My user can't add, modify or delete apache/php files without sudo.
My enviroment is:
- CentOS Linux release 7.2.1511
- SELinux status: enabled
- Current mode: enforcing
- Apache 2.4.23
My user is already on the group of apache:
$ id
uid=1000(lmeza) gid=1000(lmeza) groups=1000(lmeza),10(wheel),48(apache) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
The Webroot of Apache already have the label httpd_sys_content_t
$ ls -Z /var/www
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-sr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 html
I have a directory with the label httpd_sys_rw_content_t but i can't write on him:
$ ls -lahZ /var/www/html
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 modules
$ touch /var/www/html/modules/abc.txt
touch: cannot touch ‘/var/www/html/modules/abc.txt’: Permission denied
Correct Get file access control lists:
$ getfacl /var/www/html
getfacl: Removing leading '/' from absolute path names
# file: var/www/html
# owner: apache
# group: apache
# flags: -s-
user::rwx
user:apache:rwx
group::r-x
group:apache:rwx
mask::rwx
other::r-x
default:user::rwx
default:user:apache:rwx
default:group::r-x
default:group:apache:rwx
default:mask::rwx
default:other::r-x
Best Answer
The correct way to establish SELinux and ACL permissions that work on CentOs 7 are:
The full script for Drupal 8 is on the next Gist: https://gist.github.com/merolhack/854c3d371f31b21fb6cb538fe02a0444