Adobe 38043740 Lockdown Guide - Page 51

-bin /usr/sbin/httpd \ -script /etc/init.d/httpd At this point you will find that with SELinux enabled Apache will fail to start because the mod_jk (the Tomcat connector module for Apache) module does not have sufficient permissions, the error may look something like this: Starting httpd: httpd: Syntax error on line 1033 of /etc/httpd/conf/httpd.conf: Syntax error on line 2 of /etc/httpd/conf/mod_jk.conf: Cannot load /opt/coldfusion10/config/wsconfig/1/mod_jk.so into server: /opt/coldfusion10/config/wsconfig/1/mod_jk.so: failed to map segment from shared object: Permission denied If you are not running SELinux you can skip any commands that begin with chcon or setsebool. First create an empty log file: touch /opt/coldfusion10/config/wsconfig/1/mod_jk.log And an empty shared memory file: touch /opt/coldfusion10/config/wsconfig/1/jk_shm Now lets apply proper file permissions to the connector directory: chown -R cfusion:webservices /opt/coldfusion10/config/wsconfig/1/ chmod -R 640 /opt/coldfusion10/config/wsconfig/1/ chmod 750 /opt/coldfusion10/config/wsconfig/1/mod_jk.so chmod 660 /opt/coldfusion10/config/wsconfig/1/mod_jk.log chmod 660 /opt/coldfusion10/config/wsconfig/1/jk_shm Next we need to apply SELinux context to the mod_jk.so module, we'll do this by referencing another apache module, we'll pick mod_rewrite.so - just make sure whatever you pick is installed: chcon --reference=/etc/httpd/modules/mod_rewrite.so /opt/coldfusion10/config/wsconfig/1/mod_jk.so 51