nginx php can't write files on CentOS machine

Hahah! First of all .. I love your username, "ctrlz".

Regarding your issue and SELinux:

The web is scattered with posts of people recommending to disabling SELinux. It is definitely the simplest "solution", but it is not ideal in a production environment as it leaves your server more vulnerable.

Yesterday, I took a second dive into learning SELinux. I found the talk, SELinux for Mere Mortals (40min), by Thomas Cameron very helpful.

I don't know what Linux distribution you are using (and I'm not sure how much, if at all, SELinux varies between the others), but CentOS provides a SELinux Guide.

---

Quick Intro:

SELinux "contexts" are shown in the format user:role:type:range. By default, SELinux ships in the targeted mode, which limits access to resources by the type attribute.

You can append the -Z flag to commands such as ps, ls, cp, mv, mkdir, netstat, and more to view SELinux contexts on different resources.

To view the SELinux contexts of your web folder, run:

ls -lZ /usr/share/nginx/html

To view the context of your nginx process, run:

ps -auxZ | grep -i nginx

There are also SELinux "booleans" that can be enabled / disabled for common use cases. To view a list of booleans related to a web server (nginx in this case), run:

getsebool -a | grep -i httpd

To update a boolean value, you can set it using the setsebool command. Example:

setsebool httpd_read_user_content 1

A few other helpful commands:

• SELinux Labeling
  • chcon - temporarily change context of a file
  • semanage fcontext - permanently change context of a file
  • restorecon - restore contexts
• Helpful utilities
  • audit2allow

---

That's about where I am at with my SELinux know-how at the moment. I know this is an old post, but I hope this will help others.

Ok so basically I had to change to this:

SELINUX=permissive

in the /etc/selinux/config file. More info here: How to Disable SELinux.

I don't know if this is the best solution.