smilebomb smilebomb - 1 year ago 77
Linux Question

changing /var/www to /srv gets 403

I'm used to working with

as the webroot for apache. After creating a new CentOS machine, the default DocumentRoot is set to
. I've changed this
, but I'm getting a 403 when I visit my domain.

From the default httpd.conf file that was created, I changed the following:

DocumentRoot "/srv/www/html"

<Directory "/srv/www">
AllowOverride None
Require all granted
<Directory "/srv/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted

This is a
ls -lhA

rwxrwxrwx. 3 root root 34 Jan 29 06:51 www

d the directory just to get it to work. I'll be changing this after I figure out what's wrong.
chmod -R a=rwx /srv
is what I did.

Answer Source

By default, CentOS runs SELinux in Enforcing mode, which enforces additional security limits on the filesystem. In order for SELinux to permit Apache to read filesystem locations, they must have the correct SELinux context.

The typical context for /var/www/html is httpd_sys_content_t. You'll need to set that context on /srv/www using /usr/bin/chcon.

# Set the correct context for readable web server documents
$ chcon -t httpd_sys_content_t /srv/www

To do so recursively, use chcon -R. I would not expect that you need to set that context on the parent /srv, but target /srv/www specifically. Afterward, be sure to limit the normal chmod filesystem permissions from the the 777 you currently have.

If you have paths which must be writable by the Apache web server, in addition to making those writable with chmod ,you'll need to set a read/write context: httpd_sys_rw_content_t.

To list contexts used by Apache and known to SELinux, and the paths they belong on, run:

$ semanage fcontext -l | grep httpd

To check the context on an existing file, use the -Z flag to ls. This can help you match the right context for your new directory.

$ ls -lZ /var/www

drwxr-xr-x. 2 root root system_u:object_r:httpd_sys_script_exec_t:s0 4096 Jan  4 02:25 cgi-bin
drwxr-xr-x. 2 root root system_u:object_r:httpd_sys_content_t:s0     4096 Jan  4 02:25 html
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download