apache部分文件无法访问，因开启selinux导致

最新推荐文章于 2024-05-04 08:11:45 发布

33号球手

最新推荐文章于 2024-05-04 08:11:45 发布

阅读量624

点赞数 1

文章标签： centos linux apache

本文链接：https://blog.csdn.net/sinat_29220797/article/details/120216882

版权

通过网页无法访问，curl 报错。部分文件无法访问
[root@idc_yum ~]# curl http://127.0.0.1/centos/Packages/containerd.io-1.4.9-3.1.el7.x86_64.rpm
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /centos/Packages/containerd.io-1.4.9-3.1.el7.x86_64.rpm on this server.</p>
</body></html>

httpd日志报错：
Thu Sep 09 15:00:14.819248 2021] [core:notice] [pid 12412] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Sep 09 15:01:29.608871 2021] [core:error] [pid 12416] (13)Permission denied: [client 10.10.8.1:60858] AH00035: access to /centos/Packages/containerd.io-1.4.9-3.1.el7.x86_64.rpm denied (filesystem path '/var/www/html/centos/Packages/containerd.io-1.4.9-3.1.el7.x86_64.rpm') because search permissions are missing on a component of the path

原因：selinux是enforcing状态。开启selinux，可以限制到进程对于文件的访问。如果进程上下文跟文件的上下文对得上的话，进程才可以访问该文件。并不取决于文件目录的drwxrwxrwx来控制，还需要通过ls -Z来查看文件的selinux的role，还有user

解决方法：
setenforce 0

1. SElinux 有三种策略:

# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.

2. 查看
# getenforce
# sestatus

3. 策略转变
=======在线修改=======
a. enforcing --> permissive
# setenforce 0

b. permissive --> enforcing
# setenforce 1
=====================

=======重启修改=======
c. enforcing/permissive --> disabled
# sed -i s#SELINUX=.*#SELINUX=disabled#g /etc/selinux/config
# reboot

d. disabled/permissive --> enforcing
sed s#SELINUX=.*#SELINUX=enforcing#g /etc/selinux/config
# reboot

e. disabled/enforcing --> permissive
sed s#SELINUX=.*#SELINUX=permissive#g /etc/selinux/config
# reboot
=====================

4. 文件 label 查看
# ls -Z
[root@idc_yum Packages]# ls -Z|grep container
-rwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 containerd.io-1.4.9-3.1.el7.x86_64.rpm
-rwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
-rwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 openscap-containers-1.2.17-9.el7.noarch.rpm

另外一种解决方法：

chcon -R --type=httpd_sys_rw_content_t /var/www/html/centos

33号球手

关注

1
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
apache部分文件无法访问，因开启selinux导致

通过网页无法访问，curl 报错。部分文件无法访问[root@idc_yum ~]# curl http://127.0.0.1/centos/Packages/containerd.io-1.4.9-3.1.el7.x86_64.rpm<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head&gt
复制链接

扫一扫