SELinux permission issues when lamp is set up in centos 5.3

Source: Internet
Author: User

When we learned how to set up lamp under centos 5.3, we copied the source code of a set of PHP to/var/www/html and found the index. PHP has no permission to access the file, but you can manually add a simple PHP file to access the file normally. You can be sure that the Linux permission setting of the file directory is correct, and the httpd configuration is normal.

 

Finally, I searched on Google and found that SELinux was a problem, but SELinux has not caught my attention.

 

The problem is handled as follows (a part of a netizen article is captured ):

 

At first, I wanted to figure out why, but it gave me the feeling that permission is a problem. In the traditional way of thinking in Linux, permissions are absolutely no problem. But do SELinux have other security settings?

Check AVC message, view the/var/log/messages file, and find a section similar to the following:

Dec 24 17:54:59 hostname kernel: Audit (1098222899.827: 0): AVC :/

Denied {getattr} for PID = 19029 EXE =/usr/sbin/httpd/

Path =/var/www/html/about.html Dev = dm-0 ino = 373900/

Scontext = root: system_r: httpd_t tcontext = user_ubject_r: user_home_t/

Tclass = File

Hey, the problem is found. It is really a ghost of SELinux's new features. I set the directory or file to the user_home_t type, so the Apache process has no permissions and cannot be accessed. SELinux target policy for Apache processes specifies that Apache processes can only access directories or files of the httpd_sys_content_t type.

Solution:

Simply change the policy type of the directory or file to httpd_sys_content_t.

Use Root User

# Chcon-T httpd_sys_content_t directory name or file name

Then you can run the LS-Laz command to view the policy type of the file directory.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.