Hey all,
I have a simple php app working that writes some info to a text file. The app will only work correctly if SELinux is disabled. If it's enabled and try to use the app, it fails. It seems that SELinux is denying the app ability to write to the text file.
So I tried running the following command:
chcon -R -t httpd_sys_content_t /var/www
And tried veriying the command with the following:
ls -RZ /var/www
And everything seems to be in order. For example I see:
-rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0 vieworders.php
But the app stil won't function correctly unless SELinux is set to off. What can I do to get it work with it enabled?
Thanks Tim
Have you tried changing the folder where it's writing into with these lables? httpd_sys_content_rw_t or httpd_user_content_rw_t
On Thu, Jan 22, 2015 at 11:09 AM, Tim Dunphy bluethundr@gmail.com wrote:
Hey all,
I have a simple php app working that writes some info to a text file. The app will only work correctly if SELinux is disabled. If it's enabled and try to use the app, it fails. It seems that SELinux is denying the app ability to write to the text file.
So I tried running the following command:
chcon -R -t httpd_sys_content_t /var/www
And tried veriying the command with the following:
ls -RZ /var/www
And everything seems to be in order. For example I see:
-rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0 vieworders.php
But the app stil won't function correctly unless SELinux is set to off. What can I do to get it work with it enabled?
Thanks Tim -- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hey Jeremy,
Have you tried changing the folder where it's writing into with these lables? httpd_sys_content_rw_t or httpd_user_content_rw_t
Adding 'rw' to the command did the trick. I tried httpd_sys_content_rw_t and that works fine! Thanks for the tip!
Tim
On Thu, Jan 22, 2015 at 1:19 PM, Jeremy Hoel jthoel@gmail.com wrote:
Have you tried changing the folder where it's writing into with these lables? httpd_sys_content_rw_t or httpd_user_content_rw_t
On Thu, Jan 22, 2015 at 11:09 AM, Tim Dunphy bluethundr@gmail.com wrote:
Hey all,
I have a simple php app working that writes some info to a text file.
The
app will only work correctly if SELinux is disabled. If it's enabled and try to use the app, it fails. It seems that SELinux is denying the app ability to write to the text file.
So I tried running the following command:
chcon -R -t httpd_sys_content_t /var/www
And tried veriying the command with the following:
ls -RZ /var/www
And everything seems to be in order. For example I see:
-rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0 vieworders.php
But the app stil won't function correctly unless SELinux is set to off. What can I do to get it work with it enabled?
Thanks Tim -- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
The easiest answer is to edit the Selinux config file. By default it is set to enforce, which really locks it down.
cd /etc/selinux
edit the config file and change SELUNIX=enforcing to SELUNIX=permissive
Save the file and restart httpd, you should be fine..
john plemons
On 1/22/2015 1:36 PM, Tim Dunphy wrote:
Hey Jeremy,
Have you tried changing the folder where it's writing into with these lables? httpd_sys_content_rw_t or httpd_user_content_rw_t
Adding 'rw' to the command did the trick. I tried httpd_sys_content_rw_t and that works fine! Thanks for the tip!
Tim
On Thu, Jan 22, 2015 at 1:19 PM, Jeremy Hoel jthoel@gmail.com wrote:
Have you tried changing the folder where it's writing into with these lables? httpd_sys_content_rw_t or httpd_user_content_rw_t
On Thu, Jan 22, 2015 at 11:09 AM, Tim Dunphy bluethundr@gmail.com wrote:
Hey all,
I have a simple php app working that writes some info to a text file.
The
app will only work correctly if SELinux is disabled. If it's enabled and try to use the app, it fails. It seems that SELinux is denying the app ability to write to the text file.
So I tried running the following command:
chcon -R -t httpd_sys_content_t /var/www
And tried veriying the command with the following:
ls -RZ /var/www
And everything seems to be in order. For example I see:
-rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0 vieworders.php
But the app stil won't function correctly unless SELinux is set to off. What can I do to get it work with it enabled?
Thanks Tim -- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
The easiest answer is to edit the Selinux config file. By default it is set to enforce, which really locks it down. cd /etc/selinux edit the config file and change SELUNIX=enforcing to SELUNIX=permissive Save the file and restart httpd, you should be fine..
Yeah dude, exactly. Except I actually do want to start using it. I've been disabling SELINUX forever because I wasn't familiar with using it. I've decided to change my tune on that this year and get more familiar with hit. I've always recognized it to be a good thing. Even if I didn't really have a clue about it.
Thanks for the suggestion anyway!
Tim
On Thu, Jan 22, 2015 at 2:47 PM, John Plemons john@mavin.com wrote:
The easiest answer is to edit the Selinux config file. By default it is set to enforce, which really locks it down.
cd /etc/selinux
edit the config file and change SELUNIX=enforcing to SELUNIX=permissive
Save the file and restart httpd, you should be fine..
john plemons
On 1/22/2015 1:36 PM, Tim Dunphy wrote:
Hey Jeremy,
Have you tried changing the folder where it's writing into with these
lables? httpd_sys_content_rw_t or httpd_user_content_rw_t
Adding 'rw' to the command did the trick. I tried httpd_sys_content_rw_t and that works fine! Thanks for the tip!
Tim
On Thu, Jan 22, 2015 at 1:19 PM, Jeremy Hoel jthoel@gmail.com wrote:
Have you tried changing the folder where it's writing into with these
lables? httpd_sys_content_rw_t or httpd_user_content_rw_t
On Thu, Jan 22, 2015 at 11:09 AM, Tim Dunphy bluethundr@gmail.com wrote:
Hey all,
I have a simple php app working that writes some info to a text file.
The
app will only work correctly if SELinux is disabled. If it's enabled and try to use the app, it fails. It seems that SELinux is denying the app ability to write to the text file.
So I tried running the following command:
chcon -R -t httpd_sys_content_t /var/www
And tried veriying the command with the following:
ls -RZ /var/www
And everything seems to be in order. For example I see:
-rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0 vieworders.php
But the app stil won't function correctly unless SELinux is set to off. What can I do to get it work with it enabled?
Thanks Tim -- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Exactly, SELinux is great. Its a good room to have when you can get it working and it's another good layer of protection. Its better to learn to use the tool then just turn it off.
Not every label has a rw option but it never hurts to try. :-) On Jan 22, 2015 1:18 PM, "Tim Dunphy" bluethundr@gmail.com wrote:
The easiest answer is to edit the Selinux config file. By default it is set to enforce, which really locks it down. cd /etc/selinux edit the config file and change SELUNIX=enforcing to SELUNIX=permissive Save the file and restart httpd, you should be fine..
Yeah dude, exactly. Except I actually do want to start using it. I've been disabling SELINUX forever because I wasn't familiar with using it. I've decided to change my tune on that this year and get more familiar with hit. I've always recognized it to be a good thing. Even if I didn't really have a clue about it.
Thanks for the suggestion anyway!
Tim
On Thu, Jan 22, 2015 at 2:47 PM, John Plemons john@mavin.com wrote:
The easiest answer is to edit the Selinux config file. By default it is set to enforce, which really locks it down.
cd /etc/selinux
edit the config file and change SELUNIX=enforcing to SELUNIX=permissive
Save the file and restart httpd, you should be fine..
john plemons
On 1/22/2015 1:36 PM, Tim Dunphy wrote:
Hey Jeremy,
Have you tried changing the folder where it's writing into with these
lables? httpd_sys_content_rw_t or httpd_user_content_rw_t
Adding 'rw' to the command did the trick. I tried
httpd_sys_content_rw_t
and that works fine! Thanks for the tip!
Tim
On Thu, Jan 22, 2015 at 1:19 PM, Jeremy Hoel jthoel@gmail.com wrote:
Have you tried changing the folder where it's writing into with these
lables? httpd_sys_content_rw_t or httpd_user_content_rw_t
On Thu, Jan 22, 2015 at 11:09 AM, Tim Dunphy bluethundr@gmail.com wrote:
Hey all,
I have a simple php app working that writes some info to a text
file.
The
app will only work correctly if SELinux is disabled. If it's enabled
and
try to use the app, it fails. It seems that SELinux is denying the app ability to write to the text file.
So I tried running the following command:
chcon -R -t httpd_sys_content_t /var/www
And tried veriying the command with the following:
ls -RZ /var/www
And everything seems to be in order. For example I see:
-rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0 vieworders.php
But the app stil won't function correctly unless SELinux is set to
off.
What can I do to get it work with it enabled?
Thanks Tim -- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Exactly, SELinux is great. Its a good room to have when you can get it working and it's another good layer of protection. Its better to learn to use the tool then just turn it off. Not every label has a rw option but it never hurts to try. :-)
yeah man thanks. I really think it was lazy adminning on my part to chose not to use it. I want to correct that! Unfortunately taht was a dirty habit I picked up by working in some small shops that always turned it off. I'm going to start using it and gain some familiarity with it!
Thanks
On Thu, Jan 22, 2015 at 3:22 PM, Jeremy Hoel jthoel@gmail.com wrote:
Exactly, SELinux is great. Its a good room to have when you can get it working and it's another good layer of protection. Its better to learn to use the tool then just turn it off.
Not every label has a rw option but it never hurts to try. :-) On Jan 22, 2015 1:18 PM, "Tim Dunphy" bluethundr@gmail.com wrote:
The easiest answer is to edit the Selinux config file. By default it is set to enforce, which really locks it down. cd /etc/selinux edit the config file and change SELUNIX=enforcing to SELUNIX=permissive Save the file and restart httpd, you should be fine..
Yeah dude, exactly. Except I actually do want to start using it. I've
been
disabling SELINUX forever because I wasn't familiar with using it. I've decided to change my tune on that this year and get more familiar with
hit.
I've always recognized it to be a good thing. Even if I didn't really
have
a clue about it.
Thanks for the suggestion anyway!
Tim
On Thu, Jan 22, 2015 at 2:47 PM, John Plemons john@mavin.com wrote:
The easiest answer is to edit the Selinux config file. By default it is set to enforce, which really locks it down.
cd /etc/selinux
edit the config file and change SELUNIX=enforcing to SELUNIX=permissive
Save the file and restart httpd, you should be fine..
john plemons
On 1/22/2015 1:36 PM, Tim Dunphy wrote:
Hey Jeremy,
Have you tried changing the folder where it's writing into with these
lables? httpd_sys_content_rw_t or httpd_user_content_rw_t
Adding 'rw' to the command did the trick. I tried
httpd_sys_content_rw_t
and that works fine! Thanks for the tip!
Tim
On Thu, Jan 22, 2015 at 1:19 PM, Jeremy Hoel jthoel@gmail.com
wrote:
Have you tried changing the folder where it's writing into with these
lables? httpd_sys_content_rw_t or httpd_user_content_rw_t
On Thu, Jan 22, 2015 at 11:09 AM, Tim Dunphy bluethundr@gmail.com wrote:
Hey all,
I have a simple php app working that writes some info to a text
file.
The
app will only work correctly if SELinux is disabled. If it's enabled
and
try to use the app, it fails. It seems that SELinux is denying the
app
ability to write to the text file.
So I tried running the following command:
chcon -R -t httpd_sys_content_t /var/www
And tried veriying the command with the following:
ls -RZ /var/www
And everything seems to be in order. For example I see:
-rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0 vieworders.php
But the app stil won't function correctly unless SELinux is set to
off.
What can I do to get it work with it enabled?
Thanks Tim -- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Jeremy Hoel -
John Plemons -
Tim Dunphy