The Fedora Core 3 Linux distribution includes a very powerful new security feature called SELinux. In my (very) limited understanding, SELinux overlays another set of policies and permissions over the basic UNIX-style security to produce a far more secure product. However, it can also trip up the unsuspecting. At last night’s LAMP class, we got caught. Installing Virtual Hosts as we had with Fedora Core 2 threw permission errors, despite everything we could think of. As it was a beginner class, we just settled for placing the virtual hosts under the standard DocumentRoot at /var/www/html and continuing on with our exercise, with a promise that we’d investigate and explain to the students what went wrong at the next class.
The Fedora web site provides guidance at “Understanding and Customizing the Apache HTTP SELinux Policy.” I was also pleased to see that a WebMin module is under development to simplify SElinux management at http://www.selinux.hitachi-sk.co.jp/en/tool/selpe/selpe-top.html
UPDATED: Indeed, it was the SELinux that was causing the problem. Turning that off (requiring one of the very rare reboots in the Linux world) and fixing a problem with rights (the parent home directory needs x permissions for searching, as pointed out in the Apache FAQ) solved the problem. We’ll be able to present the solution to the class, along with a little side-talk on how to figure these things out, at the next class.