This article briefly describes how to move virtual hosts outside the standard /var/www/html directory in CentOS 6.x. By default SELinux in CentOS does not allow the httpd process to access files outside the standard /var/www/html directory.
One side effect of not having the access permission is that properly configured virtual hosts resolve to the default directory without any errors in server’s log files. This makes it difficult to troubleshoot without installing additional tools.
What Is SELinux?
SELinux is an access control implementation for the Linux kernel. The root user can define rules in user space. If the Linux kernel has been compiled with SELinux support, those rules will be adhered to by the kernel.
How to Check if SELinux is Enabled?
With the following commands it is possible to check if the SELinux mechanism is actively enforcing the security rules:
sestatus – shows the status of a system running SELinux
The ls command provides means to display the security context:
ls -dZ /www/directory-name
For a typical directory the result will look similar to:
unconfined_u:object_r: default_t :s0
Granting SELinux Access
In order to allow access we add the httpd security context:
unconfined_u:object_r: httpd_sys_content_t :s0
chcon -t httpd_sys_content_t /www/test
Normally all sub-directories will inherit the new context automatically. For existing files keep in mind to apply the change recursively.
Disabling SELinux Enforcement
For local development setup it is possible to disable the SELinux rule enforcement in the /etc/sysconfig/selinux configuration file. For production environments disabling the access control is probably not recommended.
Configuration File: /etc/sysconfig/selinux
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – SELinux is fully disabled.
SELINUX=enforcing