I built a CentOS 6.2 virtual machine on my VMware Workstation as a utility server (192.168.1.135). I used the CentOS-6.2-i386-minimal.iso to do the install and then installed a LAMP stack on it. After that, the next step was to get phpMyAdmin to manage the MySQL database. I did the following to do so:
1. Downloaded the latest package from http://www.phpmyadmin.net/home_page/downloads.php onto my laptop (192.168.1.119).
2. Used WinSCP to copy the file to my home directory.
3. Logged in and sudo’ed to root.
4. Copied the file from my home directory to /var/www/html, untarred the package, and renamed the directory to phpmyadmin.
5. I then went to access the server at http://192.168.1.135/phpmyadmin. I then encountered the following 403 error.
You don’t have permission to access /phpmyadmin on this server.
The error logs (/var/log/httpd/error_log) showed the following:
[Thu Apr 19 06:28:22 2012] [error] [client 192.168.1.119] (13)Permission denied: access to /phpmyadmin/ denied
I then sought the counsel of Google. Many web sites talk about either permissions on the directory/files or the httpd.conf configuration. My issue was none of those. It had to do with selinux which apparently comes built into the minimal CentOS 6.2 install.
[root@sandbox conf]# yum list | grep selinux libselinux.i686 2.0.94-5.2.el6 @anaconda-CentOS-201112130233.i386/6.2 libselinux-utils.i686 2.0.94-5.2.el6 @anaconda-CentOS-201112130233.i386/6.2 selinux-policy.noarch 3.7.19-126.el6 @anaconda-CentOS-201112130233.i386/6.2 selinux-policy-targeted.noarch 3.7.19-126.el6 @anaconda-CentOS-201112130233.i386/6.2 ipa-server-selinux.i686 2.1.3-9.el6 base libselinux-devel.i686 2.0.94-5.2.el6 base libselinux-python.i686 2.0.94-5.2.el6 base libselinux-ruby.i686 2.0.94-5.2.el6 base libselinux-static.i686 2.0.94-5.2.el6 base pki-selinux.noarch 9.0.3-21.el6_2 updates selinux-policy.noarch 3.7.19-126.el6_2.10 updates selinux-policy-doc.noarch 3.7.19-126.el6_2.10 updates selinux-policy-minimum.noarch 3.7.19-126.el6_2.10 updates selinux-policy-mls.noarch 3.7.19-126.el6_2.10 updates selinux-policy-targeted.noarch 3.7.19-126.el6_2.10 updates
The problem was that the phpmyadmin package that I copied via WinSCP took the wrong context, which therefore didn’t have the appropriate permissions for apache to display.
[root@sandbox html]# ls -Z -rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 info.php drwxr-xr-x. root root unconfined_u:object_r:user_tmp_t:s0 phpmyadmin
To fix this, I needed to do the following:
chcon -R -t httpd_sys_content_t phpmyadmin
Note: be sure to use the -R to recursively apply that context against all files. Otherwise you will get a server misconfiguration error.
[root@sandbox html]# ls -Z -rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 info.php drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 phpmyadmin
In retrospect, had I downloaded the file via wget directly into the /var/www/html directory, it would have already taken the proper context, and I would not have had the issue.