CentOS7 3.10.0-957.el7.x86_64
----------------------------------------------------------------------------------------------------------------
# yum -y install httpd
# rpm -qa | grep httpd
httpd-tools-2.4.6-89.el7.centos.1.x86_64
httpd-2.4.6-89.el7.centos.1.x86_64
# systemctl start httpd.service
# systemctl enable httpd.service
# systemctl status httpd.service
# ls /etc/httpd
conf conf.d conf.modules.d logs modules run
# firewall-cmd --add-service=http --permanent
success
# firewall-cmd --reload
success
# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: ssh dhcpv6-client http
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
http://192.168.1.9/
----------------------------------以上即可看到 Testing 123...
# ls -a /
...
drwxr-xr-x. 2 root root 6 4月 11 2018 opt
...
# mkdir /opt/docs
# echo Hello Alias > /opt/docs/index.html
# ls -l /opt
drwxr-xr-x. 2 root root 24 8月 19 22:45 docs
# ls -l /opt/docs
-rw-r--r--. 1 root root 12 8月 19 22:45 index.html
# vi /etc/httpd/conf/httpd.conf
...
Alias /kk1web /opt/docs
<Directory /opt/docs>
Require all granted
</Directory>
...
http://192.168.1.9/kk1web/
設定虛擬目錄 Alias-------在--/home---------------------------------------------
# vi /var/www/html/1.html
This is in /var/www/html ...
http://192.168.1.9/1.html
# mkdir /home/myweb
# vi /home/myweb/1.html
This is ONE ...
# vi /etc/httpd/conf/httpd.conf
...
Alias /web01 /home/myweb
<Directory "/home/myweb">
Require all granted
</Directory>
Alias /web01 /home/myweb
<Directory "/home/myweb">
Require all granted
</Directory>
# systemctl restart httpd.service
http://192.168.1.9/web01/1.html
403 ForbiddenYou don't have permission to access /web01/1.html on this server.
# tail -1 /var/log/httpd/error_log
[Tue Aug 20 22:14:20.091625 2019] [core:error] [pid 7541] (13)Permission denied: [client 192.168.1.104:56320] AH00035: access to /web01/1.html denied (filesystem path '/home/myweb/1.html') because search permissions are missing on a component of the path
# ls -Z /var/www
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
# ls -Z /var/www/html
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 1.html
# ls -Z /
drwxr-xr-x. root root system_u:object_r:usr_t:s0 opt
# ls -Z /home
drwxr-xr-x. root root unconfined_u:object_r:home_root_t:s0 myweb
# ls -Z /home/myweb
-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 1.html
# chcon -t httpd_sys_content_t /home/myweb
# ls -Z /home
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 myweb
# vi /home/myweb/2.html
This is TWO in /home/myweb ...
# ls -Z /home/myweb
-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 1.html
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 2.htm l
http://192.168.1.9/web01/2.html --OK
http://192.168.1.9/web01/1.html --Not OK
**結論**
先以 chcon 變更目錄的 SELinux 的安全性本文 Security Context 及標記 Label
再產生網頁。
使用者家目錄 -------在--/home/*/public_html---------------------------------------------
# vi /etc/httpd/conf.d/userdir.conf
<IfModule mod_userdir.c>
...
# UserDir disabled
...
UserDir public_html
</IfModule>
...
<Directory "/home/*/public_html">
# AllowOverride FileInfo AuthConfig Limit Indexes
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# Require method GET POST OPTIONS
Require all granted
</Directory>
# systemctl restart httpd.service
---------------------------- 新增其他使用者,套用以下即可 ----------------------------
# useradd kk1
# passwd kk1 //123456
# mkdir /home/kk1/public_html
# ls -Z /home
drwx------. kk1 kk1 unconfined_u:object_r:user_home_dir_t:s0 kk1
# chmod 711 /home/kk1
# ls -Z /home/kk1
drwxr-xr-x. root root unconfined_u:object_r:httpd_user_content_t:s0 public_html
# chcon -R -t httpd_sys_content_t /home/kk1/public_html
-------------------------------------------------------
# getsebool -a | grep httpd
# setsebool -P httpd_enable_homedirs on
-------------------------------------------------------可以不用
# vi /home/kk1/public_html/index.html
This page is in /home/kk1/public_html ...
http://192.168.1.9/~kk1/
沒有留言:
張貼留言