::cck::42::/cck::
::introtext::

Fixing the original problem

So we want to serve our files at /var/www/html and enable writing to log files and file uploads as well? Let’s play nice with SELinux.

First, copy the files as usual to /var/www/html, then set the proper ownership and permissions.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Ownership
sudo chown apache:apache -R /var/www/html
cd /var/www/html
 
# File permissions, recursive
find . -type f -exec chmod 0644 {} \;
 
# Dir permissions, recursive
find . -type d -exec chmod 0755 {} \;
 
# SELinux serve files off Apache, resursive
sudo chcon -t httpd_sys_content_t /var/www/html -R
 
# Allow write only to specific dirs
sudo chcon -t httpd_sys_rw_content_t /var/www/html/logs -R
sudo chcon -t httpd_sys_rw_content_t /var/www/html/uploads -R

httpd_sys_content_t – for allowing Apache to serve these contents and httpd_sys_rw_content_t – for allowing Apache to write to those path.

You may use the 'sestatus' command to view the current SELinux status:

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

The 'setenforce' command may be used to switch between Enforcing and Permissive modes on the fly but note that these changes do not persist through a system reboot.

To make changes persistent through a system reboot, edit the 'SELINUX=' line in  /etc/selinux/config  for either 'enforcing', 'permissive', or 'disabled'. For example: 'SELINUX=permissive'

::/introtext::
::fulltext::::/fulltext:: ::cck::42::/cck::