Fedora Servers :: Cannot Start Apache - No Read / Write Access To HTTP Files
Jan 14, 2009
I am trying to setup my webserver and I am trying to make a website to run under suexec but somehow I cannot start my apache it directly fails and SELinux is giving me errors and don't really know what to do with it, it is giving me some command to type but not sure if this will make my server less secure. The SELinux error is as follow:
SELinux prevented httpd reading and writing access to http files.
SELinux prevented httpd reading and writing access to http files. Ordinarily httpd is allowed full access to all files labeled with http file context. This machine has a tightened security policy with the httpd_unified turned off, this requires explicit labeling of all files. If a file is a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in order to be executed. If it is read-only content, it needs to be labeled httpd_TYPE_content_t, it is writable content. it needs to be labeled httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the chcon command to change these contexts. Please refer to the man page "man httpd_selinux" or FAQ [URL] "TYPE" refers to one of "sys", "user" or "staff" or potentially other script types.
Changing the "httpd_unified" boolean to true will allow this access: "setsebool
setsebool -P httpd_unified=1
I will write down how I did setup my server so maybe you can see a mistake I did. First I changed my Apache httpd.conf I added the following to it:
DirectoryIndex index.html index.html index.shtml index.php
Then I created the username "ulyaoth" with the group "ulyaoth" as I specified with my suexec, then I created all the directories as specified in my httpd.conf and "chown ulyaoth:ulyaoth (dirname)" them to the right group and username.
I am new to web server support. I have a request from my management to modify the logging slightly. Effectively I need to redirect a custom string from our http response into the apache access logs. When a user navigates to our site they receive a "dye" number that is associated with them. This number follows them to whatever cluster they are directed too. The string is formatted as such, com-company-dye: d0a2#6dfce. I need that that header dye to appear in the access logs so we can use that dye number as a key for troubleshooting issues though out our various monitoring systems.
I had to reinstall Ubuntu (Natty) on a brand new computer and while installing I setup the datas partition to be mounted in /usr but now I can't have access to files I put in there even if I setup the group/user permission! I can accezz /usr/Music but all files are locked
On an Apache2 server someone else setup, I have a folder with drwx--x--x permission and the php file can still write in the folder. But on my own setup, I need to set the same folder to drwx--x-wx. Inside the folder, I have a index.php that runs just by setting rwx--x--x but on my own setup, I need to allow read permission for others/group before it can run: rwxr-xr-x (or else I get a blank page). I tried changing the folder and files to root but it's the same.
I have 2 web server in my office : http and https. You will find attached the httpd.conf and ssl.conf. I can acces the https server from home, but not the http one.
What I did : configure the router to forward port 80 to my fedora 11 machine open port 80 with system-config-network created a virtualhost
The same exact steps have been done for port 443
I can access both server locally but only the https server remotelly.
Here are my iptables :
you can try to acces my servers using [url]
I made httpd to listen to port 8080, and done all the port forwarding/opening stuf, and it works. so is it a bug ?
Finally found my error seams like turning off UseCanonicalName to off did the trick
I really think it's a bug now. It was definitively working last week, I just added content to the main host of my website, and now i can't acces it from port 80. If someone think it's not a bug or find someting missing/wrong in my conf file.
On opening nautilus,it shows the XP ad Fedora partitions.Clicking on them mounts the partition.However,XP partitions are mounted in Read/write mode,whereas Fedora partition is mounted only in Read mode.What changes should i need to make in /etc/fstab to enable Read/Write access to Fedora partition as well?
I have fedora 13, and installed asterisk.. Before I had centos and have my asterisk running to test and learn.. but in fedora I see there is a http miniserver for admin asterisk..I edited enable, port and ip in the file http.con but when I try URL...I got 404 page no found Asterisk server.
Anybody know how to make an ext3 or 4 partition start up at boot with only the owner and its group having read and write access permissions.I don't want 'others' to have folder access. This is what i have done. / etc/fstab:/dev/sdb5/media/Data ext4 owner 1 2 The folder starts on the boot since it has been allocated a folder as u can see. Next i changed the the ownership and the group ownership of the folder:chown johnny:johnny /media/DataThe problem is that other users can few my partition since 'others' have read access. How do i change that to zero access?
I'm looking to set up a server with attached mass storage device and tape autoloader to run linux. It's set up under Windows at the moment. Goal is to have users, connecting from individual workstations and laptops, backup their data to the linux server. On their personal machine, some users run linux, some MacOS, some Windows. I plan to set up the 5 500 GB drives as RAID5. I understand that if setting up as software raid the format is "physical volume for RAID". Under this setup, will Windows users be able to read/write and function as expected? I can't assume only linux user access.
I need to install a program by using the address http://255.255.255.255. However, when I type this address in my browser, I get the following error: "Failed to connect. Firefox can't establish a connection to the server at 255.255.255.255. Though the site seems valid, the browser was unable to establish a connection." Is there an easy way to put this site into the air?
I have a few ubuntu servers which have samba shares on the network and for the most part have had little trouble with them. Recently we purchased a few iMac's for one of our deptartments and, while we're able to access the shares, all the files on them are read-only and we are unable to delete/modify files using the iMacs. This is not an issue with any of our windows machines (W2K, WinXP, Vista).
FedoraVersion 12 ConstantineNoyau Linux 126.96.36.199-174.2.3.fc.x86_64Gnome 2.28.2Memory 871.4 MoAMD Athlon LE-600Free disk 71.5GoSelinux is deactivated.Httpd doesnot start and, when I start "onfiguration des services", and click D�marrer, it runs for ever, but never starts Apache...
What are the possible problem when Windows access the file from Ubuntu got Read Only even though have a full permission to read, write and execute the file? Ubuntu to Ubuntu accessing the file there is no problem only Windows got a problem.
I have just installed Fedora 11 on a "fresh machine" and everything works ok, except for Apache httpd the message seen in the error_log is the following: Name or service not known: mod_unique_id: unable to find IPv4 address of "myserver"
I've installed Fedora 12 Desktop in order to develop a simple website, which is going to use some PHP.
I will need:code editor to write html/css/php local apache server running php browser how to get me up and running in no time with least extra configurations.
Bonus: I'm going to run all this in a virtual box on my company computer. I'd love to be able to stay undercover with this, so if one of you can tell me how to configure the apache server not to be too visible to the company network/domain, that'd be excellent.
I'm running Fedora 15. I installed mod_ssl and tried restarting Apache. I get the following error:
Code: (98)Address already in use: make_sock: could not bind to address [::]:443 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down Unable to open logs I rebooted the server, thinking there was some process in the background that was stopping Apache from listening on 443. Same problem.
netstat -A inet -lnp and lsof -i tcp:443
I remove mod_ssl and Apache starts.
The other question I have is what to do with /var/www/html
In the default install, root:root owns it, but I want people to be able to ftp in to that folder and write to it without using the root account. I'm thinking of changing the group to apache and putting the ftp users in the apache group. What is the recommended behavior here?
I did a wget on the source and built the apache binaries correctly. Now what do I need to do to get some documents accessible using HTTP (start some services?)? Also, do I need to group all the files I want to make accessible in some directory and make the directory and its contents accessible or can I just make the individual documents available? I will be providing these links to my colleagues and do not want them to be down, so need to make sure that the apache services are up automatically after a reboot. Does apache have some inbuilt support for this?
I'm trying to set up a computer to allow a specific samba user to access and write to a folder on the web-server without any luck. I've tried creating symbolic links in the users home to the folder (/var/www/html/something) on the web server and from the server to a directory in the users home but neither seems to work. I haven't seen any errors from SELINUX either but I'm kind of stuck. Also tried adding a directory section and alias line to the httpd.conf but after doing that apache wouldn't start so I'm not really sure how this would be done properly.
I have tftpd-hpa and dhcp3-server up and running. I just want to install server edition via network, from the host machine (my laptop, running ubuntu 9.10) with an ISO file (ubuntu 8.04 32-bit server edition). I managed to boot the client machine with pxe-netboot technique, but instead downloading all the files from internet, I need to do this process directly from ISO. To transfer ISO from host to client, I also installed Apache. I unpacked ISO file into /var/lib/tftpboot/server/. I created a link to the Apache root: /var/www
Code: ubuntu@ubuntu:/var/www$ ls returns => index.html server server folder is the place where I unpacked the ISO.
My dhcp3-server has this setup and it works well with netboot, but I don't know how to add Apache to the formula to transfer the iso file from host to client. Firewall is disabled. This is my edited /etc/dhcp3/dhcpd.conf file.
When I pxe-boot the client, the process comes to a halt when tftp server is trying to access to pxelinux.0 file. I got thls error: PXE-T00: Permission denied PXE-E36: Error received from TFTP server I have no experience with Apache... so I think there is a problem with my IP addresses.. Do I need to use 127.0.1.1 instead of 192.168.2.1 (my routers IP)?
I'm using Arch right now and i'm having problems syncing my ipod with Amarok (KDE). Everytime I would want to sync a song, it would give me access denied. it is currently mounted at /tmp/ipodbxQtrU and i have tried using chmod with no luck. I was in root when i used "chmod -R user ipodbxQtrU" and it said operation not permitted.
I recently installed Ubuntu 10.04 using Wubi on an ACER Aspire 5000 XP laptop. Everything runs ok and I can access my Windows folders from Ubuntu through the host directory but only as Read Only. I have checked to make sure that the Windows folder I want to access (My Documents) is not designated as Read Only in Windows.
I own a particular file on a Linux system. I would like to give 2 groups (accounting, shipping) read access and only read access, and 3 users(Mike, Raj and Wally) write access and only write access. How can I accomplish this?
I have apache2 running on my computer. I want to change the permissions for /var/www/ so that I can edit the files without a problem. Right now I can use the gksudo command, but I'd like to be able to have all the files available when using an IDE like eclipse. I've read in several places that Code: chmod 755 /var/www will do, but if I'm not mistaken that would give read/write access to anyone. I'm not in a production environment, so I'm not too worried about security, but I'd like to give anyone else as less permissions as possible. Would this be possible?
I am trying to set up an ampache server using apache as the webserver. The instructions have the following line as one of the requirments: Your webserver has read access to the /sql/ampache.sql file and the /config/ampache.cfg.php.dist file..I have essentially zero experience with apache, and I'm not sure how to grant read access to a file.
I have installed Ubuntu 11.04 64 bit desktop version on ext4 partition without swap. I have maximus iv extreme motherboard with 8 Gbytes RAM. Using 3 internal ntfs formatted hard drives and 3 external ntfs usb 2.0 hard drives.When I am trying to copy or move files FROM or TO any ntfs partiton it is 90 percent chance it is going to freeze.For copy/moving files I am using krusader run as ROOT or as user without root privilege or Nautilus as user without root privilege. It wasn't possible to switch to another terminal - it simply does not react on keyboard or mouse input and only hard reset is possible (scares me because of ntfs disks)From this point of view I have suspicious on ntfs driver but:I am completely beginner in linux and I am looking for help to navigate me how to investigate to find what is causing the problem eventually to solve it?
According to my experience it seems to does not matter if hard disk is internal or external connected through SATA II or SATA III or USB 2.0. I have tried to manipulate with ntfspartitions through the vmware or virualbox or truecrypt software or just do a simplecopy/move files - it have has always the same results - freeze. There is not possible to say how long it is going to work properly and when it is going to freeze - sometimes it's working hour, sometimes it's working couple of seconds - no matter if it is read or write operation/s within ntfs partition.