Are you getting permission errors when you update WordPress with SELinux enabled? And facing similar errors you when you install plugins like W3 Total Cache?
You are not alone!
I had experienced this problem some time ago and it took me several hours to realize that it is due to SELinux. But don’t be tempted to disable SELinux completely.
In this article, I will show you how you can update WordPress with SELinux enabled.
What is SELinux?
SELinux, also known as Security-Enhanced Linux, is the bane of developers running web applications like WordPress on CentOS. But SELinux is there for a reason. It is a security module to support access control security policies. This limits privileges to the minimum.
So, when you disable SELinux, you are opening your server to security vulnerabilities.
Start Hacking SELinux
Update the ownership of your WordPress folder. This depends on the server you are using, Apache or Nginx.
$ sudo chown nginx:nginx -R /path/to/wordpress
Next, you will need to update the permission of your files and directories respectively.
$ sudo find /path/to/wordpress -type f -exec chmod 0644 {} \;$ sudo find /path/to/wordpress -type d -exec chmod 0755 {} \;
Now, you will need to configure SELinux permissions. You can check your current settings with -Z
.
$ ls -Z
drwxr-xr-x. nginx nginx system_u:object_r:httpd_sys_content_t:s0 wordpress
The following line sets all the documents under the WordPress folder to read-only. This ensures that only the minimum permission required to perform read or write be granted to the document.
$ sudo chcon -t httpd_sys_content_t /path/to/wordpress -R
Here comes the important steps that will allow WordPress to perform updates and install plugins. This will allow WordPress to read and write to the wp-config
file and wp-content
directory.
$ sudo chcon -t httpd_sys_rw_content_t /path/to/wordpress/wp-config.php$ sudo chcon -t httpd_sys_rw_content_t /path/to/wordpress/wp-content -R
If you have just installed W3 Total Cache, you will get an error that nginx.conf
cannot be written, as shown in the image below. The fix for this is simple.
You will need to allow WordPress to do so with the line below.
$ sudo chcon -t httpd_sys_rw_content_t /path/to/wordpress/nginx.conf
So, if you are getting similar errors that a file or directory cannot be written, simply follow the step above and replace nginx.conf
with the file or directory. For directories, remember to add -R
to apply the same settings to all files and directories within.
Troubleshooting
If WordPress prompts you to enter the credentials of your FTP, add the following line to the end of wp-config
.
define('FS_METHOD', 'direct');
Hope you are now able to update WordPress with SELinux enabled.
Give this article a clap if it helped you. ☺