Results 1 to 4 of 4

Thread: centos + apache + php-fcgi + vhost + chroot problem

  1. #1
    Junior Member
    Join Date
    Mar 2011
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default centos + apache + php-fcgi + vhost + chroot problem

    hey folks,

    i've got a little problem with the given topic. i followed the nixcraft tut "Red Hat / CentOS: Chroot Apache 2 Web Server, knowing that it was written for mod_php. i thought i could fix the rest, but obviously i can't, so i will need a little help from you guys.

    Apache Error Log says:
    [notice] SELinux policy enabled, httpd running as context root:system_r:unconfined_t:SystemLow-SystemHigh
    [notice]suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [notice]ModSecurity for Apache/2.5.13 configured
    [notice]mod_chroot: changed root to /httpjail
    [ermerg](2) No such file or directory: mod_fcgid: Can't create share memory for size %zu byte

    does anyone know how to fix this? do you need further information to help?

    thx everyone.

  2. #2
    Senior Member raj's Avatar
    Join Date
    Jun 2005
    Location
    Hyderabad
    Posts
    566
    Thanks
    57
    Thanked 41 Times in 38 Posts
    Rep Power
    14

    Default

    Seems like SELinux related problem. See log file or disable the SELinux and try again.
    Raj
    Linux rulz.
    I have never turned back in my life ; I shall not do so today.. haha

  3. #3
    Junior Member
    Join Date
    Mar 2011
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    hi raj,

    thx for the advice. i tried it and actually it seems to be a selinux problem. do you know how to enable that module via selinux, so that i dont have to deactive it completely?

  4. #4
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,512
    Thanks
    17
    Thanked 799 Times in 511 Posts
    Rep Power
    10

    Default

    You will see an error message in /var/log/messages file related to selinux. Run sealert command to get information. Here is an example of the same from my /var/log/messages

    Code:
    Mar  5 19:23:45 p-www588 setroubleshoot: SELinux is preventing the http daemon from reading users' home directories. For complete SELinux messages. run sealert -l 009d348a-d6a1-4293-9fcb-0fec54c7a8f8
    So you need to run
    Code:
    sealert -l 009d348a-d6a1-4293-9fcb-0fec54c7a8f8
    sample outputs
    Code:
    Summary:
    
    SELinux is preventing the http daemon from reading users' home directories.
    
    Detailed Description:
    
    SELinux has denied the http daemon access to users' home directories. Someone is
    attempting to access your home directories via your http daemon. If you have not
    setup httpd to share home directories, this probably signals a intrusion
    attempt.
    
    Allowing Access:
    
    If you want the http daemon to share home directories you need to turn on the
    httpd_enable_homedirs boolean: "setsebool -P httpd_enable_homedirs=1"
    
    The following command will allow this access:
    
    setsebool -P httpd_enable_homedirs=1
    
    Additional Information:
    
    Source Context                system_u:system_r:httpd_t
    Target Context                root:object_r:home_root_t
    Target Objects                lighttpd [ lnk_file ]
    Source                        lighttpd
    Source Path                   /usr/sbin/lighttpd
    Port                          <Unknown>
    Host                          p-www588.xxxxyyyzz.mil.in
    Source RPM Packages           
    Target RPM Packages           
    Policy RPM                    selinux-policy-2.4.6-300.el5
    Selinux Enabled               True
    Policy Type                   targeted
    MLS Enabled                   True
    Enforcing Mode                Enforcing
    Plugin Name                   httpd_enable_homedirs
    Host Name                     p-www588.xxxxyyyzz.mil.in
    Platform                      Linux p-www588.xxxxyyyzz.mil.in 2.6.18-238.5.1.el5 #1
                                  SMP Mon Feb 21 05:52:39 EST 2011 x86_64 x86_64
    Alert Count                   16
    First Seen                    Sun Jan 23 11:56:43 2011
    Last Seen                     Sat Mar  5 19:23:45 2011
    Local ID                      009d348a-d6a1-4293-9fcb-0fec54c7a8f8
    Line Numbers                  
    
    Raw Audit Messages            
    
    host=p-www588.xxxxyyyzz.mil.in type=AVC msg=audit(1299374625.218:23): avc:  denied  { read } for  pid=3845 comm="lighttpd" name="lighttpd" dev=sda2 ino=10551313 scontext=system_u:system_r:httpd_t:s0 tcontext=root:object_r:home_root_t:s0 tclass=lnk_file
    
    host=p-www588.xxxxyyyzz.mil.in type=SYSCALL msg=audit(1299374625.218:23): arch=c000003e syscall=4 success=no exit=-13 a0=3e9f880 a1=7fffdfc8ee30 a2=7fffdfc8ee30 a3=7474682f7a69622e items=0 ppid=3741 pid=3845 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lighttpd" exe="/usr/sbin/lighttpd" subj=system_u:system_r:httpd_t:s0 key=(null)
    The above provides detailed error and solution too.
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. cPanel Apache chroot Setup
    By ZER0 in forum Web servers
    Replies: 2
    Last Post: 7th March 2012, 09:40 AM
  2. SVN on CentOS without Apache
    By ancel in forum CentOS / RHEL / Fedora
    Replies: 5
    Last Post: 21st October 2010, 03:44 PM
  3. Lighttpd vhost and subdomain
    By flipmode in forum Web servers
    Replies: 1
    Last Post: 29th July 2010, 10:31 AM
  4. OpenSSH 4.7+ CentOS and chroot-ed SFTP
    By iSpaZZZ^ in forum CentOS / RHEL / Fedora
    Replies: 21
    Last Post: 7th June 2010, 01:38 AM
  5. lighttpd chroot centos
    By maxBirdy in forum Web servers
    Replies: 3
    Last Post: 3rd May 2010, 01:38 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •