httpd with SElinux
Giving httpd access to other folders (apart from default SElinux allowed folders):
- system-config-selinux rocks!!
Go to System-> Administration -> SELinux Management (or system-config-selinux from command line).
Type httpd in Filter and press enter. You will see that files that allow httpd write access have the Selinux File Type httpd_cache_t:s0. So.. now you know what to do right? Say you want to give httpd write access to folder /var/lib/dokuwiki/data/cache, then add a new file labelling using the Add button with the following details:File specifications: /var/lib/dokuwiki/data/cache(/.*)? File Type: all files SELinux Type: httpd_cache_t MLS: s0
and thenrestorecon /var/lib/dokuwiki/data/cache
OR
- Go to /var/lib/dokuwiki/data and apply the selinux file type to cache directory
chcon -R -t httpd_cache_t /var/lib/dokuwiki/data/cache
And now, httpd should have write access to this folder. - *Running httpd on other ports:**
Open /etc/httpd/http.conf and changeListen 80
toListen 81
If you use VirtualHosts, you need to change the ports there instead (<VirtualHost *:81>)
Giving httpd access to other ports:
Go to Network Port in SELinux Administration and filter of “80” and press enter. You will see an entry for http_port_t. Create a similar new entry for port 81 for SELinux Port type http_port_1.
And that’s it.
Links to posts that helped me:
Dan Walsh’s Blog
httpd with SElinux