thr3ads.net - CentOS - [CentOS] SELinux permissions for apache [Jan 2015]

If this information is useful, please help other people find it:
Share via:

Tim Dunphy

2015-Jan-22 18:36 UTC

[CentOS] SELinux permissions for apache

Hey Jeremy,


> Have you tried changing the folder where it's writing into with these
> lables?   httpd_sys_content_rw_t or httpd_user_content_rw_t

Adding 'rw' to the command did the trick. I tried 
httpd_sys_content_rw_t and
that works fine! Thanks for the tip!

Tim

On Thu, Jan 22, 2015 at 1:19 PM, Jeremy Hoel <jthoel at gmail.com> wrote:
> Have you tried changing the folder where it's writing into with these
> lables?   httpd_sys_content_rw_t or httpd_user_content_rw_t
>
> On Thu, Jan 22, 2015 at 11:09 AM, Tim Dunphy <bluethundr at
gmail.com> wrote:
>
> > Hey all,
> >
> >  I have a simple php app working that writes some info to a text file.
> The
> > app will only work correctly if SELinux is disabled. If it's
enabled and
> > try to use the app, it fails. It seems that SELinux is denying the app
> > ability to write to the text file.
> >
> > So I tried running the following command:
> >
> > chcon -R -t httpd_sys_content_t /var/www
> >
> > And tried veriying the command with the following:
> >
> > ls -RZ /var/www
> >
> > And everything seems to be in order. For example I see:
> >
> > -rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0
> > vieworders.php
> >
> > But the app stil won't function correctly unless SELinux is set to
off.
> > What can I do to get it work with it enabled?
> >
> > Thanks
> > Tim
> > --
> > GPG me!!
> >
> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

John Plemons

2015-Jan-22 19:47 UTC

head link

[CentOS] SELinux permissions for apache

The easiest answer is to edit the Selinux config file. By default it is 
set to enforce, which really locks it down.

cd /etc/selinux

edit the config file and change SELUNIX=enforcing to SELUNIX=permissive

Save the file and restart httpd, you should be fine..

john plemons



On 1/22/2015 1:36 PM, Tim Dunphy wrote:> Hey Jeremy,
>
>
>
>> Have you tried changing the folder where it's writing into with
these
>> lables?   httpd_sys_content_rw_t or httpd_user_content_rw_t
>
> Adding 'rw' to the command did the trick. I tried 
httpd_sys_content_rw_t and
> that works fine! Thanks for the tip!
>
> Tim
>
> On Thu, Jan 22, 2015 at 1:19 PM, Jeremy Hoel <jthoel at gmail.com>
wrote:
>
>> Have you tried changing the folder where it's writing into with
these
>> lables?   httpd_sys_content_rw_t or httpd_user_content_rw_t
>>
>> On Thu, Jan 22, 2015 at 11:09 AM, Tim Dunphy <bluethundr at
gmail.com> wrote:
>>
>>> Hey all,
>>>
>>>   I have a simple php app working that writes some info to a text
file.
>> The
>>> app will only work correctly if SELinux is disabled. If it's
enabled and
>>> try to use the app, it fails. It seems that SELinux is denying the
app
>>> ability to write to the text file.
>>>
>>> So I tried running the following command:
>>>
>>> chcon -R -t httpd_sys_content_t /var/www
>>>
>>> And tried veriying the command with the following:
>>>
>>> ls -RZ /var/www
>>>
>>> And everything seems to be in order. For example I see:
>>>
>>> -rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0
>>> vieworders.php
>>>
>>> But the app stil won't function correctly unless SELinux is set
to off.
>>> What can I do to get it work with it enabled?
>>>
>>> Thanks
>>> Tim
>>> --
>>> GPG me!!
>>>
>>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>

Tim Dunphy

2015-Jan-22 20:18 UTC

head link

[CentOS] SELinux permissions for apache

>
> The easiest answer is to edit the Selinux config file. By default it is
> set to enforce, which really locks it down.
> cd /etc/selinux
> edit the config file and change SELUNIX=enforcing to SELUNIX=permissive
> Save the file and restart httpd, you should be fine..

Yeah dude, exactly. Except I actually do want to start using it. I've been
disabling SELINUX forever because I wasn't familiar with using it. I've
decided to change my tune on that this year and get more familiar with hit.
I've always recognized it to be a good thing. Even if I didn't really
have
a clue about it.

Thanks for the suggestion anyway!

Tim

On Thu, Jan 22, 2015 at 2:47 PM, John Plemons <john at mavin.com> wrote:
> The easiest answer is to edit the Selinux config file. By default it is
> set to enforce, which really locks it down.
>
> cd /etc/selinux
>
> edit the config file and change SELUNIX=enforcing to SELUNIX=permissive
>
> Save the file and restart httpd, you should be fine..
>
> john plemons
>
>
>
>
> On 1/22/2015 1:36 PM, Tim Dunphy wrote:
>
>> Hey Jeremy,
>>
>>
>>
>>  Have you tried changing the folder where it's writing into with
these
>>> lables?   httpd_sys_content_rw_t or httpd_user_content_rw_t
>>>
>>
>> Adding 'rw' to the command did the trick. I tried 
httpd_sys_content_rw_t
>> and
>> that works fine! Thanks for the tip!
>>
>> Tim
>>
>> On Thu, Jan 22, 2015 at 1:19 PM, Jeremy Hoel <jthoel at
gmail.com> wrote:
>>
>>  Have you tried changing the folder where it's writing into with
these
>>> lables?   httpd_sys_content_rw_t or httpd_user_content_rw_t
>>>
>>> On Thu, Jan 22, 2015 at 11:09 AM, Tim Dunphy <bluethundr at
gmail.com>
>>> wrote:
>>>
>>>  Hey all,
>>>>
>>>>   I have a simple php app working that writes some info to a
text file.
>>>>
>>> The
>>>
>>>> app will only work correctly if SELinux is disabled. If
it's enabled and
>>>> try to use the app, it fails. It seems that SELinux is denying
the app
>>>> ability to write to the text file.
>>>>
>>>> So I tried running the following command:
>>>>
>>>> chcon -R -t httpd_sys_content_t /var/www
>>>>
>>>> And tried veriying the command with the following:
>>>>
>>>> ls -RZ /var/www
>>>>
>>>> And everything seems to be in order. For example I see:
>>>>
>>>> -rw-r--r--. apache apache
system_u:object_r:httpd_sys_content_t:s0
>>>> vieworders.php
>>>>
>>>> But the app stil won't function correctly unless SELinux is
set to off.
>>>> What can I do to get it work with it enabled?
>>>>
>>>> Thanks
>>>> Tim
>>>> --
>>>> GPG me!!
>>>>
>>>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>>>> _______________________________________________
>>>> CentOS mailing list
>>>> CentOS at centos.org
>>>> http://lists.centos.org/mailman/listinfo/centos
>>>>
>>>>  _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>>>
>>
>>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

Reasonably Related Threads

Search for more apparently analagous threads

CentOS - Jan 2015 - SELinux permissions for apache

[CentOS] SELinux permissions for apache

[CentOS] SELinux permissions for apache

[CentOS] SELinux permissions for apache

Reasonably Related Threads