chown command in messed-up webserver

Support for webhosts that use CentOS
Post Reply
JTsquared
Posts: 2
Joined: 2008/11/13 06:13:29
Contact:

chown command in messed-up webserver

Post by JTsquared » 2008/11/13 06:54:20

Hi, here is a newbie that messed around...sorry, really!

I happen to run the command "chown -R root.user1" in the document root location (/var/www/html) and messed-up my webserver. My purpose was to give a write-permission for a webmaster.

I did another chown command for the purpose of putting back the ownership to root.apache but problem was not solved.
I later realized that Centos 5 is running SELinux! I have been used to the old Redhat distro...my ignorance.

Also tried several commands using 'restorecon' and 'chcon' but to no avail.

Is there a way to refresh Apache 2 in the system as to reset the permissions of SELinux in the doc root? I tried to do away with permissive already but the pages are not accessible (permission denied or forbidden).

thanks in advance for helping!

JT

mickh
Posts: 124
Joined: 2008/02/15 09:42:43
Location: Australia

chown command in messed-up webserver

Post by mickh » 2008/11/13 13:05:01

Changing theowner of the files in DocumentRoot to a non-root user (apache.apache for example) and then running restorecon should fix this problem.

chown -R apache.apache /var/www/html/*
restorecon -R apache.apache /var/www/html/

If that doesn't work, investigate a little further with 'ls -alZ' and fine tune the settings with 'chcon -R'.
Check out 'man chcon' for the -u, -r and -t flags in particular.

The chown, restorecon and possibly chcon tools should be able to solve this without reinstalling Apache or disabling SELinux.

JTsquared
Posts: 2
Joined: 2008/11/13 06:13:29
Contact:

Re: chown command in messed-up webserver

Post by JTsquared » 2008/11/14 00:28:19

hi mickh,

I hope the below results will give some hints.

# chown -R apache.apache /var/www/html/*
chown: changing ownership of `/var/www/html/index.html': Operation not permitted

# restorecon -R apache.apache /var/www/html/
restorecon: error while labeling files under apache.apache

# setenforce 0
[root@server1 ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 18
Policy from config file:targeted

Policy booleans:
allow_syslog_to_console inactive
allow_ypbind inactive
dhcpd_disable_trans inactive
httpd_builtin_scripting active
httpd_disable_trans inactive
httpd_enable_cgi active
httpd_enable_homedirs active
httpd_ssi_exec active
httpd_tty_comm inactive
httpd_unified active
mysqld_disable_trans inactive
named_disable_trans inactive
named_write_master_zonesinactive
nscd_disable_trans inactive
ntpd_disable_trans inactive
pegasus_disable_trans inactive
portmap_disable_trans inactive
postgresql_disable_transinactive
snmpd_disable_trans inactive
squid_disable_trans inactive
syslogd_disable_trans inactive
use_nfs_home_dirs inactive
use_samba_home_dirs inactive
use_syslogng inactive
winbind_disable_trans inactive
ypbind_disable_trans inactive

...confusing :-(
thanks- JT

mickh
Posts: 124
Joined: 2008/02/15 09:42:43
Location: Australia

Re: chown command in messed-up webserver

Post by mickh » 2008/11/14 03:11:54

[quote]
# chown -R apache.apache /var/www/html/*
[/quote]

Hmm, that's odd. Are you running these commands as root?

[quote]
# restorecon -R apache.apache /var/www/html/
[/quote]

I'm sorry, that is a cut-and-paste error. It should have been:

[quote]
# restorecon -R /var/www/html/
[/quote]


This command will give you full info about who owns what in /var/www/html and what the SELinux permissions are:

ls -alZ /var/www/html

Post Reply

Return to “CentOS 5 - Webhosting Support”