On my Fedora 20, I've learned that to allow write access to files by processes like PHP via Apache, the process owner, which is in my case apache
, must have write permissions to the files. Also, since SELinux is enabled, the files must have the httpd_system_rw_content_t
context.
It also looks like an SELinux policy prevents httpd from accessing any files under /home
. Just about everyone agrees that to remedy this, the files you want accessed must have security context httpd_user_content_t
or httpd_user_rw_content_t
. I've been sure to do this, yet Apache still says it does not have permission to access the directories. When those files don't have the user_content context, I indeed get SELinux warnings. When the context is set, I don't get the warnings, but Apache still can't access the files. Everything under /home/me/game
has the following user permissions and security context:
$ sudo chcon -Rv --type=httpd_user_rw_content_t game
$ sudo setsebool -P httpd_read_user_content 1
$ sudo chown -R :apache game
$ ll -Zd game
drwxrwxr-x. me apache unconfined_u:object_r:httpd_user_rw_content_t:s0 game
Yet Apache tells me:
Forbidden
You don't have permission to access /game on this server.
Might anyone know what else I could check?
Best Answer
Sigh... always check your permissions, people. Even though the SELinux settings were good, there was a directory on the way down to the path I wanted
apache
to reach that was not allowing that user to read/execute it.First of all, I should have looked at
/var/log/httpd/error_log
which plainly said:Looking up the error on Google, I found this page that also spells out the issue. Since it had no problem serving things from
/var/www
I checked the directory permissions all the way down:I did the same all the way down my home dirs:
Yep... a simple
sudo chmod o=rx /home/me
got me up and going. I couldn't have done it without checking everything you guys asked me to, and I thank you.