> > > > It has something to do with /home, as it seems it is unable to write >> anywhere >> > on /home, even after changing the document root for any virtual host >> to >> > various directories on /home it still fails with the same message, >> even >> > though I'm confident the path exists and is writable. >> >> I know exactly what this is. I ran into it myself. Say hello to systemd: >> >> ProtectHome=read-only >> >> Do: >> >> systemctl edit httpd >> >> And add: >> >> [Service] >> ProtectHome=false >> >> This'll turn this whole thing off. >> > > That indeed was the fix. Thanks so much. That's crazy. > > Do you have any idea why this option isn't part of the systemd service > file on the other systems I upgraded? The document root for the other > systems uses/var/www, but they didn't have this problem, and their home > directories are also defined with this path. > > I'll work on moving the logs out of the same general tree as the document > root, but this seems like a big change. Maybe I missed it in the changelog? > > > This change is largely because it protects user home directories from > malicious httpd attacks against poorly written executable code that would > allow remote login (such as dropping a pubkey into a user’s > authorized_keys) or by altering an admin’s login environment (replacing > their .bashrc). Running web sites out of /home is still possible, they just > can’t also write to /home. >
Is it specifically /home or the application's home directory? For example, this is the home directory for my website: alex:x:1007:1007::/var/www/www.example.com:/sbin/nologin >From there, I have html/, logs/ and .ssh/ and have generally never had a problem with writing to the logs/ directory. The DocumentRoot is specified as html/.
-- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
