::introtext::
Fixing the original problem
So we want to serve our files at /var/www/html and enable writing to log files and file uploads as well? Let’s play nice with SELinux.
First, copy the files as usual to /var/www/html, then set the proper ownership and permissions.
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
# Ownershipsudo chown apache:apache -R /var/www/htmlcd /var/www/html# File permissions, recursivefind . -type f -exec chmod 0644 {} \;# Dir permissions, recursivefind . -type d -exec chmod 0755 {} \;# SELinux serve files off Apache, resursivesudo chcon -t httpd_sys_content_t /var/www/html -R# Allow write only to specific dirssudo chcon -t httpd_sys_rw_content_t /var/www/html/logs -Rsudo chcon -t httpd_sys_rw_content_t /var/www/html/uploads -R |
httpd_sys_content_t – for allowing Apache to serve these contents and httpd_sys_rw_content_t – for allowing Apache to write to those path.
You may use the 'sestatus' command to view the current SELinux status:
# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: targeted
The 'setenforce' command may be used to switch between Enforcing and Permissive modes on the fly but note that these changes do not persist through a system reboot.
To make changes persistent through a system reboot, edit the 'SELINUX=' line in /etc/selinux/config for either 'enforcing', 'permissive', or 'disabled'. For example: 'SELINUX=permissive'
::/introtext::::fulltext::::/fulltext:: ::cck::42::/cck::