SELinux Security Context on /var/www/html

Linux Apps Tutorials - Herong's Tutorial Examples

∟SELinux Security Context on /var/www/html

This section provides a tutorial example on how to change the SELinux security context type on sub directories inside /var/www/html to allow new files to be created by PHP scripts running on the Apache HTTP Server on CentOS systems.

The root cause of the "Apache PHP file_put_contents() Permission Denied" problem presented in the previous tutorial is actually the SELinux security context setting on the /var/www/html directory.

We can fix it with a temporary solution by changing the SELinux security context type as shown in this tutorial.

1. Compare the SELinux security context of /var/www/html/test with /tmp. I see that their security users, groups, and types are different.

herong$ ls -la --context /var/www/html/test
drwxrwxrwx. 2 herong root unconfined_u:object_r:httpd_sys_content_t:s0 .

herong$ ls -la --context /tmp
drwxrwxrwt. 15 root root system_u:object_r:tmp_t:s0 .

2. Change the SELinux security context type on /var/www/html/test to match /tmp, where my PHP Web script can create files.

herong$ cd /var/www
herong$ sudo chcon -t tmp_t test

herong$ ls -la --context test
drwxrwxrwx. 2 herong root   unconfined_u:object_r:tmp_t:s0 .

3. Re-run the test script on the Apache server. I see that the new file created in /var/www/html/test.

herong$ curl localhost/test/test_file_put_contents.php
<html><body><pre>
Output from whoami:
apache

Output from getcwd():
/var/www/html/test

test file_put_contents(./tmp-cwd.tmp):
-rw-r--r--. 1 apache apache 26 Apr  1 02:29 ./tmp-cwd.tmp

test file_put_contents(/tmp/tmp-tmp.tmp):
-rw-r--r--. 1 apache apache 27 Apr  1 02:29 /tmp/tmp-tmp.tmp
</pre></body></html>

Cool. I have a temporary solution to create new files inside the /var/www/html directory from my PHP scripts running on Apache Webserver with the "PHP-FPM" module.