问题
Running apache on centos 6.4 and my web server can't see any files unless the root user creates or copies them.
ps aux | grep apache shows that apache is running as apache user, not root.
I tried chown apache:apache on the files.
I even set chmod 777 on the files.
-rwxrwxrwx. 1 apache apache 2300 May 15 17:46 example.php
I still get an http 500 error, what else could be wrong?
also even if I chown the file to root:root, it will not work, I need to actually cp file.php file.php as root before it will work. I don't get it!
chcon -t httpd_sys_content_t example.php gets me there! - thanks Chris.
Does this mean I need to change my FTP user's Security Context settings so they can upload files like this or do I need to change a rule in SELinux to allow a wider range of files to execute?
回答1:
SELinux might here be a problem.
Please do ls -lZ example.php
To rule out SELinux you can:
getenforce
then
setenforce 0
And try accessing this file again...
That will temporarily put SELinux in permissive mode. You might have to change a context of the file! Let us know how it goes and we will take it from there.
Update:
As expected, SELinux was stopping apache from accessing that file. If you trust this file, you can change it's context:
chcon -v --type=httpd_sys_content_t example.php
If there is more than one file, you could use -R flag, so:
chcon -vR --type=httpd_sys_content_t /html/
As you have noticed, with ls you have -Z flag to show SELlinux context. You can try using this flag with other programs like ps for example.
To troubleshoot SELinux problems I recommend sealert - part of setroubleshoot-server.
How did I know that you are most likely using SELinux? Your filesystem is labeled.
How did i know that your fs is labeled? -rwxrwxrwx**.** - dot at the end of permissions tells that fs is labeled.
Don't forget to change the permissions! You really don't want 777... Hope that helps.
回答2:
If you have enabled suphp then files with 777 permissions will not work fine and give 500 error, change the permissions 644.
Also check error log for the same if you are still facing same issue.
Why are you trying 'cp file.php file.php' with same name, to copy use other name as below or copy to another location where file.php not exists.
cp file.php file.php-bak
or
cp file.php another-dir/file.php
来源:https://stackoverflow.com/questions/16577055/how-come-my-apache-can-only-access-root-owned-files