SELinux permission issues when lamp is set up in centos 5.3

When we learned how to set up lamp under centos 5.3, we copied the source code of a set of PHP to/var/www/html and found the index. PHP has no permission to access the file, but you can manually add a simple PHP file to access the file normally. You can be sure that the Linux permission setting of the file directory is correct, and the httpd configuration is normal.

 

Finally, I searched on Google and found that SELinux was a problem, but SELinux has not caught my attention.

 

The problem is handled as follows (a part of a netizen article is captured ):

 

At first, I wanted to figure out why, but it gave me the feeling that permission is a problem. In the traditional way of thinking in Linux, permissions are absolutely no problem. But do SELinux have other security settings?

Check AVC message, view the/var/log/messages file, and find a section similar to the following:

Dec 24 17:54:59 hostname kernel: Audit (1098222899.827: 0): AVC :/

Denied {getattr} for PID = 19029 EXE =/usr/sbin/httpd/

Path =/var/www/html/about.html Dev = dm-0 ino = 373900/

Scontext = root: system_r: httpd_t tcontext = user_ubject_r: user_home_t/

Tclass = File

Hey, the problem is found. It is really a ghost of SELinux's new features. I set the directory or file to the user_home_t type, so the Apache process has no permissions and cannot be accessed. SELinux target policy for Apache processes specifies that Apache processes can only access directories or files of the httpd_sys_content_t type.

Solution:

Simply change the policy type of the directory or file to httpd_sys_content_t.

Use Root User

# Chcon-T httpd_sys_content_t directory name or file name

Then you can run the LS-Laz command to view the policy type of the file directory.