我刚刚在 VPS 上安装了 centos 和 virtual min(VPS 安装在 Proxmox 上)我以为我配置好了,直到我尝试访问我上传的第一个网站。它给了我一个 403 Forbidden 您无权访问此服务器上的 /。
error_log如下:
[Sun Sep 20 13:24:20.963516 2015] [mpm_prefork:notice] [pid 5042] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Sep 20 13:24:22.079077 2015] [core:notice] [pid 1178] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Sun Sep 20 13:24:22.080101 2015] [suexec:notice] [pid 1178] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Sep 20 13:24:22.110637 2015] [auth_digest:notice] [pid 1178] AH01757: generating secret for digest authentication ...
[Sun Sep 20 13:24:22.111244 2015] [lbmethod_heartbeat:notice] [pid 1178] AH02282: No slotmem from mod_heartmonitor
我尝试将文件权限更改为正确的用户,但什么也没改变。此时我不知道从哪里开始查找。
我试过
# restorecon -Rv /home/mysite/public_html/
如上所述,但它不会改变任何事情
# grep avc /var/log/audit/audit.log
最后一行结果是:
type=AVC msg=audit(1442837687.255:16918): avc: denied { signal } for pid=22714 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_suexec_t:s0 tclass=process
和
# tail -20 /var/log/audit/audit.log
type=CRED_REFR msg=audit(1442840401.448:581): pid=4324 uid=0 auid=0 ses=17 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_START msg=audit(1442840401.449:582): pid=4325 uid=0 auid=41 ses=15 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="mailman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_REFR msg=audit(1442840401.449:583): pid=4325 uid=0 auid=41 ses=15 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="mailman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_DISP msg=audit(1442840401.586:584): pid=4325 uid=0 auid=41 ses=15 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="mailman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_END msg=audit(1442840401.589:585): pid=4325 uid=0 auid=41 ses=15 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="mailman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_AUTH msg=audit(1442840401.871:586): pid=4347 uid=0 auid=0 ses=16 msg='op=PAM:authentication grantors=pam_rootok acct="postgres" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success'
type=USER_ACCT msg=audit(1442840401.871:587): pid=4347 uid=0 auid=0 ses=16 msg='op=PAM:accounting grantors=pam_succeed_if acct="postgres" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success'
type=CRED_ACQ msg=audit(1442840401.872:588): pid=4347 uid=0 auid=0 ses=16 msg='op=PAM:setcred grantors=pam_rootok acct="postgres" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success'
type=USER_START msg=audit(1442840401.873:589): pid=4347 uid=0 auid=0 ses=16 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth acct="postgres" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success'
type=USER_END msg=audit(1442840401.878:590): pid=4347 uid=0 auid=0 ses=16 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth acct="postgres" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success'
type=CRED_DISP msg=audit(1442840401.878:591): pid=4347 uid=0 auid=0 ses=16 msg='op=PAM:setcred grantors=pam_rootok acct="postgres" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success'
type=CRED_DISP msg=audit(1442840401.971:592): pid=4326 uid=0 auid=0 ses=16 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_END msg=audit(1442840401.972:593): pid=4326 uid=0 auid=0 ses=16 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_ACCT msg=audit(1442840461.975:594): pid=4357 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_localuser acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_ACQ msg=audit(1442840461.975:595): pid=4357 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=LOGIN msg=audit(1442840461.975:596): pid=4357 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=18 res=1
type=USER_START msg=audit(1442840461.978:597): pid=4357 uid=0 auid=0 ses=18 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_REFR msg=audit(1442840461.978:598): pid=4357 uid=0 auid=0 ses=18 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_DISP msg=audit(1442840462.084:599): pid=4357 uid=0 auid=0 ses=18 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_END msg=audit(1442840462.085:600): pid=4357 uid=0 auid=0 ses=18 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
解决方案(我很抱歉)非常简单:
chmod -R 755 /主页/网站/public_html/
代替
chmod -R 755 /主页/网站/public_html
答案1
检查 /var/log/audit.log 中的 SELinux 拒绝,您可能会发现您新上传的网站没有正确标记的文件上下文以允许 httpd 进程读取。
如果您不确定,可以发布命令显示的最新条目:
grep avc /var/log/audit/audit.log
您可以运行restorecon -Rv /path/to/webroot
,它可能会被重新正确标记。
此外,apache 至少需要对文件和目录具有读取权限。这将要求您拥有 user:apache 的所有权以及 640/750 的文件/目录权限,或者如果您设置为拥有这些文件的用户,则您需要分别对文件和目录拥有 644/755 的权限。