apache更改端口后无法启动成功的解决方案

转自：http://blog.itechol.com/space-33-do-blog-id-5114.html

CentOS5.5 系统 安装apache 

apache更改端口后无法启动显示现象如下：

第一次更改端口为：8000

[root@cacti-test cacti]# service httpd start

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

(13)Permission denied: make_sock: could not bind to address [::]:8000

(13)Permission denied: make_sock: could not bind to address 0.0.0.0:8000

no listening sockets available, shutting down

Unable to open logs

[FAILED]

尝试第二次将端口改为81

[root@cacti-test httpd]# service httpd start

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

(13)Permission denied: make_sock: could not bind to address [::]:81

(13)Permission denied: make_sock: could not bind to address 0.0.0.0:81

no listening sockets available, shutting down

Unable to open logs

[FAILED]

 Google 一下，发现原来是 SELinux  安全机制的作用。

(很难搞，如果很多牵扯的权限的事情找不到原因，就可以分析是否是它的作用)

解决方法如下：

查看selinux状态：

[root@cacti-test httpd]# sestatus

SELinux status:                 enabled

SELinuxfs mount:                /selinux

Current mode:                   enforcing

Mode from config file:          enforcing

Policy version:                 21

Policy from config file:        targeted

或者用

[root@cacti-test httpd]# getenforce

Enforcing

关闭selinux状态：（使用无启重启系统的方法）

详见：http://blog.itechol.com/space-33-do-blog-id-5088.html

[root@cacti-test httpd]# setenforce 0            关闭命令

[root@cacti-test httpd]# getenforce              重新查看selinux状态

Permissive  

尝试再次启动apache

[root@cacti-test httpd]# service httpd start

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

[  OK  ]        成功！！

附： selinux 管理命令semanage详解

semanage使用详解

NAME semanage - SELinux Policy Management tool SYNOPSIS Output local customizations：导出selinux当前策略 semanage [ -S store ] -o [ output_file | - ] Input local customizations：导入selinux策略 semanage [ -S store ] -i [ input_file | - ] Manage booleans. Booleans allow the administrator to modify the confinement of processes based on his configuration.：管理一些进程、服务的开关、配置等等，全是开关两个状态 semanage boolean [-S store] -{d|m|l|n|D} -[-on|-off|1|0] -F boolean | boolean_file Manage SELinux confined users (Roles and levels for an SELinux user) semanage user [-S store] -{a|d|m|l|n|D} [-LrRP] selinux_name Manage login mappings between linux users and SELinux confined users：将linux已存在的用户user映射到登陆保护 semanage login [-S store] -{a|d|m|l|n|D} [-sr] login_name | %groupname -a：添加 -d：删除 -m：修改 -l：列举 -n：不打印说明头 -D：全部删除 例子：semanage login -a -s unconfined_u leowang Manage network port type definitions：管理网络端口 semanage port [-S store] -{a|d|m|l|n|D} [-tr] [-p proto] port | port_range -t：类型 -r：角色 例子：semanage port -a -t http_port_t -p tcp 81 Manage network interface type definitions semanage interface [-S store] -{a|d|m|l|n|D} [-tr] interface_spec Manage network node type definitions semanage node [-S store] -{a|d|m|l|n|D} [-tr] [ -p protocol ] [-M netmask] address Manage file context mapping definitions：管理文件安全上下文的映射 -f：文件 -s：用户 -t：类型 r：角色 semanage fcontext [-S store] -{a|d|m|l|n|D} [-frst] file_spec semanage fcontext [-S store] -{a|d|m|l|n|D} -e replacement target 例子：semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" //新建一条规则，指定/web目录及其下的所有文件的扩展属性为httpd_sys_content_t Manage processes type enforcement mode semanage permissive [-S store] -{a|d|l|n|D} type Disable/Enable dontaudit rules in policy semanage dontaudit [-S store] [ on | off ] Execute multiple commands within a single transaction. semanage [-S store] -i command-file

  查看一下预定义

  #semanage port -l

http_cache_port_t              tcp      3128, 8080, 8118, 11211, 10001-10010
http_cache_port_t              udp      3130, 11211
http_port_t                    tcp      80, 443, 488, 8008, 8009, 8443

soundd_port_t                  tcp      8000, 9433, 16001

 原来8000 已经被预定义占用了，所有不能使用8000端口。

  # semanage port -a -t http_port_t -p tcp 81

 为Http 服务增加一个端口 81 ，同时将httpd 的端口改成 81 ，启动成功

Centos selinux