Hey all: I'm running Apache webserver (duh) on a Fedora Core 5 system.
I admit that I erred slightly in my original post. Perhaps SELinux is not guilty after all, perhaps it is. I took another look at things last night and here's the deal. Apache and SELinux will allow me to post images on the page with <IMG SRC> just fine, *if* the image is in the same directory as the .html document calling it. However, if I place images in a separate directory below the web folder (as I would prefer to do), I get "broken gif" symbols where my pictures should be. This holds true even after I've made sure the image pathname in the <IMG SRC> tag is correct. Why does the system want to give me a hard time about this? I also tried putting a hypertext document in the image subdirectory, then calling it via a hyperlink from a page located in the parent web folder. The image hypertext doc dutifully shows up, but again, I get broken gif symbols instead of my pictures. WTF? The image directory and its contents have been chmod'ed to 755 just to be sure...and what's even stranger is that this scheme seemed to work fine back when I used FrontPage to generate my HTML code instead of writing it manually as I'm currently doing. (Long story.) Why would that make a lick of difference? As requested, here is the relevant snippet from /var/log/httpd/error_log. Parentdocument.html is of course the one containing the <A HREF="images.html"> images.html </A> link tag, while images.html is the one inside the images folder itself where I've placed an <IMG SRC> tag to actually call the picture. [Thu Jun 22 01:12:57 2006] [error] [client 71.XXX.XXX.XXX] (13)Permission denied: access to /images/picture012.jpg denied, referer: http://www.<mydomain.com>/parentdocument.html [Thu Jun 22 01:18:15 2006] [error] [client 71.XXX.XXX.XXX] File does not exist: /var/www/html/<mydomain.com>/images/ranch_trip_032, referer: http://www.<mydomain.com>/images/images.html Doesn't exist? This is a joke, right? [Thu Jun 22 01:19:24 2006] [error] [client 71.XXX.XXX.XXX] (13)Permission denied: access to /images/ranch_trip_032.jpg denied, referer: http://www.<mydomain.com>/images/images.html Interesting...first it doesn't exist, now it does exist but permission is denied. [Thu Jun 22 01:21:29 2006] [error] [client 71.XXX.XXX.XXX] (13)Permission denied: access to /images/ranch_trip_032.jpg denied, referer: http://www.<mydomain.com>/images/images.html [Thu Jun 22 01:21:30 2006] [error] [client 71.XXX.XXX.XXX] (13)Permission denied: access to /images/ranch_trip_032.jpg denied, referer: http://www.<mydomain.com>/images/images.html [Thu Jun 22 01:21:39 2006] [error] [client 71.XXX.XXX.XXX] (13)Permission denied: access to /images/ranch_trip_032.jpg denied, referer: http://www.<mydomain.com>/images/images.html [Thu Jun 22 01:38:58 2006] [error] [client 71.XXX.XXX.XXX] (13)Permission denied: access to /images/ranch_trip_032.jpg denied, referer: http://www.<mydomain.com>/images/images.html One more detail, in case it's relevant. I chown'ed my entire web folder to a regular user account I'd created for the purpose, as I wasn't comfortable having to log in as root just to work on my website. Root still owns /var/www/html, but the web admin user owns the *contents* of html and everything below that. Why would that matter either, since all the files are chmod'ed to be world-readable? Would it help to chown www/html to the web user as well? (Obviously nobody except root can own /var itself.) This has GOT to be something having to do with permissions or paths. Help, please. Matt Message: 5 Date: Wed, 14 Jun 2006 11:53:18 -0700 (PDT) From: Jan W <[EMAIL PROTECTED]> Subject: Re: [vox-tech] selinux woes To: lugod's technical discussion forum <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=iso-8859-1 Hi Z: Check the logs. The /var/log/messages should have entries about selinux applying its policy (if selinux is the problem). Also, check the apache logs (/var/log/httpd by default). The logs should give you an idea if it's standard unix permissions or the selinux policy. If the user that apache runs as (check your httpd.conf) does not have permission to read a directory, or a file in a directory, it sends 403 forbidden. If there is something confusing or weird in the logs, post them (with hostnames/ip addy's XXXX'd out, of course). The (meaningful and helpful) logs in *nix are alot of the reason why I switched in the first place. --HTHO jan _______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
