cancel
Showing results for 
Search instead for 
Did you mean: 
Chetan_Tiwary_
Community Manager
Community Manager
  • 1,605 Views

Red Hat Linux Interview Series 17

Q.) I have configured apache web service to serve the contents of the /home/student/public_html directory , allowing anyone with home directory permission to access its contents. However while accessing http://servera/~student/index.html  it gives http 403 forbidden error. How to resolve this ?

 

Q.) What is the utility of nsswitch.conf file ?

 

Q.) You have been provided a sar archive report - "report.data", how will you get the network statistics from this archive file ?

 

Bonus Q.) Please find the format of the network statistics :

Screenshot from 2024-10-10 01-21-37.png

How will you determine the highest number of network packets received per second for interface enp1s0, as recorded in the report.data file. 

 

Level - L2 and above.

 

I'll be posting a series of Linux-related questions covering various skill levels. Feel free to share your insights and expertise. Your contributions will benefit learners at all stages, from those in current roles to those preparing for Linux interviews.

19 Replies
Trevor
Starfighter Starfighter
Starfighter
  • 848 Views

Dang Chetan!  If you're gonna give me that level of a hint, you've
essentially given me the answer:-) 

  Labeling issue!!!

There's no rule in the SELinux policy that supports access of the 
object (target), from the subject (source).

 

Trevor "Red Hat Evangelist" Chandler
Chetan_Tiwary_
Community Manager
Community Manager
  • 791 Views

@Trevor If I say the labelling is not the issue here, how will you proceed further?

The hint is same : SELinux.

Armanator
Flight Engineer
Flight Engineer
  • 779 Views

If it's not a labeling issue and it's a 403 forbidden error I would most likely look at what permissions are set for the public_html directory. Give "others" read and execute permissions.

Chetan_Tiwary_
Community Manager
Community Manager
  • 679 Views

That access is already there as per the question and that is not the issue, then how to proceed further for troubleshooting ?
Use the hint : think around selinux .
0 Kudos
TM
Flight Engineer Flight Engineer
Flight Engineer
  • 679 Views

setsebool -P httpd_enable_homedirs=on

Chetan_Tiwary_
Community Manager
Community Manager
  • 675 Views

Great job @TM !

httpd by default is not allowed to access users home directories. If you want to allow access to users home directories you need to set the httpd_enable_homedirs boolean .

you can see getting httpd AVC denials for both search and getattr (/home/student), and  /var/log/httpd/error_log showing error like search permissions missing on path. You will still need perms 711 on the user's homedir and at least 755 on $USER/public_html but that was already there as per this hypothetical interview scenario.

0 Kudos
Trevor
Starfighter Starfighter
Starfighter
  • 638 Views

If the issue is not due to labeling, which takes the SELinux policy
out of the equation, I'm going to guess that there's a possibility 
that the directory of an NFS mounted one, in which case the SELinux
boolean that pertains to this needs to be set.  I'll go with this for now
until I can do some additional research.  This is a great challenge!!!

Trevor "Red Hat Evangelist" Chandler
Emanuel_Haine
Flight Engineer
Flight Engineer
  • 605 Views

Question 1

 

After making sure the DAC permissions are and file labeling are good, we should allow this via SELinux booleans:

 

setsebool -P httpd_enable_homedirs 1

or

semanage boolean -m --on httpd_enable_homedirs

 

I believe if you have the setroubleshoot-server package installed, it would give this hint in the journalctl output.

Chetan_Tiwary_
Community Manager
Community Manager
  • 592 Views

@Emanuel_Haine Great job!

Emanuel_Haine
Flight Engineer
Flight Engineer
  • 589 Views

Thank you, @Chetan_Tiwary_ 

Join the discussion
You must log in to join this conversation.