabled. Here are some tips to get you through...

Switch SELinux to permissive mode during MediaWiki configuration: setenforce 0
Once configured, copy the LocalSettings.php file from /var/www/wiki/config to /var/www/wiki as directed by the message on the screen.
Switch SELinux to enforcing mode after MediaWiki configuration: setenforce 1

The permissions on the file /var/log/httpd/suexec.log and the directory /var/log/httpd may need to be adjusted:

touch /var/log/httpd/suexec.log
chown apache:apache /var/log/httpd/suexec.log
chmod 0755 /var/log/httpd
chmod 0660 /var/log/httpd/suexec.log

Use a SELinux file context of httpd_user_script_exec_t on your diskfree.cgi script
Permanently enable the SELinux boolean httpd_enable_homedirs using the setsebool command with appropriate options.

If Apache is not doing what you expect, look in the log files in /var/log/httpd
Check your clock. If you clock is off, the error message times listed in /var/log/httpd may be wrong too.

@@ Line 14: / Line 14: @@
   chown apache:apache /var/log/httpd/suexec.log
   chmod 0755 /var/log/httpd
-  chmod 0600 /var/log/httpd/suexec.log
+  chmod 0660 /var/log/httpd/suexec.log
-* Use a SELinux file context of <code>httpd_user_script_exec_t</code> on your script
+* Use a SELinux file context of <code>httpd_user_script_exec_t</code> on your <code>diskfree.cgi</code> script
-* Permanently enable the SELinux boolean <code>httpd_enable_homedirs</code>
+* Permanently enable the SELinux boolean <code>httpd_enable_homedirs</code> using the <code>setsebool</code> command with appropriate options.
 == General Tips ==