The following sections...
When access is denied, check standard Linux permissions. As mentioned in Chapter 2, Introduction, most operating systems use a Discretionary Access Control (DAC) system to control access, allowing users to control the permissions of files that they own. SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first.
If access is denied and no SELinux denials are logged, use the ls -l
command to view the standard Linux permissions:
$ ls -l /var/www/html/index.html -rw-r----- 1 root root 0 2008-11-07 11:06 index.html
In this example, index.html
is owned by the root user and group. The root user has read and write permissions (-rw
), and members of the root group have read permissions (-r-
). Everyone else has no access (---
). By default, such permissions do not allow httpd
to read this file. To resolve this issue, use the chown
command to change the owner and group. This command must be run as the Linux root user:
# chown apache:apache /var/www/html/index.html
This assumes the default configuration, in which httpd
runs as the Linux apache user. If you run httpd
with a different user, replace apache:apache
with that user.
Refer to the Fedora Documentation Project "Permissions" draft for information about managing Linux permissions.