I’m using RHEL 8, and I have run into a crazy problem. My user account is unable to open PHP files.
If I have a file, owned by my user, and readable by my user, and I add
<?phpas the first line, I’m suddenly unable to open, edit, or view the file, even though I have not otherwise changed my permissions. It tells me:cat: test.txt: Operation not permittedIf I look at the file using
file, I see the file reported asPHP Scriptonce I add the above line.It doesn’t appear to be an SELinux problem, since
setenforce 0doesn’t change the behavior, andaudit2allowdoesn’t see anything.It’s possible this is happening to all script files, but on this server, I only need to use PHP scripts. Help!
Answer
I finally found my answer.
As part of a security audit on our web-host servers, the auditor recommended to the administrator that we follow STIG and NIST compliance standards on the servers. We didn’t strictly need to follow these standards, but they are highly respected best practices for hardening machines, so it seemed like a worthy goal.
During testing of the standards, no issues were discovered, and the standards were deployed on the servers.
As it turns out fapolicyd is installed as part of these standards, and one of its default policies is to block user access to program files. This didn’t impact the web application, but only user editing of those files.
Disabling fapolicyd service allowed the user to edit files. As needed, policies can be added to allow this access all the time.
For more info: http://people.redhat.com/sgrubb/fapolicyd/index.html
Attribution
Source : Link , Question Author : Nick2253 , Answer Author : Nick2253
