• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Copying content & SELinux

T

tino

Basic Pleskian
For some sites, I have manually copied site content to the httpdocs folder of the site.

For example;

mv -R /tmp/mysite/* /var/www/vhosts/mydomain.com/httpdocs
chown -R myaccount:psacln /var/www/vhosts/mydomain.com/httpdocs
Click to expand...

Now, in the browser, I get an http 403 (forbidden).

If I disable SELinux (e.g. setenforce 0) everything works. If I re-enable SELinux (e.g. setenforce 1) it stops working again.

I know this works:

chcon -R -t httpd_sys_content_t /var/www/vhosts/*/httpdocs/
chcon -R -t httpd_sys_content_t /var/www/vhosts/*/subdomains/
Click to expand...

What's the 'best practice' here?

Tino
 
Last edited:
'Best practice' is using default settings for SELinux defined in special package psa-selinux. This package modifies the SE-Linux predefined policies configurations to allow Plesk to perform its actions.
 
Tino,

Use cp instead then delete since mv does not maintain the context.

Use cp -pZ

This will preserve the owner and timestamps, and maintain the selinux context.
 
Thanks for the insight.

Since the files are coming from another machine, I guess that cp -pZ wouldn't make that much different, right? Because there are no special permissions to preserve...
But I will try it!

IgorG; Any ideas what these SELinux settings in psa-selinux are, so that I can set them after a cp/mv?

Thanks all!

Tino
 
Hi Tino,

Is this other machine online? Why not use rsync?

rsync -qaruX

You can always rsync --help for the syntax.

If there is a bunch of files to do that will work just nicely.

I use rsync on my server as I split off my ipv6 into a separate site, and I use it to copy any content added from either the ipv4 or ipv6 site. You can probably drop some option from the rsync as this was to only copy changed or content that the timestamp is later for. However run as root it will maintain the user/group and all the context.

It's worthwhile fixing the context, don't drop selinux . I always see guides saying set enforcing to off and I shudder! If your ever stuck, let me know as it's easy to generate local selinux policy if your getting audits you can't fix, don't just disable httpd in Boolean
 
I definitely do not want to turn off SELinux. :)

Thanks for the information. I had to do this kind of stuff migration off of Parallels Pro. The Migration Wizard won't work, so I copied all the content over etc. A real pain...

Thanks!

Tino
 
If your ever got selinux issues let me know. It's so easy to make a local rule if you need to tweak some things from the audits. Beats just turning off stuff in Boolean.

Let me know also if your got context issues with the files. You can wildcard them with chcon I needed.
 
You must log in or register to reply here.

Similar threads

S
Resolved Cannot log in with WP Toolkit, pathing problem
Replies
6
Views
3K
Peter Debik
P
E
Resolved Plesk website / NAS HA error reading
Replies
2
Views
589
Erwan
E
R
Resolved Index.php not loading
Replies
13
Views
2K
Maarten.
M
N
Issue NGINX FastCGI Cache open_basedir restriction bug?
Replies
1
Views
896
Peter Debik
P
M
Issue Import WordPress Website: There were issues when transferring source folder
Replies
0
Views
536
micheee
M
Back
Top