Fixing Permission Denied on CentOS7 (SELinux)

~ Said Ketchman
Fixing Permission Denied on CentOS (SELinux)

You’ve configured your server, setup permissions properly, and still you get the frustrating error message: Permission denied in /var/www/... on line xyz. If you’re using a newer linux based OS, chances are you’ve overlooked SELinux and need to also set the proper permissions for write access to your directory and files.

If you have a WordPress, Joomla, Drupal, OpenCart, or any other CMS site and can’t update your plugins automatically, chances are you have this issue. The fix is really simple, so that’s good news!

Allowing Read/Write Access via SELinux

First thing is to check the current SELinux permissions for your website’s home directory. You’ll need to ssh into your server and then run the following command:

ls -Z /path/to/website/root

You will most likely see something like this:

drwxrwsr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 mywebsite.com

The key part to look at is the unconfined_u:object_r:httpd_sys_content_t:s0 portion. If you see httpd_sys_content_t then you know right away that your web server and application (Apache, PHP, etc.) will not be able to write to your directories.

To allow for write access to your directories, you’ll need to issue the following command:

sudo chcon -t httpd_sys_rw_content_t mywebsite.com/ -R

Note! This will make your entire website home directory writeable via SELinux, so you will probably want to selectively choose folders that you want your web server to be able to write to.

Run the ls -Z command again and you should see the new attribute httpd_sys_rw_content_t instead of the previous httpd_sys_content_t.

You should be all set at this point. SELinux is a security layer above the standard chmod permissions, so make sure both are set properly in order to have the permissions you need.

Linux variations that implement SELinux:

  • Red Hat
  • CentOS/REHL
  • Fedora
  • Debian
  • Ubuntu
  • CoreOS

To learn more about SELinux, check out the Wikipedia entry. I’m beginning to see this issue pop up quite often as more and more people move towards hosting with a non-managed virtual private server. So it’s always worth understanding the fundamentals.

As always, I’d love to hear recommendations or questions so please feel free to comment with your feedback.

 

Leave a Reply