Lighttpd fails with 403 – Forbidden with SELinux enabled

Brad asked:

I’ve setup a CentOS 6.3 box with lighttpd, php-fpm and I can server both static files and PHP files with SELinux enabled if I leave the lighttpd home directory set to the default (/var/www/lighttpd).

However if I change the home directory to anything else, I get 403 forbidden errors when I try and access the server (if I have SELinux enabled).

If I disable SELinux an alternative home directory works fine – but I’d prefer not to have to disable SELinux.

I’ve read that I should run “chcon -R -h -t httpd_sys_content_t /my_new_docroot” and that should make SELinux happy but unfortunately when I do that I get the following errors:

changing security context of /mnt/smbshare/files'
chcon: failed to get security context of
files’: Operation not supported

I suspect this is because I’m trying to use chcon on an SMB share which is mounted using fstab.

So I’m wondering how else I can solve this issue (besides flat out turning off SELinux) – any gurus out there have any suggestions for me?


My answer:

You appear to be using a Samba share to store your web content. If you want SELinux to allow your web server to read files on Samba shares, you need to set the appropriate boolean. For instance:

setsebool -P httpd_use_cifs 1

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.