Pale Musings

Thoughts from a mind twisted by tech and sports

How to allow WordPress to upload images on an SELinux enabled server

I recently had to put up a blog running the WordPress system. There are a lot of things I like about WordPress and in general the difficulty in getting the site up and running was low.

The problem came about when an image was needed on the site. The software gave me the infamous “Is its parent directory writable by the server” message. After confirming the permissions where correct I began to dig deeper. It turned out that SELinux was causing an access denied message.

After much research on the matter, I learned a few things. First, most people simply turn off (example, example, example) SELinux. That was not an option for me. I want the extra contextual security provided. Second, it was not a WordPress problem, or even an SELinux problem. In reality, it’s simply a configuration setting put in place to make unauthorized uploads less likely.

It turns out that the security policy will only allow the httpd service to upload to the /tmp directory. Examination of that directory shows that the context includes tmp_t. That is the ticket that got things working for me. Here’s my solution to this issue:

  1. Change directory to the wp-content directory of the WordPress software.
  2. Made the uploads folder manually.
    mkdir uploads
  3. Changed the owner of uploads to the appropriate user that apache runs as (as root).
    chown httpuser:httpuser uploads
  4. Changed permissions to allow the apache user to write to the directory (as root).
    chmod 755 uploads
  5. Changed the SE context of the directory to allow httpd to upload file (as root).
    chcon -t tmp_t uploads

That did it. Not terribly difficult, but there is not a lot of concise documentation to be found when looking for this problem. It is very possible that there is a better way to accomplish these results, and if you know that it is please let me know! I can say that my configuration is working today and, at least so far, everything seems to be working fine and as secure as it can be.

The final output of ls -Z for the uploads directory should look something like this:

drwxr-xr-x httpd httpd root:object_r:tmp_t uploads

Cheers.

January 24, 2008 Posted by palehorse | Blogging, Linux, Operating Systems | 3 Comments

Blood Bowl coming to the XBox 360!

If you hung around the gaming crowd in the mid 80′s – 90′s, you’ve probably heard of, seen or played Blood Bowl.  The concept from Games Workshop is a game based on American football crossed with the Warhammer universe, in other words, a brutal contest on the gird iron between Orcs, Elves, Skaven, Humans and more.  Rules, well, who needs them!  Injuries and fatalities are common.

Now a French publisher, Focus Home Interactive, is bringing the game from Cyanide Studios to the XBox 360.  One description from one of the game developers was “One team kicks the ball, then all hell breaks loose.”  Man it sounds like fun!

It sounds like there will be online play including league play.  It will have the traditional turn-based mechanic, but they will include a real-time mode for those that really want it.  The game is being slated for Q4 2008 so there is  awhile to wait, but I must admit this one sounds like a lot of fun!.

To check out some early screen shots and read a bit more, check out the GameSpot page. You can also listen to an interview with Cyanide Studios in the middle of Episode #129 of Gamertag Radio.

January 24, 2008 Posted by palehorse | Games | Leave a Comment