fedora apache test page提示
2009-12-01 13:54
253 查看
SELinux示例
前面SELinux讲的是一些必要性和概念. 但是不是很明显具体是怎么回事.
我们这里来显示一个例子. 我们在安装完fedora10(+web service), 并且注释掉了那个welcome.conf(apache的,我想这个我就不多做解释了)和启动了apache后. 我们在/var/www/html下就可以放web文件了. 通过http://localhost能看到这些.
我们先看下那个目录的SELinux属性.[root@localhost ~]# ls -Z /var/www
drwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t:s0 error
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t:s0 html
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t:s0 icons
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t:s0 manual
drwxr-xr-x webalizer root system_u:object_r:httpd_sys_content_t:s0 usage我们可以看到是 "system_u:object_r:httpd_sys_content_t:s0 html". 我们以root账户进去, 然后新建一个文件, 比如info.php(就是phpinfo函数...内容在这里无关紧要).[root@localhost ~]# ls -Z /var/www/html
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 info.php我们会发现SELinux属性和目录的一致. 所以我们可以认为这东东是上下文相关(会继承目录的SELinux属性).上面这样做是正常的. 我们会发现在http://localhost下是可以访问到这个文件的(也能正确执行)...
不过,也有一种可能, 比如我在root家目录下写文件, 然后拷贝到这个目录下.[root@localhost ~]# pwd
/root
[root@localhost ~]# touch test.html
[root@localhost ~]# ls -Z test.html
-rw-r--r-- root root unconfined_u:object_r:admin_home_t:s0 test.html
[root@localhost ~]# mv test.html /var/www/html/ #注意: 假如是cp的话就是正常的
[root@localhost ~]# ls -Z /var/www/html/test.html
-rw-r--r-- root root unconfined_u:object_r:admin_home_t:s0 /var/www/html/test.html然后当我们试图通过http://localhost去访问test.html时, SELinux会进行阻止, 并有警告.Summary:
SELinux is preventing the httpd from using potentially mislabeled files
(/var/www/html/test.htm).
Detailed Description:
...
并给出解决方案.[root@localhost ~]# restorecon -v /var/www/html/test.html
restorecon reset /var/www/html/test.html context unconfined_u:object_r:admin_home_t:s0->system_u:object_r:httpd_sys_content_t:s0这样, 该文件就能在浏览器里执行了.
当然你也可以用chcon命令来实现.[root@localhost ~]# ls -Z /var/www/html/
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 info.php
-rw-r--r-- root root unconfined_u:object_r:admin_home_t:s0 test.html
[root@localhost ~]# chcon -u unconfined_u -r object_r -t httpd_sys_content_t -ls0 /var/www/html/test.html
[root@localhost ~]# ls -Z /var/www/html/
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 info.php
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 test.html
(-u, -r, -l 可省,一样)
本文出自 “任我的技术博客” 博客,请务必保留此出处http://tzsky.blog.51cto.com/1062094/237282
前面SELinux讲的是一些必要性和概念. 但是不是很明显具体是怎么回事.
我们这里来显示一个例子. 我们在安装完fedora10(+web service), 并且注释掉了那个welcome.conf(apache的,我想这个我就不多做解释了)和启动了apache后. 我们在/var/www/html下就可以放web文件了. 通过http://localhost能看到这些.
我们先看下那个目录的SELinux属性.[root@localhost ~]# ls -Z /var/www
drwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t:s0 error
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t:s0 html
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t:s0 icons
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t:s0 manual
drwxr-xr-x webalizer root system_u:object_r:httpd_sys_content_t:s0 usage我们可以看到是 "system_u:object_r:httpd_sys_content_t:s0 html". 我们以root账户进去, 然后新建一个文件, 比如info.php(就是phpinfo函数...内容在这里无关紧要).[root@localhost ~]# ls -Z /var/www/html
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 info.php我们会发现SELinux属性和目录的一致. 所以我们可以认为这东东是上下文相关(会继承目录的SELinux属性).上面这样做是正常的. 我们会发现在http://localhost下是可以访问到这个文件的(也能正确执行)...
不过,也有一种可能, 比如我在root家目录下写文件, 然后拷贝到这个目录下.[root@localhost ~]# pwd
/root
[root@localhost ~]# touch test.html
[root@localhost ~]# ls -Z test.html
-rw-r--r-- root root unconfined_u:object_r:admin_home_t:s0 test.html
[root@localhost ~]# mv test.html /var/www/html/ #注意: 假如是cp的话就是正常的
[root@localhost ~]# ls -Z /var/www/html/test.html
-rw-r--r-- root root unconfined_u:object_r:admin_home_t:s0 /var/www/html/test.html然后当我们试图通过http://localhost去访问test.html时, SELinux会进行阻止, 并有警告.Summary:
SELinux is preventing the httpd from using potentially mislabeled files
(/var/www/html/test.htm).
Detailed Description:
...
并给出解决方案.[root@localhost ~]# restorecon -v /var/www/html/test.html
restorecon reset /var/www/html/test.html context unconfined_u:object_r:admin_home_t:s0->system_u:object_r:httpd_sys_content_t:s0这样, 该文件就能在浏览器里执行了.
当然你也可以用chcon命令来实现.[root@localhost ~]# ls -Z /var/www/html/
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 info.php
-rw-r--r-- root root unconfined_u:object_r:admin_home_t:s0 test.html
[root@localhost ~]# chcon -u unconfined_u -r object_r -t httpd_sys_content_t -ls0 /var/www/html/test.html
[root@localhost ~]# ls -Z /var/www/html/
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 info.php
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 test.html
(-u, -r, -l 可省,一样)
本文出自 “任我的技术博客” 博客,请务必保留此出处http://tzsky.blog.51cto.com/1062094/237282
相关文章推荐
- 突然发现网站跳转到Apache 2 Test Page powered by CentOS
- 由于SELinux开启造成的Apache 2 Test Page powered by CentOS
- apache 提示You don't have permission to access /test.php on this server.
- 在浏览器中输入localhost不能打开apache下www文件夹中的文件 提示You don't have permission to access /test.php on this ...
- apache 提示You don't have permission to access /test.php on this server.怎样解决
- 解决网站跳转到Apache 2 Test Page powered by CentOS
- apache 提示You don't have permission to access /test.php on this server.怎样解决
- 网站跳转到Apache 2 Test Page powered by CentOS
- Maven Build时提示:Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.12.4:test
- 如何找到Apache HTTP服务器默认Test Page位置?
- apache 提示You don't have permission to access /test.php on this server.解决
- wdcp 打开网页显示 Apache 2 Test Page powered by CentOS
- wdcp 打开网页显示 Apache 2 Test Page powered by CentOS
- 安装xampp后,出现“Apache 2 Test Page powered by CentOS“
- 如何找到Apache HTTP服务器默认Test Page位置?
- Apache 2 Test Page powered by CentOS 问题解决
- maven打包报错:Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.5:test
- ubuntu下 apache 80端口错误提示的几种情况
- apache index.html 翻译( Ubuntu Default Page)
- Install Apache, Php, Mysql, Symfony on Fedora