Are you referring to the dot highlighted in red?
That indicates that the server uses SELinux and that the file has a SELinux security context.
Most likely you are being denied by SELinux. You may DEBUG it by temporarily disabling it, issuing the following command: setenforce "Permissive"
If after that things work, please, find out what context you need to fix and enable it again with setenforce "Enforcing"
Thank you so much for your reply. I didn't know I enabled the SELinux. Now I set to permissive as you have told me. But still getting this 403 error message on Apache. Any idea.
wget 10.xx.x.xx
On the access log, I see this
I changed the whole /var/www/html to 777. Still getting this error message.
I'm really new to Unix and its commands. I tried to move a file from the home directory to another one but I didn't type the full name of the new directory. I think the computer created another directory in the home directory and put it in there. However, now I can't access it and it doesn't even... (3 Replies)
how is it possible for a directory to be empty and still have a size greater than 0 in bytes...
i made a shell script that shows info about all files/directories and this is what came up
the last one is the size, here its showing 1024
in the for loop i did something like
for h in * .*; do
... (4 Replies)
Since I'm usually on windows I've came across different shells like Cygwin, Hamilton, and MKS. I've been working in csh most of the time, so porting scripts from one shell to another can be fairly annoying and confusing.
When specifying a directory I noticed that certain shells do not recognize... (1 Reply)
Hi,
I am using Red Hat OS 5.0, is there any way that i can password protect directories. I know i can change permission so that no other user can access the content, but sometimes in my office environment i need to share vnc terminal with other people from my login itself. So i want that if user... (1 Reply)
Need help
Please help on how to write a script which can echo timestamp, size of subdirectories in a specific path from multiple Linux servers to a text file.
I can ssh with a common user to all the servers from a build box.
Basic idea what I had was:
ssh <commonuser>@<each box>
cd... (1 Reply)
OS: Oracle Enterprise Linux 6.2
Hypervisor: VMWare workstation 9
I created a VM and attached a 7gb virtual disk to it.
Using fdisk , I partioned the disk like below. The filesystems mounted on this is working fine. But I am seeing the message
Partition n does not end on cylinder boundary.... (2 Replies)
I'm new to Linux and trying to port
a c++ program from windows.
what I'm trying to do is copy a file to a directory off
the root of the drive
First off the program is located and running from
Drive:\Base\Web\Today\Program.exe
And trying to copy to:
Drive:\Base\cpics
windows... (10 Replies)
I have searched this quite a long time but couldn't find the right method for me to use. I need to assign read write permission to the user for specific directories and it's sub directories and files. I do not want to use ACL. This is for Solaris. Please help. (1 Reply)
Discussion started by: blinkingdan
1 Replies
LEARN ABOUT DEBIAN
selinux
selinux(8) SELinux Command Line documentation selinux(8)NAME
SELinux - NSA Security-Enhanced Linux (SELinux)
DESCRIPTION
NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating sys-
tem. The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including
those based on the concepts of Type Enforcement(R), Role- Based Access Control, and Multi-Level Security. Background information and tech-
nical documentation about SELinux can be found at http://www.nsa.gov/selinux.
The /etc/selinux/config configuration file controls whether SELinux is enabled or disabled, and if enabled, whether SELinux operates in
permissive mode or enforcing mode. The SELINUX variable may be set to any one of disabled, permissive, or enforcing to select one of these
options. The disabled option completely disables the SELinux kernel and application code, leaving the system running without any SELinux
protection. The permissive option enables the SELinux code, but causes it to operate in a mode where accesses that would be denied by pol-
icy are permitted but audited. The enforcing option enables the SELinux code and causes it to enforce access denials as well as auditing
them. Permissive mode may yield a different set of denials than enforcing mode, both because enforcing mode will prevent an operation from
proceeding past the first denial and because some application code will fall back to a less privileged mode of operation if denied access.
The /etc/selinux/config configuration file also controls what policy is active on the system. SELinux allows for multiple policies to be
installed on the system, but only one policy may be active at any given time. At present, two kinds of SELinux policy exist: targeted and
strict. The targeted policy is designed as a policy where most processes operate without restrictions, and only specific services are
placed into distinct security domains that are confined by the policy. For example, the user would run in a completely unconfined domain
while the named daemon or apache daemon would run in a specific domain tailored to its operation. The strict policy is designed as a pol-
icy where all processes are partitioned into fine-grained security domains and confined by policy. It is anticipated in the future that
other policies will be created (Multi-Level Security for example). You can define which policy you will run by setting the SELINUXTYPE
environment variable within /etc/selinux/config. The corresponding policy configuration for each such policy must be installed in the
/etc/selinux/SELINUXTYPE/ directories.
A given SELinux policy can be customized further based on a set of compile-time tunable options and a set of runtime policy booleans. sys-
tem-config-securitylevel allows customization of these booleans and tunables.
Many domains that are protected by SELinux also include SELinux man pages explaining how to customize their policy.
FILE LABELING
All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended
attributes of the file system. Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the
machine with a non SELinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious
problem with file system labeling.
The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this
capability. The restorcon/fixfiles commands are also available for relabeling files.
AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
SEE ALSO booleans(8), setsebool(8), selinuxenabled(1), togglesebool(8), restorecon(8), setfiles(8), ftpd_selinux(8), named_selinux(8),
rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8)FILES
/etc/selinux/config
dwalsh@redhat.com 29 Apr 2005 selinux(8)