SELinux Security Context on /var/www/html

Provides a tutorial example on how to change the SELinux security context type on sub directories inside /var/www/html to allow new files to be created by PHP scripts running on the Apache Web server on CentOS systems.

The root cause of the "Apache PHP file_put_contents() Permission Denied" problem presented in the previous tutorial is actually the SELinux security context setting on the /var/www/html directory.

We can fix it with a temporary solution by changing the SELinux security context type as shown in this tutorial.

1. Compare the SELinux security context of /var/www/html/test with /tmp. I see that their security users, groups, and types are different.

herong$ ls -la --context /var/www/html/test
drwxrwxrwx. 2 herong root unconfined_u:object_r:httpd_sys_content_t:s0 .

herong$ ls -la --context /tmp
drwxrwxrwt. 15 root root system_u:object_r:tmp_t:s0 .

2. Change the SELinux security context type on /var/www/html/test to match /tmp, where my PHP Web script can create files.

herong$ cd /var/www
herong$ sudo chcon -t tmp_t test

herong$ ls -la --context test
drwxrwxrwx. 2 herong root   unconfined_u:object_r:tmp_t:s0 .

3. Re-run the test script on the Apache server. I see that the new file created in /var/www/html/test.

herong$ curl localhost/test/test_file_put_contents.php
<html><body><pre>
Output from whoami:
apache

Output from getcwd():
/var/www/html/test

test file_put_contents(./tmp-cwd.tmp):
-rw-r--r--. 1 apache apache 26 Apr  1 02:29 ./tmp-cwd.tmp

test file_put_contents(/tmp/tmp-tmp.tmp):
-rw-r--r--. 1 apache apache 27 Apr  1 02:29 /tmp/tmp-tmp.tmp
</pre></body></html>

Cool. I have a temporary solution to create new files inside the /var/www/html directory from my PHP scripts running on Apache Webserver with the "PHP-FPM" module.

Table of Contents

 About This Book

 Introduction to Linux Systems

 Cockpit - Web Portal for Administrator

 Process Management

 Files and Directories

 Users and Groups

 File Systems

 Block Devices and Partitions

 LVM (Logical Volume Manager)

 Installing CentOS

 SELinux - Security-Enhanced Linux

 Network Connection on CentOS

 Software Package Manager on CentOS - DNF and YUM

 Running Apache Web Server (httpd) on Linux Systems

Running PHP Scripts on Linux Systems

 Install and Manage PHP Packages on CentOS

 "php -i" - Dump PHP Environment Information

 Install and Manage PHP Modules on CentOS

 Files Used in PHP "include" Statements

 Publish PHP Scripts on Apache Web Server

 Dump PHP/Apache Environment Information

 Change PHP Configuration Settings

 Apache PHP file_put_contents() Permission Denied

SELinux Security Context on /var/www/html

 Migrate Old Scripts to New PHP Release

 Running MySQL Database Server on Linux Systems

 Running Python Scripts on Linux Systems

 vsftpd - Very Secure FTP Daemon

 Postfix - Mail Transport Agent (MTA)

 Dovecot - IMAP and POP3 Server

 Email Client Tools - Mail User Agents (MUA)

 LDAP (Lightweight Directory Access Protocol)

 GCC - C/C++ Compiler

 Graphics Environments on Linux

 Conda - Environment and Package Manager

 Tools and Utilities

 Administrative Tasks

 References

 Full Version in PDF/EPUB