SELinux Security Context on /var/www/html

This section provides a tutorial example on how to change the SELinux security context type on sub directories inside /var/www/html to allow new files to be created by PHP scripts running on the Apache Web server on CentOS systems.

The root cause of the "Apache PHP file_put_contents() Permission Denied" problem presented in the previous tutorial is actually the SELinux security context setting on the /var/www/html directory.

We can fix it with a temporary solution by changing the SELinux security context type as shown in this tutorial.

1. Compare the SELinux security context of /var/www/html/test with /tmp. I see that their security users, groups, and types are different.

herong$ ls -la --context /var/www/html/test
drwxrwxrwx. 2 herong root unconfined_u:object_r:httpd_sys_content_t:s0 .

herong$ ls -la --context /tmp
drwxrwxrwt. 15 root root system_u:object_r:tmp_t:s0 .

2. Change the SELinux security context type on /var/www/html/test to match /tmp, where my PHP Web script can create files.

herong$ cd /var/www
herong$ sudo chcon -t tmp_t test

herong$ ls -la --context test
drwxrwxrwx. 2 herong root   unconfined_u:object_r:tmp_t:s0 .

3. Re-run the test script on the Apache server. I see that the new file created in /var/www/html/test.

herong$ curl localhost/test/test_file_put_contents.php
<html><body><pre>
Output from whoami:
apache

Output from getcwd():
/var/www/html/test

test file_put_contents(./tmp-cwd.tmp):
-rw-r--r--. 1 apache apache 26 Apr  1 02:29 ./tmp-cwd.tmp

test file_put_contents(/tmp/tmp-tmp.tmp):
-rw-r--r--. 1 apache apache 27 Apr  1 02:29 /tmp/tmp-tmp.tmp
</pre></body></html>

Cool. I have a temporary solution to create new files inside the /var/www/html directory from my PHP scripts running on Apache Webserver with the "PHP-FPM" module.

Table of Contents

 About This Book

 Introduction to Linux Systems

 Process Management

 Files and Directories

 Running Apache Web Server (httpd) on Linux Systems

Running PHP Scripts on Linux Systems

 Install and Manage PHP Packages on CentOS

 "php -i" - Dump PHP Environment Information

 Install and Manage PHP Modules on CentOS

 Files Used in PHP "include" Statements

 Publish PHP Scripts on Apache Web Server

 Dump PHP/Apache Environment Information

 Change PHP Configuration Settings

 Apache PHP file_put_contents() Permission Denied

SELinux Security Context on /var/www/html

 Migrate Old Scripts to New PHP Release

 Running MySQL Database Server on Linux Systems

 Running Python Scripts on Linux Systems

 Conda - Environment and Package Manager

 GCC - C/C++ Compiler

 Graphics Environments on Linux

 Tools and Utilities

 References

 Full Version in PDF/EPUB