Apache Not Serving Pages – SELinux

Recently, like a couple hours ago I migrated my blog after being down for a couple months to a AWS LAMP stack which was great and easy until Apache just wasn’t loading the site. It’s a blog so it runs WordPress and and a simple LAMP stack where everything is running should just be pretty much a out of the box solution.

However this time around once I pushed the DNS over html was serving but PHP just would not execute due to permission issues as shown below:

[Mon Jun 22 17:42:47.530605 2015] [core:error] [pid 9461] (13)Permission denied: [client 24.28.94.42:57301] AH00035: access to /index.php denied (filesystem path '/var/www/mattharris.org/index.php') because search permissions are missing on a component of the path
[Mon Jun 22 17:42:48.475473 2015] [core:error] [pid 9461] (13)Permission denied: [client 24.28.94.42:57301] AH00035: access to /index.php denied (filesystem path '/var/www/mattharris.org/index.php') because search permissions are missing on a component of the path

So the culprit after a lot of going up the tree and checking all of the permissions and ownership ended up being SELinux. Apparently in Red Hat 7 and CentOS 7 this is enabled by default and you have to manually disable the policies on pretty much everything or manually go through the audit log and enable each filter. So here is a quick dirty fix:

[[email protected] ~]# getenforce
Enforcing
[[email protected] ~]# setenforce 0
[[email protected] ~]# getenforce
Permissive

This will put SELINUX into a Permissive mode. Since this server only houses an open source blog security isn’t my number one priority. That and its on AWS so its a bit more secure than say a shared hosting account.

Now with this – the permissions will not persist upon reboot; so if we want to set this to persist we need to edit the following file:

/etc/sysconfig/selinux:

from:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUX=enforcing

to:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive

Anyways hope this helps someone out at some point.

Write a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.