Centos7 Httpd无法访问挂载的cifs目录

tag-icon tag-icon centos7 apache2 selinux
Centos7 Httpd无法访问挂载的cifs目录

在 Centos 7 服务器中,我有一个挂载autofs在 中的目录/mnt/cifs-shares/cone_files。我可以毫无问题地读取这些文件。

该目录/mnt/cifs-shares/cone_files归其所有apache:apache并具有drwxr-xr-x.权限。

现在,我在中创建了指向该目录的符号链接/var/www/html/,并希望允许访问这些文件。为此,我在中创建了此配置/etc/httpd/conf/httpd.conf

<Directory "/var/www/html/cone_files">
    AllowOverride None
    Options +Indexes +FollowSymLinks +MultiViews -SymLinksIfOwnerMatch
    Require all granted
</Directory>

然后重新启动 apache 服务器。

现在当我尝试时,curl -v "http://127.0.0.1/cone_files/"我得到了这个:

* About to connect() to 127.0.0.1 port 80 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /cone_files/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 127.0.0.1
> Accept: */*
> 
< HTTP/1.1 403 Forbidden
< Date: Wed, 23 Feb 2022 16:31:26 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
< Content-Length: 213
< Content-Type: text/html; charset=iso-8859-1
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /cone_files/
on this server.</p>
</body></html>
* Connection #0 to host 127.0.0.1 left intact

/var/log/httpd/error_log有:

[Wed Feb 23 13:31:26.143733 2022] [core:error] [pid 13996] (13)Permission denied: [client 127.0.0.1:46828] AH00035: access to /cone_files/index.ht
ml denied (filesystem path '/var/www/html/cone_files/index.html') because search permissions are missing on a component of the path
[Wed Feb 23 13:31:26.147968 2022] [negotiation:error] [pid 13996] (13)Permission denied: [client 127.0.0.1:46828] AH00686: cannot read directory f
or multi: /var/www/html/cone_files/

/var/log/audit/audit.log有:

type=AVC msg=audit(1645630142.836:569): avc:  denied  { getattr } for  pid=12049 comm="httpd" path="/mnt/cifs-shares/cone_files/557471.13.rar" dev="cifs" ino=56107640 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:cifs_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1645630142.836:569): arch=c000003e syscall=6 success=no exit=-13 a0=555bea69c700 a1=7fff8037a4b0 a2=7fff8037a4b0 a3=ffffff00 items=0 ppid=12031 pid=12049 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)

谁能帮我这个?。

答案1

我不确定这是更安全的解决方案,但由于该服务器(实际上是一个虚拟机)只公开这些文件,所以我通过执行以下命令解决了我的问题:

semanage permissive -a httpd_t

相关内容