Apache file write permission – SELinux

Not an expert on this, but just want to document something after spending hours figuring out why a 777 permission file is not writable in MyWebSql PHP website run by apache user in httpd, when trying to run a database backup. My Linux system version in Centos 7. You can find out some information on SELinux from http://wiki.centos.org/HowTos/SELinux.

Below is an example of default SELinux permission.

[root@jingyusoft mywebsql]# pwd
/var/www/html/mywebsql
[root@jingyusoft mywebsql]# ls -Z
drwxrwxrwx. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 backups
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 cache.php
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 config
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 Docs
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 favicon.ico
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 img
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 index.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 install.php
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 js
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 lang
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 lib
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 modules
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 phpinfo.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 README.md
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 status.php
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 themes
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 tmp

As httpd process is running under SELinux policy, besides setting permission using chmod, if we need to grant write permission to a folder, we need to run the following:
chcon -u unconfined_u -r object_r -t httpd_sys_rw_content_t -R /var/www/html/mywebsql/backups

This will set the backups folder to writable when a process is running under SELinux.

[root@jingyusoft mywebsql]# ls -Z | grep backups
drwxrwxrwx. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 backups

Installing Apache and PHP on CentOS

1. Install Apache server
sudo yum install httpd mod_ssl
Configuration file is by default located in /etc/httpd/conf/httpd.conf, where root directory, port, etc. can be changed.

The follow command can setup httpd service as auto startup:
chkconfig httpd on

2. Install PHP
yum install php

3. Start the Apache server
service httpd start

4. Create a sample php file in the root directory. The default root directory configured in /etc/httpd/conf/httpd.conf is /var/www/html/. Creating a file with the following content, and name it as info.php.

<?php
   phpinfo();
?>

5. Try accessing the file in browser.

Installing sendmail on CentOS

Here’s a good post to reference:
http://www.unixmen.com/configuring-sendmail-smtp-server-on-centos-a-scientific-linux/

1. Install sendmail
yum install sendmail-cf sendmail-doc sendmail-devel

2. Set sendmail for auto startup
chkconfig sendmail on

3. Send a test email – Need to create MX record before
mail -v -s 'Testing sendmail' my.email@myhost.com

By default logs can be found in /var/log/maillog.

And here’s another post related to setting up SMTP authentication:
http://www.linuxquestions.org/questions/slackware-14/sendmail-smtp-auth-howto-224543/

Installing Jetty Server on CentOS

1. Download a Jetty distribution from http://download.eclipse.org/jetty/. Taking jetty-distribution-9.2.3.v20140905 as an example.

2. Extract files

cd /srv
tar zxf jetty-distribution-9.2.3.v20140905.tar.gz
ln -s jetty-distribution-9.2.3.v20140905 jetty

3. Create a new user and setup service

adduser -r -m jetty
chown -R jetty:jetty /srv/jetty
cd /etc/init.d
ln -s /srv/jetty/bin/jetty.sh jetty
chkconfig --add jetty
chkconfig --level 345 jetty on

4. Modify default configuration

JAVA_HOME=/usr/local/java/jdk1.8.0_20
JAVA=$JAVA_HOME/bin/java
JAVA_OPTIONS=" -server -Xms256m -Xmx1024m -XX:+DisableExplicitGC "
JETTY_HOME=/srv/jetty
JETTY_USER=jetty
JETTY_HOST=0.0.0.0
JETTY_LOGS=/srv/jetty/logs/
JETTY_ARGS=jetty.port=8000

Original source comes from http://www.copper-arrow.com/blog/jetty-web-server-centos-6. Made minor corrections based on latest jetty version.

Installing pip on CentOS

Before installing pip, we need to get its only external dependency – setuptools

wget --no-check-certificate https://pypi.python.org/packages/source/s/setuptools/setuptools-5.7.tar.gz
tar -zxvf setuptools-5.7.tar.gz
cd setuptools-5.7
python setup.py install

Then we can install pip

curl https://raw.githubusercontent.com/pypa/pip/master/contrib/get-pip.py | python -

CentOS 7 Firewall

In CentOS 7, use the following commands to add a service to a public zone.

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --permanent --zone=public --add-port=2812/tcp
firewall-cmd --reload

Setup Cassandra in Linux

This post is mainly used as a personal memo, but you may find something useful if you are a beginner.

  • Install Java
  • Make sure $JAVA_HOME is properly set.

  • Download and install Cassandra
  • Cassandra can be downloaded from http://cassandra.apache.org/download/:
    wget http://mirror.ox.ac.uk/sites/rsync.apache.org/cassandra/2.0.9/apache-cassandra-2.0.9-bin.tar.gz

    To install, simply unzip it:
    tar -zxvf apache-cassandra-2.0.9-bin.tar.gz

  • Configuring Cassandra
  • The configuration make differ a bit in different Cassandra versions. Taking 2.0.9 as a example.

    In conf/cassandra.yaml, search for the following key words, and change the directory if necessary:
    1. data_file_directories
    2. commitlog_directory
    3. saved_caches_directory

    In log4j-server.properties, change log4j.appender.R.File to your preferred log file location.

  • Starting Cassandra
  • To start Cassandra, run /bin/cassandra -f. You can run it in different modes. By default it is running in background mode. -f option indicates running in foreground mode. If running in background mode, it is suggested to use /bin/cassandra -p pid_file. pid_file is the file name where the Cassandra background process PID will be written to, so later to kill the process, you can simply run kill `cat pid_file`.

  • Other tweaks
  • In conf/cassandra-env.sh, it will try detect your system free memory. If you don’t have permission to run the “free” command, change the command for setting “system_memory_in_mb” to the following:

    system_memory_in_kb=`cat /proc/meminfo | grep MemFree | awk ‘/:/ {print $2;exit}’`
    system_memory_in_mb=${system_memory_in_kb%.*}

Dialog from “Life of Pi”

Life of Pi - Floating Algae Island of Death

Years ago, some poor fellow just like me must have found himself stranded on that island, and like me he thought he might stay there forever. But all that the island gave him by day, it took away again by night. To think how many hours spent with only meerkats for company. How much loneliness taken on. All I know is that eventually he died and the island digested him, leaving behind only his teeth. I saw how my life would end if I stayed on that island. Alone and forgotten. I had to get back to the world, or die trying.

No one has seen that floating island since, and you won’t read about those trees in any nature book. And yet, if I hadn’t found those shores, I would have died. If I hadn’t discovered that tooth, I would have been lost, alone forever. Even when god seemed to have abandoned me, He was watching. Even when He seemed indifferent to my suffering, He was watching. And when I was beyond all hope of saving, he gave me rest, then gave me a sign to continue my journey.

Life will give you a chance to rest. And when it comes, cherish it, cause it won’t be too long before you need to move on. The chance given you to rest could be obvious, but the one to let you move on is often unapparent, waiting you to find out. And the incentive to find out the signs lies within you.

Articles