[CentOS] find out who accessed a file

Sun Jan 25 02:23:06 UTC 2015
Jonathan Billings <billings at negate.org>

On Sat, Jan 24, 2015 at 12:32:01PM -0600, Valeri Galtsev wrote:
> One other thing I would try: disable selinux, and see if that lets
> apache read file, e.g.: 
> setenforce 0

Setting SELinux to permissive temporarily is a good start, although
it's also helpful to check the audit logs, with:

ausearch -m avc -ts today

...to see if SELinux prevented access today.  It's quite likely
SELinux preventing access, particularly if you're using PHP to read a
file that's not in one of the standard WWW paths that the web server
is allowed to access.  SELinux prevents the web server from reading,
writing or executing files outside of a fairly select few locations.

Jonathan Billings <billings at negate.org>