1

i'm facing the next error in a centos 7 server

apache issue

I take a look to similar questions saying that is because SELinux doesn't allow to httpd to write in my /home folder, i've tried changing the owner of the folder without success; try changing the context (chcon) to httpd_sys_rw_content_t of my /home with the same error; try disabling SELinux and the error persists; and in the file httpd.conf change the User and Group from apache to test this didn't work either. My server is:

LSB Version:    :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description:    CentOS Linux release 7.4.1708 (Core) 
Release:        7.4.1708
Codename:       Core

and

Linux localhost 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

When I execute move_uploaded_file() from php -a as user test it works normally, i see that the issue is with the user apache

ccmorataya
  • 69
  • 2
  • 9
  • 1
    What are the permissions on /home/test and on /home ? – jawbonewalk Mar 23 '18 at 22:04
  • Did you try chown -R test:apache /home/test and then giving 750 permission on /home/test? – jawbonewalk Mar 23 '18 at 22:07
  • hi @jawbonewalk, thanks for the comment I've tried to `chown -R test:apache /home/test` and give the `750` permission to the folder `/home/test` but I see the same error. The permissions to my `/home/test` are **700** and for `/home` **755** – ccmorataya Mar 26 '18 at 14:31
  • Did you change /etc/httpd/conf/httpd.conf to point to your folder ? – jawbonewalk Mar 26 '18 at 14:49
  • yes I add my folder in my httpd.conf, but I finally find a solution and it's about the owner of the folder `/home/test/images/` and the upper folder `/home/test`, for both the owner must be apache and the group too, thanks for the guidance @jawbonewalk – ccmorataya Mar 26 '18 at 16:46

1 Answers1

9

TLDR:

Do not run setenforce 0 command, this will disable SELinux! You should not disable SELinux for security reasons.

The solution:

You should update policy to make SELinux allow read and write on specific directories:

To allow apcahe to read and write.

chcon -R -t httpd_sys_rw_content_t /path/your_writabl_dir

For read only directories:

chcon -R -t httpd_sys_content_t /path/yourdir

For example you can make your public (document root) directory read only and only allow write on directories that you allow you app to write on: 

# Make all read only
chcon -R -t httpd_sys_content_t /var/www/myapp

# Only allow write on uploads dir for example
chcon -R -t httpd_sys_rw_content_t /var/www/myapp/public/uploads
Mohamed Elbahja
  • 609
  • 1
  • 8
  • 9
  • Solution worked for me, but it minimizes the security. If we can have anything, better than that. – Shams Jun 05 '20 at 07:44