SELinux preventing Apache from writing to a file

centos redhat apache-2.4 selinux centos7
19,963

Solution 1

For files you want Apache to be able to write to, the type must be set to httpd_sys_rw_content_t.

Solution 2

As already stated, you should instruct SELINUX to allow writing to that file. The right thing to do is to mark /var/www/webapp/k/site/ as of type httpd_sys_rw_content_t

To permanently mark that directory as httpd_sys_rw_content_t, you can use the command semanage fcontext -a -t httpd_sys_rw_content_t /var/www/webapp/k/site(/.*)?; restorecon -RF /var/www/webapp/k/site/ This will survive SELINUX binary policy updates and filesystem relabeling.

Solution 3

This will change the permissions:

chcon --type httpd_sys_rw_content_t /var/www/webapp/k/site/k.log
Share:
19,963
Clodoaldo
Author by

Clodoaldo

Updated on September 18, 2022

Comments

  • Clodoaldo
    Clodoaldo almost 2 years

    SELinux is preventing the apache user from writing to a log file which it owns. When I do setenforce 0 it works. Otherwise it shows this error

    IOError: [Errno 13] Permission denied: '/var/www/webapp/k/site/k.log'

    The security context of the file:

    $ ll -Z k.log 
-rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0 k.log

    The file was created when the SELinux mode was set to permissive.

    How to set the security context so the apache user can write in that directory? I did set that directory security context using chcon but I can't find a suitable file type.

    From audit.log:

    type=AVC msg=audit(1409945481.163:1561): avc:  denied  { append } for  pid=16862 comm="httpd" name="k.log" dev="dm-1" ino=201614333 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file
type=SYSCALL msg=audit(1409945481.163:1561): arch=c000003e syscall=2 success=no exit=-13 a0=7fa8080847a0 a1=441 a2=1b6 a3=3 items=0 ppid=15256 pid=16862 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
  • Derrick Miller
    Derrick Miller over 5 years
    I get this error: -bash: syntax error near unexpected token `('
  • Michael Hampton
    Michael Hampton over 5 years
    You probably need to escape the parentheses from the shell.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

CentOS 7 httpd modules missing
Centos 7 and OpenVPN: how make them friends?
LDAP user authentication on CentOS 7: Permission denied
How to Disable Selinux Only for Apache on Centos 7.4
apache server not listening on port 80
Using systemd for Apache environment variables or SetEnv?
Wait for systemd oneshot service to finish
SELinux reset root password
PostgreSQL - FATAL: Ident authentication failed for user
Failed to open stream on file_put_contents in PHP on CentOS 7