SELinux and 403 Forbidden messages from Apache, but I KNOW the permissions are right... right!?

Navigation

Twitter Updates

    Mike Hommé's Facebook profile

    Mike is curious and passionate about the web, open source and photography.

    He is founder, chief technology officer and project lead for MeetingPress.com and Occursys.com (Occursys Software) which offers friendly, reliable, web-based solutions built specifically for those tasked with the overwhelming responsibility of organizing annual symposiums or conferences within their scientific community.

    MeetingPress is an open source project that will soon be available on SourceForge.net

    Mike is a Sr. Webmaster at Ipswitch Inc, provider of secure managed file transfer products including WS_FTP and MOVEit.

    People often laugh at me, and I'm cool with that.

    Poll

    Who had the better Super Bowl commercial this year? Monster or CareerBuilder:

    Syndicate

    Syndicate content

    Photography

    http://api.smugmug.com/hack/feed.mg?Type=nicknamePopular&Data=mikehomme&format=atom03
    Submitted by Mike Hommé on Wed, 12/17/2008 - 16:30

    I upgraded to Red Hat Enterprise from Fedora Core 7 recently. I wasn't running SELinux on the Fedora box but decided to try it out on the shiney new RHE server.

    I ran into seemingly simple problem, my apache log was reporting a 403 - Forbidden permission denied to index.php when trying to access a simple test index.php in one of my virtual hosts. This is something that I've done probably 120 times before in only minutes, but it took me about 3 hours last night to get to the bottom of this. I figure it deserves a post as a personal note, and hopefully save others the time and a headache.

    I tried all the obvious stuff, chmod’s, chown’s, etc, on the files and directory, nothing. I checked the virtual host directive like 20 times, compared permissions with other sites that were working. Everything was correct. I called my dad, he mentioned that he had recently configured the new server to jail other system users to their respective website home folders when using FTP. This must have had something to do with it, but anyways it pointed me in the right direction.

    The command that saved the day:
    chcon -t httpd_sys_content_t /var/www/html/mywebsite/*

    The command recommended by "SEtroubleshoot Browser" that didn't work:
    restorecon -R -v /var/www/html/mywebsite

    Intersting tid-bit for troubleshooting SELinux:

    If you're running SELinux and you suspect that it's the cause of a problem on your system, you can use System > Administration > SELinux Administrator, to temporarily suspend it by setting the "Current Enforcing Mode" to "Permissive". This way you don’t have to completely disable it which WILL force you to reboot because it needs to re-label your entire file system.

    Links
    Comments
    Submitted by Guest on Fri, 10/23/2009 - 08:33.

    Thanks, Thanks! I waste a full day trying access my phpPgAdmin from localhost having
    the message 403 forbidden in centos , with your page help i can have my phpMyAdmin
    working !

    Carlos - Rio de Janeiro, Brasil

    Submitted by Mike Hommé on Wed, 12/09/2009 - 21:49.

    Thanks for the note Carlos, glad it worked for you. Can't live without phpMyAdmin! :)

    Submitted by Guest on Sat, 10/03/2009 - 17:52.

    Thanks! Amazingly obscure but lifesaving command...:)