Doku WIKI安裝
- Doku wiki 是一套免用資料庫的 wiki 套件,他需要的程式語言為 PHP 安裝、使用、備份都很方便。底下案例以 Doku wiki 的安裝在 student 的個人網頁目錄內為範例說明,此範例是在 SELinux 打開的狀況下安裝,過程中會遇到 SELinux 的問題並且排除該問題。
# 請上官方網站抓下最新的檔案,必且放到該目錄底下,請確定已經設定好個人的網頁目錄了。
[student@demo public_html]$ pwd
/home/student/public_html
[student@demo public_html]$ wget http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2012-01-25b.tgz
[student@demo public_html]$ tar zxvf dokuwiki-2012-01-25b
[student@demo public_html]$ mv dokuwiki-2012-01-25b wiki
[student@demo public_html]$ chmod 777 wiki/conf/
# 觀看 /var/log/messages 有產生 selinux 警告
root@demo public_html]# tail /var/log/messages
....略....
Aug 26 16:03:47 demo setroubleshoot: SELinux is preventing /usr/sbin/httpd "add_name"
access on page.idx. For complete SELinux messages.
run sealert -l a5821478-152b-46bb-892d-633ca202b0f8
# 觀看訊息內容
[root@demo public_html]# sealert -l 21c6b959-1cae-4f30-814e-0ecab713f86f
Summary:
SELinux is preventing /usr/sbin/httpd "write" access on conf.
Detailed Description:
[SELinux is in permissive mode. This access was not denied.]
SELinux denied access requested by httpd. It is not expected that this access is
required by httpd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.
Additional Information:
Source Context unconfined_u:system_r:httpd_t:s0
Target Context unconfined_u:object_r:user_home_t:s0
Target Objects conf [ dir ]
Source httpd
Source Path /usr/sbin/httpd
Port
Host demo.example.com
Source RPM Packages httpd-2.2.15-5.el6
Target RPM Packages
Policy RPM selinux-policy-3.7.19-54.el6
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Plugin Name catchall
Host Name demo.example.com
Platform Linux demo.example.com 2.6.32-71.el6.x86_64 #1 SMP
Wed Sep 1 01:33:01 EDT 2010 x86_64 x86_64
Alert Count 3
First Seen Sun Aug 26 15:59:59 2012
Last Seen Sun Aug 26 16:02:32 2012
Local ID 21c6b959-1cae-4f30-814e-0ecab713f86f
Line Numbers
Raw Audit Messages
node=demo.example.com type=AVC msg=audit(1345968152.291:113): avc:
denied { write } for pid=2472 comm="httpd" name="conf" dev=dm-2 ino=2778 scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir
node=demo.example.com type=SYSCALL msg=audit(1345968152.291:113): arch=c000003e
syscall=21 success=yes exit=0 a0=7ff4e47fa080 a1=2 a2=0 a3=7ff4e46343e0 items=0
ppid=2466 pid=2472 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 tty=(none) ses=1 comm="httpd" exe="/usr/sbin/httpd"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
# 提示沒有明確建議,直接用下列方式修正將檔案設定為 httpd_sys_content_t 的type屬性,再試試看。
[root@demo ~]# chcon --reference=/var/www/html /home/student/public_html/ -R
[student@demo public_html]$ pwd
/home/student/public_html
[student@demo public_html]$ chmod 777 wiki/conf/
[student@demo public_html]$ chmod 777 wiki/data/
[student@demo public_html]$ chmod 777 wiki/data/pages/
[student@demo public_html]$ chmod 777 wiki/data/attic/
[student@demo public_html]$ chmod 777 wiki/data/media
[student@demo public_html]$ chmod 777 wiki/data/media_attic
[student@demo public_html]$ chmod 777 wiki/data/media_meta
[student@demo public_html]$ chmod 777 wiki/data/meta
[student@demo public_html]$ chmod 777 wiki/data/cache
[student@demo public_html]$ chmod 777 wiki/data/locks
[student@demo public_html]$ chmod 777 wiki/data/index
[student@demo public_html]$ chmod 777 wiki/data/tmp
- reload 網頁,發現所有問題已經排除,繼續下一頁安裝。
[student@demo wiki]$ rm install.php
沒有留言:
張貼留言