Hi z and Tam, thank you for all the wonderful heps. I set my local file to httpd_sys_content_t, then create a soft link of that file in my vhost document root, and it works. I can see my soft link now. Mike
________________________________ From: zxq9 <[email protected]> To: Mike Chan <[email protected]> Cc: "[email protected]" <[email protected]> Sent: Tuesday, April 3, 2012 12:27 PM Subject: Re: soft link for web vhost On 04/04/2012 01:05 AM, Mike Chan wrote: > > *From:* Tam Nguyen: >> >> Mike, >> the link provided some clues, but you got to put them together. For >> example, in your vhost configuration, you need to have this parameter, >> which mentioned in the discussion: >> >> Options FollowSymLinks >> >> >> but that alone is not enough. If the original file is on your local >> server, then you need to validate its SELinux security context type to >> match your vhost's SELinux security context type. >> This is what you need: >> httpd_sys_content_t > > Hi Tam, > I m sorry the discussion in the link did not mention SELinux. How do I > find this SELinux type? I am not familiar with SELinux. Mike, This depends on where your document root is for your vhost. If your html files are in /var/www/html someplace then you should be OK with the normal SELinux settings. If your html files are in /home/yourname/public-html or some place like that you will need to change the SELinux context for the directory tree that the html files are in *and* you will need to set some SELinux booleans that give Apache permission to see outside of /var/www. A quick rundown on SELinux permissions: An "SELinux context" is just like another type of file permission, but it is more detailed. Normal Unix file permissions look like this (using the command "ls -l"): [ceverett@taco www]$ ls -l drwxr-xr-x. 4 root root 4096 Mar 19 15:37 stat drwxr-xr-x. 2 root root 4096 Apr 3 00:07 wsgi-sc The "drwxr-xr-x" part is the normal permissions like you're probably used to seeing already, along with the owner of the directories in my /var/www directory. SELinux contexts are additional permissions that act sort of like permission zones. You can see them by using the "ls -Z" command: [ceverett@taco www]$ ls -Z drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 stat drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 wsgi-sc Now look at the difference between these permissions and a directory in my home folder: [ceverett@taco ~]$ ls -Z drwxrwxr-x. ceverett ceverett unconfined_u:object_r:home_bin_t:s0 bin drwxrwxr-x. ceverett ceverett unconfined_u:object_r:user_home_t:s0 Code You see that there are a few different context types listed. This the kind of thing that must change for Apache to see into a place other than /var/www. To set Unix permissions you use the command "chmod", but to change SELinux permissions you use the command "chcon". I suggest reading "man chcon" a little to understand what is going on before you just start goin crazy chconning everything. -z
