Yesterday, I was having this issue with my web-server, which is apache2 running on CentOS Linux, and it took me until today to figure out what was going wrong. I had set up this apache2 software months prior, and it was working fine then with the default index.html in place. I added a few virtual hosts and those seemed to work fine as well. No issues out of the box and no unusual problems. I got to use my website for a time and it all looked great.

Then I decided that I wanted to update my index.html page. What I did was create a new index2.html file, fill it with data, and then juggled around the old index.html to be the new one. That meant I renamed index.html to indexold.html and then renamed index2.html to index.html. I am explaining it like this to highlight what my problem was.

The distribution of Linux I use, CentOS, comes with a software called “SELinux” which is a set of features that helps dummy-proof your server in terms of security. Now, what this feature does is set “context inheritance” on your folders/files so that anything new created in certain folders follows a special set of “serve or not serve” guidelines. And what was happening in my case is I had created a file outside of this context inheritance, and tried to push it into a folder that had different, more proper context inheritance set that allowed it to be seen by web users and displayed by the web server.

This issue was particularly frustrating because I hadn’t thought of it until I found it in a search. And I had to do a few searches in the wrong direction before finding it. And then it was also frustrating because I HAD THIS PROBLEM BEFORE, but it was so long ago, and for such a short period of time, that I barely remembered what server it was or how I fixed it. A scenario like this is exactly why I have this blog. So I am going to post some commands on how to fix it, and hopefully help you and myself out if this problem crops up again in the future.

All in all, the one command you need to fix it is this:

$ restorecon -v /var/www/html/your/file/location.html

That command will restore the context for the given file, hopefully matching it to what the context _should_ be in your virtual host directories. You can also see those context inheritance by using a special command. Use it, and you will see something like the following:

$ ls -Z
unconfined_u:object_r:httpd_sys_content_t:s0

If your context inheritance is incorrectly set, as mine was, it would look something like this:

unconfined_u:object_r:user_home_t:s0

Remember, that is WRONG if you want to see the file displayed over the internet. I’m not sure why, so when I find out more I will update this post. For now, those commands should be all you need to help fix this confounding problem. It’s hard because it’s a kinda sorta silent error. I even looked in the error logs of apache and they just said the file had incorrect permissions. And that’s where I had hit a dead-end before because I had used the chown and chmod command and set the “proper” file permissions without issue so I wasn’t sure what it could be. Only after further searching did I find anything useful. I will list my sources at the end.

Sources:

https://www.digitalocean.com/community/tutorials/an-introduction-to-selinux-on-centos-7-part-2-files-and-processes

https://forums.centos.org/viewtopic.php?t=69364

Leave a Reply

Your email address will not be published. Required fields are marked *