Should SELinux be enabled or disabled for using phpbb 3.3.0?

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
mahaju
Registered User
Posts: 6
Joined: Fri May 15, 2020 9:10 am

Should SELinux be enabled or disabled for using phpbb 3.3.0?

Post by mahaju »

I have realized that SELinux is causing weird errors with phpbb in my computer (login to ACP failing for no reason, weird phph errors above forum, etc)

I think SELinux has been setup to be enabled through some configuration file so every time I restart the computer I will run into the same problem

I remember reading selinux should be turned off when installing phpbb using

Code: Select all

setenforce 0
Should selinux always be turned off if I want to use phpbb? I am new to all this so I don't know what is the recommended configuration, but I had assumed that SELinux was a good thing and should be enabled, but it looks like I cannot use phpbb if I have it enabled. I don't know whether disabling it just for the sake of phpbb will expose my computer to other problems or not

What is recommended thing to do here? In general, do I need Selinux to be on or not? Are there any settings I need to set in phpbb to enable it to work with selinux? Is this a problem with phpbb or php itself? Will using a different forum software be any help, or can I expect to run into similar problems? I would rather use phpbb as far as possible if there is any way to make it work in centos with selinux on. I am ok with using a different/older version of php or phpbb is that's what is necessary.

Using Centos 8, php 7.2.11, phpbb 3.3.0

User avatar
P_I
Registered User
Posts: 1150
Joined: Tue Mar 01, 2011 8:35 pm
Location: Staying home - Calgary
Contact:

Re: Should SELinux be enabled or disabled for using phpbb 3.3.0?

Post by P_I »

There are two options. The easy road, turn it off, but that defeats the whole purpose of providing security throughout the server. I don't recommend that approach.

The second is learn how it works and what steps you might need to troubleshoot any problems you run into. That's my approach.

On my localhost testbed machine that runs CentOS 8 I keep SELinux enabled while running phpBB and I haven't run into any major problems. It doesn't take a significant amount of time to learn the basics of SELinux and the few commands that you'll need should you run into problems.

Read through HowTos/SELinux - CentOS Wiki and that should give you a good starting point. You might need to keep referring to the Troubleshooting SELinux section as you work on issues that might arise.

My testbed also runs WordPress and MediaWiki and I found SELinux - MediaWiki helpful to understand the concepts when installing an package from outside of the CentOS repositories, i.e. phpBB.

My $0.02.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams

User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 10383
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster
Contact:

Re: Should SELinux be enabled or disabled for using phpbb 3.3.0?

Post by Noxwizard »

phpBB runs just fine with SELinux, but you do need to know how to configure SELinux for web applications (not phpBB specific).

The most common issues we see are:
  • Copying files from your home directory to your web server directory. This leaves the file with their original security context. They need to be updated to use your web server context.
  • The files/folders which need to be writable are not given a writable security context. Similar to the first one, but writable files/folders require a different context than the rest of your files: httpd_sys_rw_content_t
  • phpBB is not allowed to make external network connections due to the httpd_can_network_connect policy being disabled.
  • Users attempt to configure phpBB to talk to an external database, but haven't enabled the httpd_can_network_connect_db policy.
There are more policy options, which are httpd specific, here: https://linux.die.net/man/8/httpd_selinux

Also check your server's audit log (typically /var/log/audit/audit.log) for actions that are being blocked by SELinux so that you can correct them.
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Do not contact me for private support, please share the question in our forums.

Post Reply

Return to “[3.3.x] Support Forum”