Re: [CentOS] find out who accessed a file

On Sat, Jan 24, 2015 at 12:32:01PM -0600, Valeri Galtsev wrote:

One other thing I would try: disable selinux, and see if that lets apache read file, e.g.:

setenforce 0

Setting SELinux to permissive temporarily is a good start, although it's also helpful to check the audit logs, with:

ausearch -m avc -ts today

...to see if SELinux prevented access today. It's quite likely SELinux preventing access, particularly if you're using PHP to read a file that's not in one of the standard WWW paths that the web server is allowed to access. SELinux prevents the web server from reading, writing or executing files outside of a fairly select few locations.