SElinux samba/ httpd/

Support for security such as Firewalls and securing linux
supertight
Posts: 98
Joined: 2017/02/07 21:47:51

SElinux samba/ httpd/

Postby supertight » 2017/05/20 03:20:19

I have apache 2 running with root folder "/var/www/html/nbseven.info" .
I also have the root folder "/var/www/html/nbseven.info" setup for a samba share. So I can edit the files from a windows machine.

I'm having problems with the selinux. httpd was hosting my index.html file with no issue. The problem began when setting the permissions samba.

for the samba share, I passed :

Code: Select all

chcon -t samba_share_t nbseven.info/


This locked httpd out of the file. httpd was still running. However, httpd was showing the default page. Not my index page.
I determined selinux was my problem by toggling "setenforce" and being able to view the proper index.html page.

Attempting to fix, allowing both samba and httpd access to the folder:

Code: Select all

chcon -t public_content_rw_t /var/www
setsebool -P allow_smbd_anon_write 1
setsebool -P allow_httpd_anon_write 1


This did not repair my configuration.
Can anyone see where I'm off?

Thank you for reading.

supertight
Posts: 98
Joined: 2017/02/07 21:47:51

Re: SElinux samba/ httpd/

Postby supertight » 2017/05/21 01:16:02

I cleared selinux and reloaded to default settings. Passed the above commands and boom. they are up and showing the correct index.html pages.

peterhoth
Posts: 1
Joined: 2017/05/28 16:46:08

Re: SElinux samba/ httpd/

Postby peterhoth » 2017/05/28 16:49:23

hi supertight, may i know how did you 'cleared selinux' ? Did you disable it ?

supertight
Posts: 98
Joined: 2017/02/07 21:47:51

Re: SElinux samba/ httpd/

Postby supertight » 2017/06/02 22:10:57

peterhoth wrote:hi supertight, may i know how did you 'cleared selinux' ? Did you disable it ?



Code: Select all

# setenforce 0
# yum erase selinux\*
# rm -rf /etc/selinux
# yum install selinux-policy-targeted
# touch /.autorelabel
# reboot

aks
Posts: 2498
Joined: 2014/09/20 11:22:14

Re: SElinux samba/ httpd/

Postby aks » 2017/06/05 18:13:04

# setenforce 0


Set to permissive mode.

# yum erase selinux\*


Remove SELinux

# rm -rf /etc/selinux


And then some!

# yum install selinux-policy-targeted


Now install se....

# touch /.autorelabel


Relabel on a Permissive setting.

The problem revolves around the default policy set. The place (/var/www/html) is defined as "good" for HTTP, not CIFS. The way to fix it to add a new type to fcontexts, but that is probably more complex than you are prepared to do (you've effectively disabled SELinux).

User avatar
TrevorH
Forum Moderator
Posts: 20958
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SElinux samba/ httpd/

Postby TrevorH » 2017/06/05 18:22:22

In reality I suspect only the last step of those was required - the autorelabel.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke