Cara Mengatsi Error Apache “Warning: Unknown: failed to open stream: Permission denied”

Suatu ketika Administrator website menginstal webserver di fedora dengan menggunakan perintah yum, memang webserver berfungsi dengan baik. Tapi tiba-tiba admin mendapatkan kesalahan ini ketika mencoba mengakses file php :

Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0 Fatal error: Unknown: Failed opening required '/var/www/projects/php/index.php' (include_path='.:/usr/share/pear:/usr/share/php') in Unknown on line 0

Padahal admin sudah mencoba mengubah izin pada project folder dan pada index.php tetapi tetap tidak bisa.

Admin mencoba membuka file apache error_log dan yang admin dapatkan adalah :

Summary:



SELinux is preventing /usr/sbin/httpd "read" access to

/var/www/projects/php/index.php.



Detailed Description:



SELinux denied access requested by httpd. /var/www/projects/php/index.php may be

a mislabeled. /var/www/projects/php/index.php default SELinux type is

httpd_sys_content_t, but its current type is user_home_t. Changing this file

back to the default type, may fix your problem.



File contexts can be assigned to a file in the following ways.



* Files created in a directory receive the file context of the parent

directory by default.

* The SELinux policy might override the default label inherited from the

parent directory by specifying a process running in context A which creates

a file in a directory labeled B will instead create the file with label C.

An example of this would be the dhcp client running with the dhclient_t type

and creating a file in the directory /etc. This file would normally receive

the etc_t type due to parental inheritance but instead the file is labeled

with the net_conf_t type because the SELinux policy specifies this.

* Users can change the file context on a file using tools such as chcon, or

restorecon.



This file could have been mislabeled either by user error, or if an normally

confined application was run under the wrong domain.



However, this might also indicate a bug in SELinux because the file should not

have been labeled with this type.



If you believe this is a bug, please file a bug report against this package.



Allowing Access:



You can restore the default system context to this file by executing the

restorecon command. restorecon '/var/www/projects/php/index.php', if this file

is a directory, you can recursively restore using restorecon -R

'/var/www/projects/php/index.php'.



Fix Command:



/sbin/restorecon '/var/www/projects/php/index.php'







Additional Information:



Source Context unconfined_u:system_r:httpd_t:s0

Target Context unconfined_u:object_r:user_home_t:s0

Target Objects /var/www/projects/php/index.php [ file ]

Source httpd

Source Path /usr/sbin/httpd

Port <Unknown>

Host thinkpad

Source RPM Packages httpd-2.2.15-1.fc12.2

Target RPM Packages

Policy RPM selinux-policy-3.6.32-116.fc12

Selinux Enabled True

Policy Type targeted

Enforcing Mode Enforcing

Plugin Name restorecon

Host Name thinkpad

Platform Linux thinkpad 2.6.32.12-115.fc12.x86_64 #1 SMP

Fri Apr 30 19:46:25 UTC 2010 x86_64 x86_64

Alert Count 56

First Seen Mon 14 Jun 2010 11:21:38 AM CEST

Last Seen Mon 14 Jun 2010 02:02:56 PM CEST

Local ID ********************************
Line Numbers



Raw Audit Messages



node=thinkpad type=AVC msg=audit(1276516976.54:22125): avc: denied { read } for pid=2805 comm="httpd" name="index.php" dev=dm-0 ino=789248 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file



node=thinkpad type=SYSCALL msg=audit(1276516976.54:22125): arch=c000003e syscall=2 success=no exit=-13 a0=7f8eef2c2328 a1=0 a2=1b6 a3=7068702e786564 items=0 ppid=2799 pid=2805 auid=500 uid=48 gid=487 euid=48 suid=48 fsuid=48 egid=487 sgid=487 fsgid=487 tty=(none) ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)

 

Dari log tersebut, admin mengetahui bahwa SElinux memblock read access untuk  /var/www/projects/php/index.php.

Maka dari itu admin mencoba command :

/sbin/restorecon ‘/var/www/projects/php/index.php’