Results 1 to 4 of 4

Thread: centos + apache + php-fcgi + vhost + chroot problem

  1. #1
    Junior Member
    Join Date
    Mar 2011
    Thanked 0 Times in 0 Posts
    Rep Power

    Default centos + apache + php-fcgi + vhost + chroot problem

    hey folks,

    i've got a little problem with the given topic. i followed the nixcraft tut "Red Hat / CentOS: Chroot Apache 2 Web Server, knowing that it was written for mod_php. i thought i could fix the rest, but obviously i can't, so i will need a little help from you guys.

    Apache Error Log says:
    [notice] SELinux policy enabled, httpd running as context root:system_r:unconfined_t:SystemLow-SystemHigh
    [notice]suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [notice]ModSecurity for Apache/2.5.13 configured
    [notice]mod_chroot: changed root to /httpjail
    [ermerg](2) No such file or directory: mod_fcgid: Can't create share memory for size %zu byte

    does anyone know how to fix this? do you need further information to help?

    thx everyone.

  2. #2
    Senior Member raj's Avatar
    Join Date
    Jun 2005
    Thanked 41 Times in 38 Posts
    Rep Power


    Seems like SELinux related problem. See log file or disable the SELinux and try again.
    Linux rulz.
    I have never turned back in my life ; I shall not do so today.. haha

  3. #3
    Junior Member
    Join Date
    Mar 2011
    Thanked 0 Times in 0 Posts
    Rep Power


    hi raj,

    thx for the advice. i tried it and actually it seems to be a selinux problem. do you know how to enable that module via selinux, so that i dont have to deactive it completely?

  4. #4
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Thanked 824 Times in 511 Posts
    Rep Power


    You will see an error message in /var/log/messages file related to selinux. Run sealert command to get information. Here is an example of the same from my /var/log/messages

    Mar  5 19:23:45 p-www588 setroubleshoot: SELinux is preventing the http daemon from reading users' home directories. For complete SELinux messages. run sealert -l 009d348a-d6a1-4293-9fcb-0fec54c7a8f8
    So you need to run
    sealert -l 009d348a-d6a1-4293-9fcb-0fec54c7a8f8
    sample outputs
    SELinux is preventing the http daemon from reading users' home directories.
    Detailed Description:
    SELinux has denied the http daemon access to users' home directories. Someone is
    attempting to access your home directories via your http daemon. If you have not
    setup httpd to share home directories, this probably signals a intrusion
    Allowing Access:
    If you want the http daemon to share home directories you need to turn on the
    httpd_enable_homedirs boolean: "setsebool -P httpd_enable_homedirs=1"
    The following command will allow this access:
    setsebool -P httpd_enable_homedirs=1
    Additional Information:
    Source Context                system_u:system_r:httpd_t
    Target Context                root:object_r:home_root_t
    Target Objects                lighttpd [ lnk_file ]
    Source                        lighttpd
    Source Path                   /usr/sbin/lighttpd
    Port                          <Unknown>
    Source RPM Packages           
    Target RPM Packages           
    Policy RPM                    selinux-policy-2.4.6-300.el5
    Selinux Enabled               True
    Policy Type                   targeted
    MLS Enabled                   True
    Enforcing Mode                Enforcing
    Plugin Name                   httpd_enable_homedirs
    Host Name           
    Platform                      Linux 2.6.18-238.5.1.el5 #1
                                  SMP Mon Feb 21 05:52:39 EST 2011 x86_64 x86_64
    Alert Count                   16
    First Seen                    Sun Jan 23 11:56:43 2011
    Last Seen                     Sat Mar  5 19:23:45 2011
    Local ID                      009d348a-d6a1-4293-9fcb-0fec54c7a8f8
    Line Numbers                  
    Raw Audit Messages             type=AVC msg=audit(1299374625.218:23): avc:  denied  { read } for  pid=3845 comm="lighttpd" name="lighttpd" dev=sda2 ino=10551313 scontext=system_u:system_r:httpd_t:s0 tcontext=root:object_r:home_root_t:s0 tclass=lnk_file type=SYSCALL msg=audit(1299374625.218:23): arch=c000003e syscall=4 success=no exit=-13 a0=3e9f880 a1=7fffdfc8ee30 a2=7fffdfc8ee30 a3=7474682f7a69622e items=0 ppid=3741 pid=3845 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lighttpd" exe="/usr/sbin/lighttpd" subj=system_u:system_r:httpd_t:s0 key=(null)
    The above provides detailed error and solution too.
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. cPanel Apache chroot Setup
    By ZER0 in forum Web servers
    Replies: 2
    Last Post: 7th March 2012, 09:40 AM
  2. SVN on CentOS without Apache
    By ancel in forum CentOS / RHEL / Fedora
    Replies: 5
    Last Post: 21st October 2010, 03:44 PM
  3. Lighttpd vhost and subdomain
    By flipmode in forum Web servers
    Replies: 1
    Last Post: 29th July 2010, 10:31 AM
  4. OpenSSH 4.7+ CentOS and chroot-ed SFTP
    By iSpaZZZ^ in forum CentOS / RHEL / Fedora
    Replies: 21
    Last Post: 7th June 2010, 01:38 AM
  5. lighttpd chroot centos
    By maxBirdy in forum Web servers
    Replies: 3
    Last Post: 3rd May 2010, 01:38 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts