About HTTP server and SELinux permission settings

Source: Internet
Author: User

PHP is sometimes used to do web development, but most of the time is not pure web development, so sometimes there is a need: remote modification of the server through HTTP arbitrary files.

Later through the SIP server FreePBX and Fusionpbx clear one thing, that is, only need to set the relevant directory for the same user group can achieve my purpose. It is true that, for example, Apache runs with Apahce:apache permissions, so the problem is solved only if you modify all the permissions of the file, that is, any file you want to modify via HTTP to Apache:apache. This way you can create files in their directory, arbitrarily modify the file, can not execute arbitrary files have not been tested.

But then I installed a CentOS system with Apache+php+mysql installed on it, then modified the user group of the relevant files, and also set up the Apache runtime combination user owner, but in addition to the Web directory files can do any operation, For other directories under the permissions of the files are modified, depressed for a whole day. Checking all the Apache configuration files, all feel fine, but where is the problem?

Finally inadvertently found that Linux has selinux such a thing, it is to ensure that HTTP-based server security is born. Therefore, as long as the prohibition of selinux, the problem can be solved. The method to disable SELinux for CentOS is as follows:

1. View SELinux Status
View the verbose status of SELinux, if enabled
#/usr/sbin/sestatus-v
View the SELinux mode
# Getenforce
2. Turn off SELinux
2.1: Permanent shutdown (this will take effect after restarting the server)
# sed-i ' s/selinux=enforcing/selinux=disabled/'/etc/selinux/config
2.2: Temporary shutdown (effective immediately, but failed after restarting the server)
# Setenforce 0 #设置selinux为permissive模式 (i.e. off)
# setenforce 1 #设置selinux为enforcing模式 (Open)
This turns off SELinux, and you can consider shutting down SELinux and installing the software when you encounter problems with the installation

About HTTP server and SELinux permission settings

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.