more re: Wordpress and SELinux


Dropping a couple of links here for myself; these were helpful in getting my Wordpress install @ Linode, on CentOS 7, working. In particular, enabling the ability to install plugins without SFTP.

Wildly more than I needed, but helpful: https://www.rayheffer.com/building-secure-wordpress-server-lamp-centos-7-selinux/

I think this one confirmed that the restorecon command was the key: https://francispereira.com/deploying-wordpress-with-selinux-enabled/

…and this is sort of weird but might be helpful: a history of my commands that got me from not-working to working:

cd wp-content
mkdir uploads
chown -R apache:apache uploads/
nano /etc/ssh/sshd_config ; re-enabling pwd auth, i think
systemctl restart sshd
ls -lZ
semanage fcontext -a -t httpd_sys_content_t "uploads(/.*)?" ; per that first link, but command not found
cd ..
restorecon -Rv wp-content/
cd wp-content/
ls -lZ
setsebool -P httpd_unified 1
sestatus
history

UPDATE: As I read the second link further, it actually provides an alternative and supposedly safer mechanism to let Wordpress write to /wp-uploads. The first link, and what I did, was allow httpd_unified to write. This is allegedly less secure; I should perhaps go back and change the security context of the /uploads folder instead (am I even using that terminology correctly? I think so). See the bit about halfway down that second link, Whitelisting /var/www/html/wp-content/uploads/ for write access

This entry was posted on September 19, 2018 with tags

indie.mood