fix apache totp selinux block

VM_OPENSSL_APACHE.sh

@@ -43,11 +43,9 @@ systemctl daemon-reload
 # serviço !!!
 systemctl enable --now httpd
 
-# acho ?????
+# mover totp para pasta do apache (SELinux bloqueia /home)
-sudo chgrp apache /etc/shadow
+sudo mkdir -p /etc/httpd/totp
-sudo chmod o+x /home/john
+sudo cp /home/john/.google_authenticator /etc/httpd/totp/john 2>/dev/null || true
-sudo chown apache /home/john/.google_authenticator
+sudo cp /home/user/.google_authenticator /etc/httpd/totp/user 2>/dev/null || true
-sudo chmod 400 /home/john/.google_authenticator
+sudo chown -R apache:apache /etc/httpd/totp
-sudo chmod o+x /home/user
+sudo chmod 400 /etc/httpd/totp/*
-sudo chown apache /home/user/.google_authenticator
-sudo chmod 400 /home/user/.google_authenticator

conf/httpd-totp

@@ -1,3 +1,3 @@
-auth    required    pam_google_authenticator.so forward_pass secret=/home/${USER}/.google_authenticator user=apache
+auth    required    pam_google_authenticator.so forward_pass secret=/etc/httpd/totp/${USER} user=apache
 auth    required    pam_unix.so use_first_pass
 account required    pam_unix.so