Apache出现DocumentRoot must be a directory问题解决方法


Starting httpd: Syntax error on line 265 of /etc/httpd/conf/httpd.conf:

DocumentRoot must be a directory

这是系统起了SELinux的策略。把目录或文件设成了user_home_t类型,因此apache的进程没有权限,无法访问。针对Apache的进程所使用的SELinux target policy规定了apache的进程只能访问httpd_sys_content_t类型的目录或文件。


把目录或文件的策略类型改成 httpd_sys_content_t 就可以了。

# chcon -R -h -t httpd_sys_content_t /www/web/

然后可以用 ls -laZ 命令查看文件目录的策略类型。

# setsebool -P httpd_disable_trans=1


ASF Bugzilla Bug 33679:DocumentRoot location on different partition fails


“I can’t use alternate DocumentRoot on FC3″ issues are due to the SELinux

policy; the directory you choose will not have the correct SELinux label so

httpd is denied access by default. Either:

# chcon -R system_u:object_r:httpd_sys_content_t /my/new/docroot

or turn off the SELinux policy for httpd using:

# setsebool -P httpd_disable_trans=1


1.The best and cleanest method to relabel is to let init do it for you on boot.

touch /.autorelabel


By allowing the relabeling to occur early in the reboot process, you ensure that applications have the right labels when they are started and that they are started in the right order. If you relabel a live file system without rebooting, you may have processes running under the incorrect context. Making sure all the daemons are restarted and running in the right context can be difficult.

2.It is possible to relabel a live file system using fixfiles, or to relabel based on the RPM database:

fixfiles relabel

fixfiles -R packagename restore

Using the ability of fixfiles to restore contexts from packages is safer and quicker.

Redhat推荐的是1,不过1太麻烦了,需要reboot。我用了2. fixfiles relabel。大概过了1分钟就完成了,然后serviice httpd start。



电子邮件地址不会被公开。 必填项已用*标注