Selinux prevents httpd from accessing home directory

I tried to share files via httpd(Apache originally), however it wouldn’t work, saying 403 forbidden.
Apparently we need to set options to permit httpd to follow symbolic links. In /etc/httpd/conf/httpd.conf, ensure there is text below:

(Under <Directory “/var/www/html”>, there should be)
Options Indexes FollowSymLinks MultiViews

But the problem remained. After quite a while I noticed there were some Selinux alerts saying “SELinux is preventing the http daemon from reading users’ home directories.”

Then I disabled selinux(command “setenforce 0” to make it sleep temporarily) and it worked. As Selinux is a kernel-level security mechanism on your system, not a some antivirus or firewall software thing, it may not be wise to throw it away. Check Joshua Brindle (an SELinux developer) ‘s  comments on disabling SELinux here, which states clearly that applications should be fixed to work with SELinux, rather than disabling the OS security mechanism.

So what I do is:

1. According to Selinux log(you can generate it with command “sealert -a /var/log/audit/audit.log”, run “setsebool -P httpd_enable_homedirs on” to enable the literal option(this command takes 20 secs to be done I don’t know why).
2. Still doesn’t work, after some googling I found this, run “chcon -t httpd_user_content_t /home/Viaxl/Music -R” to authorize world rx permissions to apache access (recursively) .

Now they all work right. I found this kind of multi-layer protection, though very complex, is really handful. In this case I only permit http daemon(as a “Target” of Selinux’s conception) to access my Music folder, and this can’t be done precisely by chmod or something.

网站/WordPress从虚拟主机搬家到VPS上

拖了一个月终于着手并且完成了。其实没有什么难的。但是因为我对Linux的了解非常局限,还是花了一番功夫,同时学了很多东西,在这里记一下。没有试图写一篇“手把手教你搬WP”,只是记录一些我觉得有帮助的东西,希望做同样的事情的且同样不是那么牛逼的Linux学习者们有用:)

虽说是WordPress搬家,但是任何一个小型网站搬家都差不多这样了吧,嘿嘿。

如果用cPanel和MySQLAdmin之类的东西可能就很傻瓜,但是第一cPanel太贵了(竟然要425多刀一年,我都笑了),第二VPS都买了必须必须要抓住每一个学Linux的机会啊。

过程如下(断断续续弄了好几天…): Read More