On Friday, August 29, 2014 10:11:37 PM Tornóci László wrote: > Yes, in Fedora, RHEL, CentOS etc SELinux is in "enforcing" mode by > default. You can switch it into "permissive" mode by typing as root: > setenforce 0 > > In this mode, the errors still show up in /var/log/audit/audit.log, but > SELinux will not prevent the operation. By default anything under > /var/www gets a SELinux label that allows the apache process to read the > files (of course traditional ownership, permission restrictions still > apply) but the apache process cannot write anything there. You need to > change the SELinux labels of the directory and files you want to be > written by apache. (To see the labels use ls -Z) Once there are no more > errors in the audit.log, you should switch back to enforcing mode > (setenforce 1). > I think to allow httpd to write a subdir you need to do this as root: > > semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/subdir(/.*)?' > restorecon -R -v /var/www/subdir > > but I don't really know SELinux well enough, so no guarantees. > But SELinux is good for you, so don't just switch it off! > > Yours: Laszlo
Thank for the info. I have set setenforce to 0 and it is working. I am trying the setup in a VM so SELinux is not a priority but I should look into it when I move into production. I have more questions. 1. Will the OBS repo install the packages but not set the correct permissions? 2. Are these permissions correct and secure? chown -R apache:apache /var/www/html/owncloud/ chmod 777 /var/www/html/owncloud/config/ chmod 750 /var/www/html/owncloud/data 3. I am probably responsible for making any changes to Apache config. Is that correct? -- Sudhir Khanger, http://sudhirkhanger.com http://github.com/donniezazen _______________________________________________ User mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/user
