在centos上設定http分享(關於selinux)

http寫入資料夾權限的問題:

chcon -t public_content_rw_t /path

以下指令只是暫時更改屬性,重閏機後會恢復預設值
setsebool allow_httpd_anon_write on
setsebool allow_httpd_sys_script_anon_write on

如要開機後屬性不變,改用以下指令
setsebool -P httpd_anon_write 1
setsebool -P allow_httpd_sys_script_anon_write 1

針對某一資料夾寫入問題可用:
chcon -R -t httpd_sys_rw_content_t /path
ceonos7使用此方法,samba似乎無法讀取的問題。


使用以下指令可以修正此方去
The simple way is to just allow samba read/write access everywhere with:

setsebool -P samba_export_all_rw 1

If you're concerned with Samba having full access to all directories and only want to change /var/www, try:

chcon -t public_content_rw_t /var/www
setsebool -P allow_smbd_anon_write 1
setsebool -P allow_httpd_anon_write 1

----------------------------------------------------------------------------------

關於ann2公告系統的問題

SELinux is preventing /usr/sbin/httpd from 'name_connect' accesses on the tcp_socket port 5432.
*****  Plugin catchall_boolean (47.5 confidence) suggests  *******************
If you want to allow HTTPD scripts and modules to connect to the network using any TCP port.
Then you must tell SELinux about this by enabling the 'httpd_can_network_connect' boolean.
Do
setsebool -P httpd_can_network_connect 1

*****  Plugin catchall_boolean (47.5 confidence) suggests  *******************

If you want to allow HTTPD scripts and modules to connect to databases over the network.
Then you must tell SELinux about this by enabling the 'httpd_can_network_connect_db' boolean.
Do
setsebool -P httpd_can_network_connect_db 1

-------------------------------------------------------------------------------

To make a domain permissive, run the semanage permissive -a domain command, where domain is the domain you want to make permissive. For example, enter the following command as root to make the httpd_t domain (the domain the Apache HTTP Server runs in) permissive:

~]# semanage permissive -a httpd_t

To view a list of domains you have made permissive, run the semodule -l | grep permissive command as root. For example:

~]# semodule -l | grep permissive
permissive_httpd_t    (null)
permissivedomains     (null)

If you no longer want a domain to be permissive, run the semanage permissive -d domain command as root. For example:

~]# semanage permissive -d httpd_t