Apache file write permission – SELinux

Not an expert on this, but just want to document something after spending hours figuring out why a 777 permission file is not writable in MyWebSql PHP website run by apache user in httpd, when trying to run a database backup. My Linux system version in Centos 7. You can find out some information on SELinux from http://wiki.centos.org/HowTos/SELinux.

Below is an example of default SELinux permission.

[root@jingyusoft mywebsql]# pwd
/var/www/html/mywebsql
[root@jingyusoft mywebsql]# ls -Z
drwxrwxrwx. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 backups
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 cache.php
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 config
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 Docs
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 favicon.ico
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 img
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 index.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 install.php
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 js
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 lang
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 lib
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 modules
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 phpinfo.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 README.md
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 status.php
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 themes
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 tmp

As httpd process is running under SELinux policy, besides setting permission using chmod, if we need to grant write permission to a folder, we need to run the following:
chcon -u unconfined_u -r object_r -t httpd_sys_rw_content_t -R /var/www/html/mywebsql/backups

This will set the backups folder to writable when a process is running under SELinux.

[root@jingyusoft mywebsql]# ls -Z | grep backups
drwxrwxrwx. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 backups

Installing Apache and PHP on CentOS

1. Install Apache server
sudo yum install httpd mod_ssl
Configuration file is by default located in /etc/httpd/conf/httpd.conf, where root directory, port, etc. can be changed.

The follow command can setup httpd service as auto startup:
chkconfig httpd on

2. Install PHP
yum install php

3. Start the Apache server
service httpd start

4. Create a sample php file in the root directory. The default root directory configured in /etc/httpd/conf/httpd.conf is /var/www/html/. Creating a file with the following content, and name it as info.php.

<?php
   phpinfo();
?>

5. Try accessing the file in browser.

Installing sendmail on CentOS

Here’s a good post to reference:
http://www.unixmen.com/configuring-sendmail-smtp-server-on-centos-a-scientific-linux/

1. Install sendmail
yum install sendmail-cf sendmail-doc sendmail-devel

2. Set sendmail for auto startup
chkconfig sendmail on

3. Send a test email – Need to create MX record before
mail -v -s 'Testing sendmail' my.email@myhost.com

By default logs can be found in /var/log/maillog.

And here’s another post related to setting up SMTP authentication:
http://www.linuxquestions.org/questions/slackware-14/sendmail-smtp-auth-howto-224543/