Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Access denied-permission issue
#1
Hi
My Ubuntu10.04 crashed (taking down my localhost GetSimple site) & I have installed Fedora 14 now but I cannot yet get GetSimple on localhost due to:
Forbidden

You don't have permission to access /GetSimple/index.php on this server.

I tried to change folder permissions in beesu nautilus but that hasn't worked. I still do not fully understand Linux permissions & chown/chmod but am trying to learn it.
Could someone please explain simply & clearly how I fix this?
(It would be good to put some info on this in the install/read me docs if possible).
Many thanks
Reply
#2
I still cannot access GetSimple in localhost server.
I tried chmod 755 data as instructed.
I also get SELinux error message:
>>>>>>>
Summary:

SELinux prevented httpd (/usr/sbin/httpd) setattr access to
/var/www/html/GetSimple/data.

Detailed Description:

SELinux prevented httpd setattr access to /var/www/html/GetSimple/data. httpd
scripts are not allowed to write to content without explicit labeling of all
files. If /var/www/html/GetSimple/data is writable content. it needs to be
labelled httpd_sys_rw_content_t or if all you need is append you can label it
httpd_sys_ra_content_t. Please refer to 'man httpd_selinux' for more information
on setting up httpd and selinux.

Allowing Access:

You can alter the file context by executing chcon -R -t httpd_sys_rw_content_t
'/var/www/html/GetSimple/data' You must also change the default file context
files on the system in order to preserve them even on a full relabel. "semanage
fcontext -a -t httpd_sys_rw_content_t '/var/www/html/GetSimple/data'"

Fix Command:

chcon -R -t httpd_sys_rw_content_t '/var/www/html/GetSimple/data'

Additional Information:

Source Context system_uConfusedystem_r:httpd_tConfused0
Target Context unconfined_u:object_r:httpd_sys_content_tConfused0
Target Objects /var/www/html/GetSimple/data [ dir ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host Chris-PC
Source RPM Packages httpd-2.2.17-1.fc14
Target RPM Packages
Policy RPM selinux-policy-3.9.7-31.fc14
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name httpd_write_content
Host Name Chris-PC
Platform Linux Chris-PC 2.6.35.6-45.fc14.i686 #1 SMP Mon
Oct 18 23:56:17 UTC 2010 i686 i686
Alert Count 189
First Seen Thu 03 Mar 2011 22:06:52 GMT
Last Seen Fri 04 Mar 2011 08:52:58 GMT
Local ID 1112dc6c-81d4-4166-ad7c-a53fbc45aaa4
Line Numbers

Raw Audit Messages

node=Chris-PC type=AVC msg=audit(1299228778.423:292): avc: denied { setattr } for pid=1555 comm="httpd" name="data" dev=dm-0 ino=1054326 scontext=system_uConfusedystem_r:httpd_tConfused0 tcontext=unconfined_u:object_r:httpd_sys_content_tConfused0 tclass=dir

node=Chris-PC type=SYSCALL msg=audit(1299228778.423:292): arch=40000003 syscall=15 success=no exit=-13 a0=2c118a4 a1=1ff a2=51652e8 a3=2c0b78c items=0 ppid=1536 pid=1555 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_uConfusedystem_r:httpd_tConfused0 key=(null)

<<<<<<<<<<<

I ran the fix command chcon -R -t httpd_sys_rw_content_t '/var/www/html/GetSimple/data'
but still cannot get to install for GetSimple.

Help greatly appreciated to fix this-grateful for helpful reply if there is anyone in the forum?!
Many thanks
Reply
#3
I still cannot access GetSimple in my Fedora LAMPP localhostserver.
I thought it was due to SELinux but I no longer think that is the problem
(see http://forums.fedoraforum.org/showthread.php?t=259774)

I have tried a new install of GetSimple at var/www/html/GetSimple but still I only get a white/blank browser
http://localhost/GetSimple/admin/install.php
and cannot complete the install.

I think all file/folder permissions are correctly set but I may be wrong as otherwise I cannot think what else is the cause of this problem.

(I did have GetSimple running on localhostserver LAMPP in Ubuntu-then Ubuntu crashed & I have installed Fedora14 now).

Is there anyone here who can please try & help? I have had no reply to my post thread here.
I am most grateful for help-thanks
Reply
#4
Did you check who's the owner of unpacked files ?
Change file owner firstly. You may have to set 777 permissions on config files.

Anyway, do a manual install, create necessary directories, and just rename .htacess temp file + rewritebase path.
Afaik there was a more accurate manual installation description.
Addons: blue business theme, Online Visitors, Notepad
Reply
#5
Hi yojoe
Thanks for your reply.
I am the owner of all GS folders/files.
How do you do a manual install?
(different to the instructions given for install on the website?-
those do not work for me!).
I tried just renaming temp.htaccess (to .htaccess) & temp.gsconfig.php (to gsconfig.php)
but still no change.
I am in need of some more help -please anyone?
Thanks
Reply
#6
richardpd Wrote:I tried just renaming temp.htaccess (to .htaccess) & temp.gsconfig.php (to gsconfig.php)
if you had to rename these file manually (ie. It wasnt done by the installation script) then you have file permission issues.

The manual install is probably what you did - there isn't a thing as an "automatic" install
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#7
Ok
Thanks for replying ccagle8

I think I may have found the cause of this. (In Fedora 14)
Most folders have SELinux Context Read from all httpd scripts and the daemon (from folder properties>permissions)
except for data folder that has SELinux Context httpd_sys_rw_content_t

I thought I had fixed the SELinux issue but now I think not.
Do you know how I can fix this?
I tried this command (but it hasn't worked & I don't really understand it!):
[Richard@Chris-PC ~]$ sudo chcon -R -t httpd_sys_rw_content_t '/var/www/html/GetSimple/data'

I will try & Google for an answer (& possibly repost on Fedora forum). In the meantime if you know how to help I am grateful for more assistance. I do want to get GetSimple working on my LAMPP localhostserver-thanks
Reply
#8
Hey

I just had the same problem. The issue was that the .htaccess permissions weren't ok (or that the webserver doesn't own the files). Anyway, fix it by typing "chmod 644 .htaccess".

HTH, Cheers
Reply
#9
Hi metter
Thanks for your reply.
I still haven't fixed this (it is starting to drive me nuts now!).

I am confused about your command-which .htaccess file (or is it a directory) does this apply to?
In GetSimple folder there is only a temp.htaccess file.
Can you clarify this please (please give example terminal command if possible)?

(I tried it on temp.htaccess but no change!).

I am very grateful for further help-plleeeezzzz!

I look forward to helpful replies., many thanks
Reply
#10
rename temp.htaccess to .htaccess. Then make sure that file is chmod'd to 644.
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#11
Thanks for the reply-I tried this (chmod 644 .htaccess) but it still does not work!
What is the cause of this?
It must be a permissions issue!

I did have GetSimple working in localhost server with Ubuntu10.04 but now in Fedora14 GetSimple will not install for me.

Please can someone help me install this?

Currently at http://localhost/GetSimple/ I have:
***
Forbidden

You don't have permission to access /GetSimple/ on this server.
Apache/2.2.17 (Fedora) Server at localhost
***

Can someone tell me whether I need root permission or user permission & for what files/directories & what the SELinux context should be set to (using the GUI from files>properties preferably over terminal-but I will try terminal commands too!)? I am now confused about this.

Looking forward to more help to fix this-thanks
Reply
#12
I still cannot get this to work.

Here is SELinux error:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
SELinux is preventing /usr/sbin/httpd from setattr access on the directory /var/www/html/GetSimple/data.

***** Plugin restorecon (48.3 confidence) suggests *************************

If you want to fix the label.
/var/www/html/GetSimple/data default label should be httpd_sys_rw_content_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /var/www/html/GetSimple/data

***** Plugin httpd_write_content (48.3 confidence) suggests ****************

If you want to allow httpd to have setattr access on the data directory
Then you need to change the label on '/var/www/html/GetSimple/data'
Do
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/GetSimple/data'
# restorecon -v '/var/www/html/GetSimple/data'

***** Plugin catchall_boolean (4.32 confidence) suggests *******************

If you want to unify HTTPD handling of all content files.
Then you must tell SELinux about this by enabling the 'httpd_unified' boolean.
Do
setsebool -P httpd_unified 1

***** Plugin catchall (0.97 confidence) suggests ***************************

If you believe that httpd should be allowed setattr access on the data directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context system_uConfusedystem_r:httpd_tConfused0
Target Context unconfined_u:object_r:httpd_sys_content_tConfused0
Target Objects /var/www/html/GetSimple/data [ dir ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host Chris-PC
Source RPM Packages httpd-2.2.17-1.fc14
Target RPM Packages
Policy RPM selinux-policy-3.9.7-31.fc14
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name Chris-PC
Platform Linux Chris-PC 2.6.35.11-83.fc14.i686 #1 SMP Mon
Feb 7 07:04:18 UTC 2011 i686 i686
Alert Count 60
First Seen Sat 12 Mar 2011 11:52:26 GMT
Last Seen Sat 12 Mar 2011 12:18:17 GMT
Local ID ed7388ca-d817-43af-822d-f3b8bea35e8f

Raw Audit Messages
type=AVC msg=audit(1299932297.367:215): avc: denied { setattr } for pid=1558 comm="httpd" name="data" dev=dm-0 ino=804916 scontext=system_uConfusedystem_r:httpd_tConfused0 tcontext=unconfined_u:object_r:httpd_sys_content_tConfused0 tclass=dir


type=SYSCALL msg=audit(1299932297.367:215): arch=i386 syscall=chmod success=no exit=EACCES a0=1b58f5c a1=1ff a2=134f2e8 a3=1b52e44 items=0 ppid=1545 pid=1558 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_uConfusedystem_r:httpd_tConfused0 key=(null)

Hash: httpd,httpd_t,httpd_sys_content_t,dir,setattr

audit2allow

#============= httpd_t ==============
#!!!! This avc can be allowed using the boolean 'httpd_unified'

allow httpd_t httpd_sys_content_t:dir setattr;

audit2allow -R

#============= httpd_t ==============
#!!!! This avc can be allowed using the boolean 'httpd_unified'

allow httpd_t httpd_sys_content_t:dir setattr;
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

When I apply the fix
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/GetSimple/data'
# restorecon -v '/var/www/html/GetSimple/data'

I just get the same error message! ie:
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<,

SELinux is preventing /usr/sbin/httpd from setattr access on the directory /var/www/html/GetSimple/data.

***** Plugin restorecon (48.3 confidence) suggests *************************

If you want to fix the label.
/var/www/html/GetSimple/data default label should be httpd_sys_rw_content_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /var/www/html/GetSimple/data

***** Plugin httpd_write_content (48.3 confidence) suggests ****************

If you want to allow httpd to have setattr access on the data directory
Then you need to change the label on '/var/www/html/GetSimple/data'
Do
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/GetSimple/data'
# restorecon -v '/var/www/html/GetSimple/data'

***** Plugin catchall_boolean (4.32 confidence) suggests *******************

If you want to unify HTTPD handling of all content files.
Then you must tell SELinux about this by enabling the 'httpd_unified' boolean.
Do
setsebool -P httpd_unified 1

***** Plugin catchall (0.97 confidence) suggests ***************************

If you believe that httpd should be allowed setattr access on the data directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context system_uConfusedystem_r:httpd_tConfused0
Target Context unconfined_u:object_r:httpd_sys_content_tConfused0
Target Objects /var/www/html/GetSimple/data [ dir ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host Chris-PC
Source RPM Packages httpd-2.2.17-1.fc14
Target RPM Packages
Policy RPM selinux-policy-3.9.7-31.fc14
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name Chris-PC
Platform Linux Chris-PC 2.6.35.11-83.fc14.i686 #1 SMP Mon
Feb 7 07:04:18 UTC 2011 i686 i686
Alert Count 60
First Seen Sat 12 Mar 2011 11:52:26 GMT
Last Seen Sat 12 Mar 2011 12:18:17 GMT
Local ID ed7388ca-d817-43af-822d-f3b8bea35e8f

Raw Audit Messages
type=AVC msg=audit(1299932297.367:215): avc: denied { setattr } for pid=1558 comm="httpd" name="data" dev=dm-0 ino=804916 scontext=system_uConfusedystem_r:httpd_tConfused0 tcontext=unconfined_u:object_r:httpd_sys_content_tConfused0 tclass=dir


type=SYSCALL msg=audit(1299932297.367:215): arch=i386 syscall=chmod success=no exit=EACCES a0=1b58f5c a1=1ff a2=134f2e8 a3=1b52e44 items=0 ppid=1545 pid=1558 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_uConfusedystem_r:httpd_tConfused0 key=(null)

Hash: httpd,httpd_t,httpd_sys_content_t,dir,setattr

audit2allow

#============= httpd_t ==============
#!!!! This avc can be allowed using the boolean 'httpd_unified'

allow httpd_t httpd_sys_content_t:dir setattr;

audit2allow -R

#============= httpd_t ==============
#!!!! This avc can be allowed using the boolean 'httpd_unified'

allow httpd_t httpd_sys_content_t:dir setattr;

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


PLEASE can someone help me fix this?

NB
Link to my post on Fedora Forum about this:
http://forums.fedoraforum.org/showthread.php?t=259774
Reply
#13
Can someone please help me get GetSimple going in my LAMPP localhostserver in Fedora14 (along with SELinux)?
I am still stuck and would still like help to fix this....

As always I look forward to helpful replies & I remain hopeful to fix this long running problem/saga one day (however long this runs for-& it has been running a very long time already!).
Reply
#14
I have no idea what sort of LAMPP are you using (I'd suggest XAMPP if you haven't already try it), but why don't you try to install manually Apache and php ?
Default values should be enough. Maybe changing the directory structure to /home/user (if it's not a default option) should do.

But to be honest giving a support for linux OS is something I'll never step into. Too many distros, too many settings to have on mind, and so on.
Addons: blue business theme, Online Visitors, Notepad
Reply
#15
I am working on a computer dualbooting Vista & Fedora 14. I cannot yet get GetSimple working on Fedora Lampp stack.
Previously I was using Vista/Ubuntu10.04 & my Ubuntu10.04 Lampp setup GetSimple easily. Fedora 14 has SELinux which I am not fully familiar with & I cannot make GetSimple accessible in my lampp localhostserver.
I tried to add GetSimple to my Xampp localhostserver with Vista & it lacked cURL module. I now have to figure out how to add cURL module.
Is that covered anywhere in the setup instruction? (I cannot remember seeing it).

Hopefully I can get GetSimple going in my localhostservers (Lampp for Fedora & Xampp for Vista) soon....
Reply
#16
richardpd Wrote:I tried to add GetSimple to my Xampp localhostserver with Vista & it lacked cURL module. I now have to figure out how to add cURL module.
Is that covered anywhere in the setup instruction? (I cannot remember seeing it).

The cURL module is only needed for the version check of GetSimple - you don't really need it. But if you want to try anyway - http://www.php.net/manual/en/curl.setup.php.
I18N, I18N Search, I18N Gallery, I18N Special Pages - essential plugins for multi-language sites.
Reply
#17
I have a new computer since last weekend!
It runs Windows 7 & I have successfully setup GetSimple (latest v3.0) on it in IIS7 localhostserver
(http://localhost/GetSimple/).
I was sooooo pleased this installed given my problems on my old dualbooting Vista/Fedora 14 computer.
At last I can use GetSimple & if anyone needs help with Win7 & IIS7 set up I could help (it is fairly easy to setup & as you can tell from my posts I am not an expert in php/asp/server stuff etc!).
I may sometime later revisit my old computer & try & fix GetSimple on Fedora14 (but this is no longer a priority now. I am surprised though noone here could help me fix it on F14-anyway!).

(Thanks for the post re cURL & Vista-I have not tried to do this as I am now fine with Windows 7).

I run WebMatrix also on Windows 7 & may sometime look at using GetSimple with WebMatrix-just to find out if it would work (I don't need it as it works fine via IIS7 but I like to check things out!).
WebMatrix looks quite interesting! ("Microsoft has recently introduced the first beta of its new stack for building great web sites – WebMatrix. One of the key components of WebMatrix is the ASP.Net Web Pages “Razor” Syntax (or simply: CSHTML) that lets you write C# code inside the HTML markup.")

Once I have got my content on my blog/GS localhost sorted I will probably look into designing some GetSimple templates. On my old site I needed to try & fix the navigation on the theme when there were lots of page links.....

Best wishes
Reply
#18
Richard,

for sure this are two really different worlds, WIN7 and Fedora

I never checked Win7 IIS7, always stick to a local webserver with Apache (WAMP), so this would be interesting for me to test... don't know exactly if IID7 is available in my WIN7 (who understands all those different licenses??)

It's good that it works for you

Connie
|--

Das deutschsprachige GetSimple-(Unter-)Forum:   http://get-simple.info/forums/forumdisplay.php?fid=18
Reply




Users browsing this thread: 1 Guest(s)