search by tags

for the user

adventures into the land of the command line

apache permission denied error due to SELinux

so you’re getting a “permission denied” error from Apache for a webpage. you checked the file/directory permissions (the whole directory path, not just the file) and everything in the httpd.conf file. everything seemed right.. what could it be? SELinux may be blocking you.

$ vim /var/log/httpd/error_log

you may see a line like this

[Wed Apr 13 15:50:35 2011] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0

SELinux’s modes are

$ setenforce 1 - Enforcing Mode
$ setenforce 0 - Permissive Mode
$ getenforce   - Mode Status

to fix, either change the mode on the command line

$ setsebool -P httpd_read_user_content 1
$ grep httpd /var/log/audit/audit.log | audit2allow -M mypol
$ semodule -i mypol.pp
$ apachectl restart

or in the SELinux config file, change the mode from enforcing to permissive

$ sudo vim /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection. SELINUXTYPE=targeted

$ sudo init 6