ERROR: mysqli_connect(): (HY000/2002): Permission denied
Hi everyone,
I am trying to connect to an MySQL database from PHP and I get the following error in the /var/log/httpd/error_log. Code:
[Fri Sep 02 11:47:10.961123 2016] [:error] [pid 22023] [client 10.81.227.214:55722] PHP Warning: mysqli_connect(): (HY000/2002): Permission denied in /var/www/html/shenlab/software/TSD/Connections/connGS.php on line 9, referer: http://shenlab.sols.unlv.edu/shenlab/software/TSD/transcript_display.html Code:
<?php I have tried setting the sebooleans as follows: setsebool httpd_can_network_connect on setsebool httpd_can_network_connect_db on setsebool mysql_connect_any on setsebool mysql_connect_httpd on and I still get the error. I also tried restorecon -R /var/www/html/shenlab and I still get the error. I have been googling for a solution for hours and all I could find was this http://stackoverflow.com/questions/5...mission-denied And the solution that was provided was "you have to set up SELINUX correctly". Well how the F... do you set up SELINUX correctly???? Any help would be greatly appreciated. Ken |
Hi!
First of all, let it be known that I am far from an expert on SELinux, so I might be talking from my behind. But, this looks very odd for a boolean: Quote:
true, false or 1,0 Again, maybe this is 'on, off' thing is unique for SELinux, it just looks odd to me. Best regards, HMW |
Oops, I made a mistake in my original post.
The SE Booleans are: httpd_can_network_connect httpd_can_network_connect_db Sorry for the mistake. I corrected the original post. I used the following command to determine the state of the boolean Code:
getsebool -a | grep httpd_can_network Ken |
Quote:
Best regards, HMW |
Code:
# If you want to allow users to connect to mysql, you must turn on the allow_user_mysql_connect boolean. |
*Additionally note running 'grep mysql /var/log/audit.log /var/log/messages|audit2allow;' will explain and should also point to booleans like "allow_user_mysql_connect".
|
When I enter the command
Code:
# getsebool -a | grep mysql Code:
mysql_connect_any --> on I also ran "grep mysql /var/log/audit/audit.log" and below is the output: Code:
type=AVC msg=audit(1473022912.997:498): avc: denied { write } for pid=2268 comm="httpd" name="mysql.sock" dev="sdc3" ino=42205192 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=sock_file permissive=0 Ken P.S. There is no directory for /var/log/messages. |
Hello everybody. Thanks for all your input.
My mentor worked on the problem and fixed it. The database was moved from /var/lib/mysql to another directory. A symbolic link was made from the /var/lib/mysql to mysql.sock in the new directory. SELinux was preventing httpd from read access on the link /var/lib/mysql/mysql.sock file. The following two commands solved the problem: ausearch -c 'httpd' --raw | audit2allow -M my-httpd semodule -X 300 -i my-httpd.pp I am still not quite sure what these two commands do, but it fixed the problem. Thanks all. Case closed. Ken |
Thanks for posting feedback. Please mark thread "solved".
|
All times are GMT -5. The time now is 11:29 PM. |