Join Log in
Score:0
avatar Server

Centos7 Httpd cannot access mounted cifs directory

cn flag
leonardorame

In a Centos 7 server I have a directory mounted with autofs in /mnt/cifs-shares/cone_files. I can read those files without issues.

The directory /mnt/cifs-shares/cone_files is owned by apache:apache and has drwxr-xr-x. permissions.

Now, I created a symlink to that directory in /var/www/html/ and would like to allow accessing those files. To do that I created this config in /etc/httpd/conf/httpd.conf:

<Directory "/var/www/html/cone_files">
    AllowOverride None
    Options +Indexes +FollowSymLinks +MultiViews -SymLinksIfOwnerMatch
    Require all granted
</Directory>

Then restarted the apache server.

Now when I try to curl -v "http://127.0.0.1/cone_files/" I get this:

* About to connect() to 127.0.0.1 port 80 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /cone_files/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 127.0.0.1
> Accept: */*
> 
< HTTP/1.1 403 Forbidden
< Date: Wed, 23 Feb 2022 16:31:26 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
< Content-Length: 213
< Content-Type: text/html; charset=iso-8859-1
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /cone_files/
on this server.</p>
</body></html>
* Connection #0 to host 127.0.0.1 left intact

In /var/log/httpd/error_log I have:

[Wed Feb 23 13:31:26.143733 2022] [core:error] [pid 13996] (13)Permission denied: [client 127.0.0.1:46828] AH00035: access to /cone_files/index.ht
ml denied (filesystem path '/var/www/html/cone_files/index.html') because search permissions are missing on a component of the path
[Wed Feb 23 13:31:26.147968 2022] [negotiation:error] [pid 13996] (13)Permission denied: [client 127.0.0.1:46828] AH00686: cannot read directory f
or multi: /var/www/html/cone_files/

In /var/log/audit/audit.log I have:

type=AVC msg=audit(1645630142.836:569): avc:  denied  { getattr } for  pid=12049 comm="httpd" path="/mnt/cifs-shares/cone_files/557471.13.rar" dev="cifs" ino=56107640 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:cifs_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1645630142.836:569): arch=c000003e syscall=6 success=no exit=-13 a0=555bea69c700 a1=7fff8037a4b0 a2=7fff8037a4b0 a3=ffffff00 items=0 ppid=12031 pid=12049 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)

Can anyone help me with this?.

31
0 + 0
Score:0
avatar Server
cn flag
leonardorame

I'm not sure this is the more secure solution, but as this server (a virtual machine in fact) just exposes these files I solved my issue by executing this command:

semanage permissive -a httpd_t
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.