Fedora file permissions apache no write acces

Question

I spend hours on finding out how to gain file permissions for my apache installation in Fedora 18. I did the following without any luck:

httpd.conf (restarted it afterwards)

DocumentRoot "/var/www/html"

<Directory "/var/www/html/">
    AllowOverride all
    # Allow open access:
    Require all granted
    Options Indexes FollowSymLinks Multiviews
</Directory>

File rights on my /var/www/html folder

drwxrwxrwx. 6 chris apache 4096 26 apr 22:40 .
drwxrwsrwx. 7 chris apache 4096 23 apr 09:30 ..
-rwxrwxrwx. 1 chris apache   19 22 apr 08:37 index.php
-rwxrwxrwx. 1 chris apache   20 21 apr 17:14 info.php
drwxrwxrwx. 8 chris apache 4096 27 apr 14:58 pyro
-rwxrwxrwx. 1 chris apache  125 24 apr 00:36 test.html

As you can see I've even changed the permissions to 777 recursively ( with -R )

I also tried to change user to root and apache, group to user and root etc. In my version I have 2 users: root and chris.

It doesn't matter how I change this.. I still get the PHP error (in for example pyrocms backend):

A PHP Error was encountered

Severity: User Warning
Message: system/cms/cache/default/simplepie/ is not writeable. Make sure you've set the correct relative or absolute path, and that the location is server-writable.
Filename: libraries/Simplepie.php
Line Number: 2040

Stil it doesn't seem to be pyrocms because the Laravel framework gives me the same type of error.

Edit Also User and Group in my httpd.conf are set to apache

Answer 1

I had the same issue because SELinux blocked httpd, it worked fine after this command:

setsebool -P httpd_unified 1

I'm on fedora 23.

Answer 2

There are a number of things that could be affecting this:

• Discretionary Access Control (DAC)
• SELinux file/content type
• user:group ownership
• apache server modules missing/misconfigured.

The fact that your server's directories have the 777 permissions would lead me to exclude DAC as the main reason for the errors; however, you might want to check to make sure that user(chris) is part of the apache group, just for good measure. Also, the httpd server reads/writes files as the apache user by default!!

Similarly, you said the errors persisted even after "disabling" SELinux; I'm assuming you executed setenforce 0 or something to that effect in order to change the SELinux policy from Enforcing to Permissive. Furthermore, if it had to do with SELinux, most of the time (if not all) you'd receive a notification about the denial, or you'd be able to see it in the logs. Again, for good measure, check the SELinux content type of the directories/files with ls -Z; the content type should be httpd_sys_content_t or perhaps even httpd_sys_content_rw_t.

Lastly, the apache modules and the server configuration should be thoroughly examined--including the comments in the httpd.conf file--for correct options, modules, as well as order. If all else fails, try moving those lines

 <Directory "/var/www/html/">
    AllowOverride all
    # Allow open access:
    Require all granted
    Options Indexes FollowSymLinks Multiviews
</Directory>

to the bottom of the config file (/etc/httpd.conf). The Options flag within that code block should be examined carefully; you can get more info on that at the apache website. For example, not sure if the order of things will improve/change things for you in this context, but the httpd.conf file on my Fedora system has the Options listed before the Require All granted.