Ask Your Question
3

location /var/www is not writable [closed]

asked 2014-07-11 14:50:46 -0500

experimentx gravatar image

Hi, I am using fedora 20. I am trying to install moodle on my localserver. When my localwebserver tried to create a directory moodledata in location /var/www i got the error location /var/www is not writeable. Instead i created a directory in location /var/moodledata and it worked.

Now I am trying to install theme to Moodle, when I try to upload the theme, I get the error location /var/www/html/moodle/theme is not writable. The owner of the directory is apache and it has read, write, execute permission for all. Here is result of ls -la of the directory

drwxrwxr-x. 16 apache apache 4096 Jul 3 15:38 report
drwxrwxr-x. 25 apache apache 4096 Jul 3 15:38 repository
drwxrwxr-x. 2 apache apache 4096 Jul 3 15:38 rss
-rwxrwxr-x. 1 apache apache 67 Jul 3 15:38 .shifter.json
drwxrwxr-x. 3 apache apache 4096 Jul 3 15:38 tag
-rwxrwxr-x. 1 apache apache 935 Jul 3 15:38 tags.txt
drwxrwxrwx. 7 apache apache 4096 Jul 12 01:14 theme
-rwxrwxr-x. 1 apache apache 1334 Jul 3 15:38 TRADEMARK.txt
drwxrwxr-x. 6 apache apache 4096 Jul 3 15:38 user
drwxrwxr-x. 2 apache apache 4096 Jul 3 15:38 userpix

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by zoltanh721
close date 2014-07-14 07:05:47.592079

Comments

1

Run setenforce 0 and try again to see if you still get the ... is not writable error.

hedayat gravatar imagehedayat ( 2014-07-11 15:42:54 -0500 )edit

@hedayat that works!! what does that command do? what is happening?

experimentx gravatar imageexperimentx ( 2014-07-11 17:17:03 -0500 )edit
1

@hedayat, please convert the comment to a substantial answer, so the OP can accept it as the correct answer. Talk about SELinux a bit, and how the user can debug the problem and what is the permissive mode :) Thank you.

NickTux gravatar imageNickTux ( 2014-07-11 17:38:37 -0500 )edit
1

@NikTh OK!

hedayat gravatar imagehedayat ( 2014-07-11 19:34:13 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
5

answered 2014-07-11 20:21:51 -0500

hedayat gravatar image

First, put all your web content data under /var/www/html/. However, Fedora does not allow Apache to write anything anywhere by default, unless you explicitly permit that. For that, proper file/directory permissions are required, but not enough. Fedora uses SELinux (Security Enhanced Linux) to provide more robust security, and it doesn't allow Apache to write anything by default too.

Now, for each file and/or directory which should be writable (for which you receive ... is not writable errors) you should set unconfined_u:object_r:httpd_sys_rw_content_t:s0 SELinux label to tell SELinux that these files/directories are allowed to be modified by Apache. For example, to make /var/www/moodledata and /var/www/html/moodle/theme writable, you should run (you can use -R so that this lable is set recursively if these directories contain subdirectories which should be writable):

chcon -R unconfined_u:object_r:httpd_sys_rw_content_t:s0 /var/www/moodledata /var/www/html/moodle/theme

Now, you can run setenforce 1 and see if the webiste is working properly. This is the solution.

But, what about setenforce 0 command? This command changes SELinux mode into permissive mode. In this mode, SELinux doesn't prevent any activity and only generates error messages in system's audit logs. This is why you didn't receive error messages anymore. However, putting SELinux in permissive mode is NOT a proper solution to make things work, I used it to see if your problem is related to SELinux. And, setenforce changes SELinux mode temporarily (until next shutdown/reboot). setenforce 1 changes the SELinux mode to the default one, which is enforcing mode in which SELinux does actually prevent un-allowed activities.

This is the workflow that I would suggest when setting up a new thing in Fedora:

  1. Put SELinux into Permissive mode (setenforce 0)
  2. Set up the system as you like and make sure that it works correctly as intended
  3. Put SELinux back to Enforcing mode (setenforce 1)
  4. See if your system is still working fine. If not, check for SELinux errors in system audit logs (/var/log/audit) and try to solve the errors appropriately (it usually involves changing file/directory SELinux lables, or changing SELinux boolean parameters). A more user friendly approach is to use SELinux Troubleshooter GUI application rather than inspecting audit logs. It shows SELinux related errors along with suggested solutions.

Notice that you can modify SELinux configuration file (/etc/selinux/config) to completely disable SELinux or permanently set it into Permissive mode, but please don't. While many will suggest it as a solution to SELinux related problems, it is more like removing the problem rather than a solution for itu. However, for a development system where security is not important, you might decide to do that (In that case, I would personally prefer using permissive mode rather than completely disabling SELinux, so that you can still know about SELinux permission erros). When you decided to deploy your web application to production servers, you should know how to properly configure SELinux ... (more)

edit flag offensive delete link more

Comments

1

Also that way (I mean with an answer and not just a comment) I can upvote and "award" you with karma points, because ...Yeah! this is a very good answer !!

NickTux gravatar imageNickTux ( 2014-07-11 20:36:10 -0500 )edit

@hedayat - Great answer1

abadrinath gravatar imageabadrinath ( 2014-07-12 01:57:59 -0500 )edit

Thank you both! :)

hedayat gravatar imagehedayat ( 2014-07-12 05:46:34 -0500 )edit

Question Tools

1 follower

Stats

Asked: 2014-07-11 14:50:46 -0500

Seen: 11,323 times

Last updated: Jul 11 '14