chcon SeLinux

 

chcon: can't apply partial context to unlabeled file

 

cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=disabled
SELINUX=enfourcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

 CentOS中samba配置上下文 提示 chcon: can't apply partial context to unlabeled file - Suozhiyuan - 博客园 https://www.cnblogs.com/CooCoChoco/p/14351481.html

 

CentOS中samba配置上下文 提示 chcon: can't apply partial context to unlabeled file

 

之前在本地的CentOS虚拟机上配置 Samba 服务器没有遇到过这种问题, 刚才在我的阿里云服务器上配置Samba上下文时, 报出了这个错误

chcon -t samba_share_t /home/suozhiyuan/

chcon: can't apply partial context to unlabeled file '/home/suozhiyuan/'

 

找了很久的资料, 发现问题是出在 selinux 放火墙上, 这个防火墙的配置文件为 /etc/selinux/config 

配置内容:

原来是关闭: SELINUX=disabled
改成打开:  SELINUX=enforcing
复制代码
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
#改成
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
复制代码

 

保存后重启服务器

 

 

 

Apache无法读取某些目录文件的解决方法 - CoffeeCat's IT Blog - IT博客 http://www.cnitblog.com/CoffeeCat/archive/2014/03/18/89333.html

Apache无法读取某些目录文件的解决方法

今天正好碰巧看到一份关于SeLinux的资料,解决了一个困扰我多时的问题。

我有一台CentOS的服务器,运行着基于Apache的PHP系统,但是这些系统无法访问诸如/home,/usr等目录,即使我将这些目录chown成apache:apache,并且chmod成0777,也显示Permission Denied。百思不得其解后,我只能放弃那些计划好的数据分区,将这些数据文件挤在/var/目录下了。原来0777也不是万能的,真是毁三观,哈哈。

原来,此问题的发生是因为SeLinux。这是一个安全控制系统,简单理解就是它提供了更精确的权限控制,使我们的Linux更安全。

解决办法有2种,最快速的就是将SeLinux直接Disable掉,当然,这个你需要看场合,大多数场合都不适合这样rough的操作。最好的办法,就是正确设置SeLinux针对apache的权限。

下面给出解决的方法:

比如,你想让PHP系统能访问/home/folder/目录,那么你只需要运行命令:

chcon -R -h -t httpd_sys_content_t /home/folder/


这样,SeLinux就不会阻止你的程序访问啦。

 

posted @ 2022-01-10 21:23  papering  阅读(212)  评论(0编辑  收藏  举报