[Typo3-linux] Access denied!

[Dimitri Tarassenko]

> > Second, check if SELinux has anything to do with it - you may want to
> > check your Apache error log as well as /var/log/messages, they might
> > give you a clue.
>
> I think SuSE logs Apache messages into /var/log/httpd.

True, however SELinux audit messages go to /var/log/messages, I was
thinking about them.

> BTW, I wonder why you ask everybody if he uses SELinux? I really have no
> clue about it but I think that someone who uses this system is aware that
> he is running it. I don't think that these people would need help to set up
> their Apache... :-)

Well, out of my personal experience this may not be as obvious as you
would think. SELinux is now installed by default both on RHEL/CentOS
and Fedoras. What it does is that in addition to regular Unix
permission scheme (owner-group-everybody / rwxt) it adds the concept
of "file context". Context defines what a particular _process_ can do
with the files, no matter who's the file owner and what user/grp the
process runs as. It adds "Z" option to your ls, as well as chcon for
files (in addition to chmod, chown and chgrp).

So, for example, if you take stock Fedora and place Typo3 core
anywhere outside /var/www, even if you assign all permissions
correctly you are stuck with "access denied" messages in
/var/log/httpd/error_log. It took me a couple of hours until I
accidentally (for other reasons) looked in /var/log/messages that had
SELinux "deny" messages.

--
Dimitri Tarassenko