# sestatus
\nSElinux status : enabled
\nSELinux mount : \/selinux
\nCurrent mode : enforcing
\nMode from config file : enforcing
\nPolicy version : 21
\nPolicy from config file : targeted<\/blockquote>\n
-b \uc635\uc158\uc744 \uc0ac\uc6a9\ud558\uba74 \uac01\uc885 \uc635\uc158 \ud604\ud669\uc744 \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
3. SELinux \ube44\ud65c\uc131\ud654\uc2dc\ud0a4\uae30<\/strong>
\n(1) \uc601\uad6c\ud788 SELinux\ub97c \ube44\ud65c\uc131\ud654\uc2dc\ud0a4\ub294 \ubc29\ubc95<\/strong>
\n\/etc\/selinux\/config \ud30c\uc77c\uc5d0\uc11c
\nSELINUX=enforcing
\n\uc744
\nSELINUX=disabled
\n\ub85c \uc218\uc815\ud569\ub2c8\ub2e4.<\/p>\n(2) \uc77c\uc2dc\uc801\uc73c\ub85c SELinux\ub97c \ube44\ud65c\uc131\ud654\uc2dc\ud0a4\ub294 \ubc29\ubc95<\/strong><\/p>\necho 0 > \/selinux\/enforce
\n\ub610\ub294
\nsetenforce 0<\/blockquote>\n
4. SELinux \ud65c\uc131\ud654\uc2dc\ud0a4\uae30<\/strong>
\n(1) \uc601\uad6c\ud788 SELinux\ub97c \ud65c\uc131\ud654\uc2dc\ud0a4\ub294 \ubc29\ubc95<\/strong>
\n\/etc\/selinux\/config \ud30c\uc77c\uc5d0\uc11c
\nSELINUX=disabled
\n\ub97c
\nSELINUX=enforcing
\n\ub85c \uc218\uc815\ud569\ub2c8\ub2e4.<\/p>\n(2) \uc77c\uc2dc\uc801\uc73c\ub85c SELinux\ub97c \ud65c\uc131\ud654\uc2dc\ud0a4\ub294 \ubc29\ubc95<\/strong><\/p>\necho 1 > \/selinux\/enforce
\n\ub610\ub294
\nsetenforce 1<\/blockquote>\n","protected":false},"excerpt":{"rendered":"
SELinux\ub77c\ub294 \uac1c\ub150\uc774 RHEL5 \ubd80\ud130 \ub4e4\uc5b4 \uc654\ub2e4\uace0 \ud55c\ub2e4 \uc57d\uc790\ub294 Security Enhanced Linux \ub780\ub2e4.. \ubcc4\uc758 \ubcc4\uc9d3\uc744 \ub2e4 \ud574\ub3c4 \uacc4\uc18d \uc801\uc73c\ub85c access dined error\uac00 \ub098\uc654\ub294\ub370 \uc544\ub798\ucc98\ub7fc SELinux\uc758 Mode\ub97c \ubc14\uafd4\uc8fc\uba74 \ud574\uacb0 \ub41c\ub2e4.. \ub2e8, \ubcf4\uc548\uc740 \uc880 \ucde8\uc57d\ud574 \uc9c0\ub294 \uc57d\uc810\uc774 \uc788\ub2e8\ub2e4.. \uadf8\ub7fc.. \ud574\uacb0\ud560 \uc218 \uc788\ub294 \ubc29\ubc95\uc740?? \uc77c\ub2e8 \ub354 \ucc3e\uc544 \ubd10\uc57c \ud560\uac70 \uac19\ub2e4.. If you still see permission denied after verifying the permissions of the parent folders, it may be SELinux restricting access. To check if SELinux is running: # getenforce To disable SELinux until next reboot: # setenforce Permissive Restart Nginx and see if the problem persists. To allow nginx to serve your www directory (make sure you turn SELinux back on before testing this. i.e, setenforce Enforcing) # chcon -Rt httpd_sys_content_t \/path\/to\/www See my answer here for more details ==== SELinux \uc758 \uc0c1\uc138 \uc124\uba85 ============ 1. SELinux\uc758 \uc124\uc815 \u00a0 SELinux\uc5d0\ub294 3\uac00\uc9c0 \ubaa8\ub4dc\uac00 \uc788\uc2b5\ub2c8\ub2e4. Enforcing – SELinux\ub97c \ud65c\uc131\ud654\uc2dc\ud0a4\uace0 SELinux \uc815\ucc45\uc744 \uc2dc\ud589\ud569\ub2c8\ub2e4. Permissive – \uc815\ucc45\uc744 \uc2dc\ud589\ud558\ub294 \ub300\uc2e0 \uacbd\uace0\ub9cc \ucd9c\ub825\ud569\ub2c8\ub2e4. Disabled – SELinux \uc815\ucc45\uc744 \ub85c\ub4dc\ud558\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4. SELinux \uc815\ucc45\uc744 \uc644\uc804\ud788 \ube44\ud65c\uc131\ud654\uc2dc\ud0b5\ub2c8\ub2e4. \ub610\ud55c 2\uac00\uc9c0 \ub808\ubca8\uc774 \uc788\uc2b5\ub2c8\ub2e4. Targeted – \ub300\uc0c1\uc73c\ub85c \uc0bc\uc740 \ud504\ub85c\uc138\uc2a4\ub97c \ubcf4\ud638\ud569\ub2c8\ub2e4. Mls – \ub2e4\uc911 \ub808\ubca8 \ubcf4\uc548(Multi Level Security) \ubcf4\ud638 \uc0c1\ud0dc\uc785\ub2c8\ub2e4. 2. SELinux \uc0c1\ud0dc \ud655\uc778 (1) SELinux\uac00 \ud65c\uc131\ub41c \uc0c1\ud0dc\uc778\uc9c0 \ud655\uc778 # getenforce Disabled (2) SELinux\uc758 \uc0c1\ud0dc \ud655\uc778 # sestatus […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"ngg_post_thumbnail":0,"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[5],"tags":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5q9Zn-b9","jetpack-related-posts":[{"id":750,"url":"https:\/\/blog.box.kr\/?p=750","url_meta":{"origin":691,"position":0},"title":"NGINX: SELinux Changes when Upgrading to RHEL 6.6 \/ CentOS 6.6","date":"2015-05-08","format":false,"excerpt":"If you upgrade a running system to Red Hat Enterprise Linux (RHEL) 6.6 or CentOS 6.6, the Security Enhanced Linux (SELinux) security permissions that apply to NGINX are\u00a0relabelled to a much stricter posture. Although the permissions are adequate for the default configuration of NGINX, configuration for additional features can be\u2026","rel":"","context":"In "Linux"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":694,"url":"https:\/\/blog.box.kr\/?p=694","url_meta":{"origin":691,"position":1},"title":"* APM\uc124\uce58","date":"2015-04-15","format":false,"excerpt":"1. \uc124\uc815 \ubc29\ud654\ubcbd \ucf1c\uc838 80 \ud3ec\ud2b8, 3306 \ud3ec\ud2b8 vi \/etc\/sysconfig\/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT \/etc\/init.d\/iptables restart #\ub9c8\uc9c0\ub9c9\uc73c\ub85c \ub2e4\uc2dc \ubc29\ud654\ubcbd \ub54c\ubb38\uc5d0 \uc124\uc815\uc774 \uc801\uc6a9\ub429\ub2c8\ub2e4 2. \ub2eb\uae30SELINUX vi \/etc\/selinux\/config\u2026","rel":"","context":"In "\uae30\uc220\uc790\ub8cc"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":718,"url":"https:\/\/blog.box.kr\/?p=718","url_meta":{"origin":691,"position":2},"title":"How To Install Linux, Nginx, MySQL, PHP (LEMP) stack On CentOS 7","date":"2015-04-15","format":false,"excerpt":"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-install-linux-nginx-mysql-php-lemp-stack-on-centos-7 \u00a0 How To Install Linux, Nginx, MySQL, PHP (LEMP) stack On CentOS 7 Introduction A LEMP software stack is a group of open source software that is typically installed together to enable a server to host dynamic websites and web apps. This term is actually an acronym which represents\u2026","rel":"","context":"In "\uae30\uc220\uc790\ub8cc"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":826,"url":"https:\/\/blog.box.kr\/?p=826","url_meta":{"origin":691,"position":3},"title":"[scrap]50 UNIX \/ Linux Sysadmin Tutorials","date":"2015-05-20","format":false,"excerpt":"http:\/\/www.thegeekstuff.com\/2010\/12\/50-unix-linux-sysadmin-tutorials\/ \u00a0 Merry Christmas and Happy Holidays to all TGS Readers. To wrap this year, I\u2019ve collected 50 UNIX \/ Linux sysadmin related tutorials that we\u2019ve posted so far. This is lot of reading. Bookmark this article for your future reference and read it whenever you get free time. Disk\u2026","rel":"","context":"In "\uae30\uc220"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":703,"url":"https:\/\/blog.box.kr\/?p=703","url_meta":{"origin":691,"position":4},"title":"NGINX , TOMCAT\uc73c\ub85c Virtual Host \uad6c\uc131 \ud558\uae30","date":"2015-04-15","format":false,"excerpt":"1. NGINX \uc758 \uae30\uc874 \ub514\ub809\ud1a0\ub9ac\uc778 \/etc\/nginx\/config.d\/ \ud558\uc704\uc5d0 \uc0ac\uc6a9\ud560 \ub3c4\uba54\uc77c \ubcc4\ub85c *.conf\uc744 \uc0dd\uc131 \ud55c\ub2e4. 2. \ub0b4\uc6a9\uc740 \ud558\uae30\uc640 \uac19\uc774 \ud55c\ub2e4. server { listen 80; server_name www.aaaa.com; location \/ { proxy_pass http:\/\/127.0.0.1:(\uc5f4\ub9acPORT \ubcf4\ud1b5 8080); } } 3. \ub9cc\uc57d \ud2b9\uc815 \ub514\ub809\ud1a0\ub9ac\ubcc4\ub85c TOMCAT\uc11c\ubc84\ub97c \ub098\ub20c\ub54c\ub294 \uc544\ub798\uc640 \uac19\uc774 \uc14b\ud305 \ud55c\ub2e4. server { listen 80; server_name www.aaaa.com; \u00a0\u2026","rel":"","context":"In "\uae30\uc220\uc790\ub8cc"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":766,"url":"https:\/\/blog.box.kr\/?p=766","url_meta":{"origin":691,"position":5},"title":"install bugzilla with nginx on centos7","date":"2015-05-11","format":false,"excerpt":"Set the Hostname Before you begin installing and configuring the components described in this guide, please make sure you\u2019ve followed our instructions for setting your hostname. Issue the following commands to make sure it is set properly: hostname hostname -f The first command should show your short hostname, and the\u2026","rel":"","context":"In "Linux"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts\/691"}],"collection":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=691"}],"version-history":[{"count":0,"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts\/691\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=691"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}