Moved my local development files to the server after setting up Apache, PHP, and MySQL on my CentOS 7. When I tried to access one of the pages, noticed a “Failed to open stream: Permission denied” warning message in the error_log file. Below is the complete warning message:
[Wed Nov 17 10:57:29.268675 2021] [php:warn] [pid 13672] [client 10.180.6.115:3244] PHP Warning: include_once(/var/www/html/admin/includes/functions.php): Failed to open stream: Permission denied in /var/www/html/admin/includes/header.php on line 21
Checked the file permissions and ownership. All files in the DocumentRoot are owned by apache user and are having the read and write permissions to the files and the directory.
How to solve the “Failed to open stream: Permission denied” warning
On CentOS 7, SELinux is enabled by default. SELinux improves server security by restricting and defining how a server processes requests and users interact with sockets, network ports, and essential directories. SELinux may create problems in accessing or writing files or directories into DocumentRoot as below:
- Can’t serve files on the directory
- Can’t write to file
It is not recommended to disable SELinux for security reasons as you will be allowing the entire system to be compromised. However, you should update the SELinux policy to allow read and writing on specific directories. Below is the complete set of commands to set up SELinux policies to allow apache user to read and write to specific directories under webroot.
First re-establish the SELinux context
# restorecon -Rv /var/www/html
Change the owner of the webroot
# chown -R apache:apache /var/www/html
Change the basic permissions
# chmod -R g+w /var/www/html
# chmod g+s /var/www/html
Establish the SELinux permissions
Make all files read only
# chcon -R -t httpd_sys_content_t /var/www/html/
Only allow write on uploads dir
#chcon -R -t httpd_sys_rw_content_t /var/www/html/uploadsThat’s It!
