为什么我的Apache只能访问根拥有的文件? [英] How come my Apache can only access root owned files?
问题描述
在CentOS 6.4运行的Apache和我的网络服务器无法看到任何文件,除非root用户创建或复制它们。
Running apache on centos 6.4 and my web server can't see any files unless the root user creates or copies them.
的ps aux | grep的阿帕奇
显示Apache正在运行的Apache的用户,而不是根目录。
我试图 CHOWN阿帕奇:阿帕奇
上的文件。
我甚至集搭配chmod 777
上的文件。
ps aux | grep apache
shows that apache is running as apache user, not root.
I tried chown apache:apache
on the files.
I even set chmod 777
on the files.
-rwxrwxrwx. 1 apache apache 2300 May 15 17:46 example.php
我仍然得到一个HTTP 500错误,还有什么地方出错了?
I still get an http 500 error, what else could be wrong?
也就算我chown将此文件根目录:根,它不会工作,我需要真正的 CP file.php file.php
作为根前,将工作。我不明白!
also even if I chown the file to root:root, it will not work, I need to actually cp file.php file.php
as root before it will work. I don't get it!
chcon这个-t httpd_sys_content_t使用example.php
让我有! - 感谢克里斯。
这是否意味着我需要改变我的FTP用户的安全上下文设置,以便他们可以上传文件,这样还是我需要改变SELinux的一个规则,以允许更大范围的文件来执行?
chcon -t httpd_sys_content_t example.php
gets me there! - thanks Chris.
Does this mean I need to change my FTP user's Security Context settings so they can upload files like this or do I need to change a rule in SELinux to allow a wider range of files to execute?
推荐答案
SELinux的可能这里是一个问题。
SELinux might here be a problem.
请做 LS -LZ使用example.php
要排除的SELinux,您可以:
To rule out SELinux you can:
getenforce
然后
setenforce 0
和再次尝试访问该文件...
And try accessing this file again...
这将暂时放了SELinux的许可模式。
您可能需要更改文件的情况下!让我们知道如何去,我们将采取从那里。
That will temporarily put SELinux in permissive mode. You might have to change a context of the file! Let us know how it goes and we will take it from there.
更新:
正如预期的那样,SELinux的是访问该文件停止Apache。如果你信任这个文件,你可以改变它的背景:
As expected, SELinux was stopping apache from accessing that file. If you trust this file, you can change it's context:
chcon -v --type=httpd_sys_content_t example.php
如果有多个文件,可以使用 -R
标志,所以:
If there is more than one file, you could use -R
flag, so:
chcon -vR --type=httpd_sys_content_t /html/
当你已经注意到了,与 LS
你有 -Z
标志,以显示SELlinux上下文。您可以尝试使用此标志与像 PS
其他方案为例。
As you have noticed, with ls
you have -Z
flag to show SELlinux context. You can try using this flag with other programs like ps
for example.
要解决问题的SELinux我推荐 sealert
- setroubleshoot服务器
的一部分
To troubleshoot SELinux problems I recommend sealert
- part of setroubleshoot-server
.
我怎么知道你是最有可能使用的SELinux?你的文件系统被标记。
我怎么知道你的FS标记? -rwxrwxrwx **
- 。在点权限的结尾告诉FS是标记
How did I know that you are most likely using SELinux? Your filesystem is labeled.
How did i know that your fs is labeled? -rwxrwxrwx**.**
- dot at the end of permissions tells that fs is labeled.
不要忘了更改权限!你真的不想要777 ...
希望有所帮助。
Don't forget to change the permissions! You really don't want 777... Hope that helps.
这篇关于为什么我的Apache只能访问根拥有的文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!