FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-18-2008, 09:45 PM
"Herta Van den Eynde"
 
Default Forbidden: You don't have permission to access/phpMyAdmin/ on this server.

2008/6/18 Mike Hanby <mhanby@uab.edu>:
> Maybe this has already been suggested, but is the output identical for
> the old and new directories using the following command:
>
> ls -ldZ /var/www/html/{phpMyAdmin,pma}
>
> The Z will show the SELinux security attributes.

You found it, Mike!
Joshua previously suggested SELinux might have something to do with
it, but being new to it, I didn't know what to do with that info.

# ls -ldZ /var/www/html/{phpMyAdmin,pma}
drwxr-xr-x phpmy apache user_ubject_r:httpd_sys_content_t
/var/www/html/phpMyAdmin
drwxr-xr-x phpmy apache user_ubject_r:user_home_t /var/www/html/pma

I'll need to read up on what this means exactly. I originally
untarred the phpMyAdmin in my non-priv'ed home directory - which must
be the "user_home_t" reference - and then moved it over to its current
location.

I meanwhile switched to permissive mode. If SELinux is this tricky,
I'll have to find time to study it before enabling it again.

Thanks to all for thinking along.

Kind regards,

Herta

--
"Life on Earth may be expensive,
but it comes with a free ride around the Sun."
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-19-2008, 04:30 AM
"Filipe Brandenburger"
 
Default Forbidden: You don't have permission to access/phpMyAdmin/ on this server.

On Wed, Jun 18, 2008 at 5:45 PM, Herta Van den Eynde
<herta.vandeneynde@gmail.com> wrote:
> Joshua previously suggested SELinux might have something to do with
> it, but being new to it, I didn't know what to do with that info.
>
> I'll need to read up on what this means exactly. I originally
> untarred the phpMyAdmin in my non-priv'ed home directory - which must
> be the "user_home_t" reference - and then moved it over to its current
> location.
>
> I meanwhile switched to permissive mode. If SELinux is this tricky,
> I'll have to find time to study it before enabling it again.

Why don't you install it from an RPM?

Dag/rpmforge has an RPM for 2.11.5:
http://dag.wieers.com/rpm/packages/phpmyadmin/

RPMs will usually set SELinux permissions the right way for you, so
you usually don't have to bother doing that. They also have the
advantage that it's usually easier to do upgrades to newer versions
once they're out.

You should try to keep your SELinux in enforcing mode, since that will
harden your system's security (and once it's off, it's hard to get it
on again).

With web tools that connect to databases, you will probably set some
booleans to allow them to connect to the databases. You can control
that with "setsebool", you will probably need to "setsebool -P
httpd_can_network_connect 1" or most probably "setsebool -P
httpd_can_network_connect_db 1", but try first without setting them to
see if it works, if it doesn't, try setting them and seeing if it
fixes the problem. See "man httpd_selinux" and "man setsebool" for
some of the details.

Please let us know how your experiences go, and what you needed to set
up for it to work.

HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-19-2008, 08:18 AM
"Herta Van den Eynde"
 
Default Forbidden: You don't have permission to access/phpMyAdmin/ on this server.

2008/6/19 Filipe Brandenburger <filbranden@gmail.com>:
> On Wed, Jun 18, 2008 at 5:45 PM, Herta Van den Eynde
> <herta.vandeneynde@gmail.com> wrote:
>> Joshua previously suggested SELinux might have something to do with
>> it, but being new to it, I didn't know what to do with that info.
>>
>> I'll need to read up on what this means exactly. I originally
>> untarred the phpMyAdmin in my non-priv'ed home directory - which must
>> be the "user_home_t" reference - and then moved it over to its current
>> location.
>>
>> I meanwhile switched to permissive mode. If SELinux is this tricky,
>> I'll have to find time to study it before enabling it again.
>
> Why don't you install it from an RPM?
>
> Dag/rpmforge has an RPM for 2.11.5:
> http://dag.wieers.com/rpm/packages/phpmyadmin/
>
> RPMs will usually set SELinux permissions the right way for you, so
> you usually don't have to bother doing that. They also have the
> advantage that it's usually easier to do upgrades to newer versions
> once they're out.
>
> You should try to keep your SELinux in enforcing mode, since that will
> harden your system's security (and once it's off, it's hard to get it
> on again).
>
> With web tools that connect to databases, you will probably set some
> booleans to allow them to connect to the databases. You can control
> that with "setsebool", you will probably need to "setsebool -P
> httpd_can_network_connect 1" or most probably "setsebool -P
> httpd_can_network_connect_db 1", but try first without setting them to
> see if it works, if it doesn't, try setting them and seeing if it
> fixes the problem. See "man httpd_selinux" and "man setsebool" for
> some of the details.
>
> Please let us know how your experiences go, and what you needed to set
> up for it to work.
>
> HTH,
> Filipe

That sounded like good advice, Filipe, so I gave it a try (even though
it's going to be hell to get the security team to open yet another
hole in their firewall).
It installs fine, and an initial test displays the phpmyadmin page,
which - understandably - complains about the blowfish_secret. So I
edit config.inc.php to define it, and am back to the wonderful "403
Forbidden". Only this time, even "setenforce 0" doesn't get me out of
the woods.

I'll go back to my initial install, as I really cannot afford to lose
more time over this. (Two other projects need to be finished by
tomorrow evening.) SELinux is on my list of to-be-learned.

Kind regards,

Herta
--
"Life on Earth may be expensive,
but it comes with a free ride around the Sun."
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:03 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org