Centos7 Httpd cannot access mounted cifs directory

Question

In a Centos 7 server I have a directory mounted with autofs in /mnt/cifs-shares/cone_files. I can read those files without issues.

The directory /mnt/cifs-shares/cone_files is owned by apache:apache and has drwxr-xr-x. permissions.

Now, I created a symlink to that directory in /var/www/html/ and would like to allow accessing those files. To do that I created this config in /etc/httpd/conf/httpd.conf:

<Directory "/var/www/html/cone_files">
    AllowOverride None
    Options +Indexes +FollowSymLinks +MultiViews -SymLinksIfOwnerMatch
    Require all granted
</Directory>

Then restarted the apache server.

Now when I try to curl -v "http://127.0.0.1/cone_files/" I get this:

* About to connect() to 127.0.0.1 port 80 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /cone_files/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 127.0.0.1
> Accept: */*
> 
< HTTP/1.1 403 Forbidden
< Date: Wed, 23 Feb 2022 16:31:26 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
< Content-Length: 213
< Content-Type: text/html; charset=iso-8859-1
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /cone_files/
on this server.</p>
</body></html>
* Connection #0 to host 127.0.0.1 left intact

In /var/log/httpd/error_log I have:

[Wed Feb 23 13:31:26.143733 2022] [core:error] [pid 13996] (13)Permission denied: [client 127.0.0.1:46828] AH00035: access to /cone_files/index.ht
ml denied (filesystem path '/var/www/html/cone_files/index.html') because search permissions are missing on a component of the path
[Wed Feb 23 13:31:26.147968 2022] [negotiation:error] [pid 13996] (13)Permission denied: [client 127.0.0.1:46828] AH00686: cannot read directory f
or multi: /var/www/html/cone_files/

In /var/log/audit/audit.log I have:

type=AVC msg=audit(1645630142.836:569): avc:  denied  { getattr } for  pid=12049 comm="httpd" path="/mnt/cifs-shares/cone_files/557471.13.rar" dev="cifs" ino=56107640 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:cifs_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1645630142.836:569): arch=c000003e syscall=6 success=no exit=-13 a0=555bea69c700 a1=7fff8037a4b0 a2=7fff8037a4b0 a3=ffffff00 items=0 ppid=12031 pid=12049 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)

Can anyone help me with this?.

score 0 · Answer 1 · answered Feb 23 '22 at 17:38

0

I'm not sure this is the more secure solution, but as this server (a virtual machine in fact) just exposes these files I solved my issue by executing this command:

semanage permissive -a httpd_t

answered Feb 23 '22 at 17:38

leonardorame

327
3
14

Centos7 Httpd cannot access mounted cifs directory

1 Answers1