🐧

CentOS

32 notes  •  Linux & Server Admin
HomeLinux & Server Admin › CentOS

Add a Sudo User on CentOS 6

This guide explains how to create a new user and grant them sudo privileges on a CentOS 6 system, allowing them to run administrative commands without logging in as root.

Prerequisites

  • Root or sudo access to the server
  • CentOS 6 installed

Steps

  1. Create the new user: 
    sudo adduser newuser
  2. Set a password for the new user: 
    sudo passwd newuser

    Enter and confirm the new password when prompted.

  3. Add the user to the wheel group (which has sudo access on CentOS 6): 
    sudo usermod -aG wheel newuser
  4. Ensure the wheel group is enabled in sudoers. Open the sudoers file with visudo: 
    sudo visudo

    Find and uncomment the following line (remove the leading #):

    %wheel  ALL=(ALL)  ALL

Verify

Switch to the new user and test sudo access:

su - newuser
sudo whoami

The output should display root, confirming sudo privileges are active.

Notes

  • To log out of the root session after setup, type exit.
  • On CentOS 7+, the wheel group is enabled by default in sudoers.

Add Secondary IP Addresses on CentOS / RHEL

This guide explains how to add one or more secondary (alias) IP addresses to a network interface on CentOS or RHEL without requiring additional hardware.

Prerequisites

  • Root or sudo access
  • The primary network interface already configured (e.g., eth0)
  • Additional IP address(es) allocated to your server

Steps

  1. Identify your primary interface name: 
    ip addr show

    Note the interface name (e.g., eth0).

  2. Create an alias interface configuration file. Copy the primary interface config: 
    cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:1
  3. Edit the alias config file: 
    nano /etc/sysconfig/network-scripts/ifcfg-eth0:1

    Set the contents as follows (adjust IP/prefix to your values):

    DEVICE=eth0:1
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.1.101
PREFIX=24

    Remove any GATEWAY or DNS lines — those belong only on the primary interface.

  4. Bring up the alias interface: 
    ifup eth0:1

Verify

ip addr show eth0

You should see both the primary and the secondary IP addresses listed under the interface.

Notes

  • Add more secondary IPs by repeating the process with eth0:2, eth0:3, etc.
  • On RHEL/CentOS 7+ with NetworkManager, use nmcli instead of manual config files.
  • Changes persist across reboots because ONBOOT=yes is set.

Fix Network Connectivity Issues on CentOS / RHEL

This guide covers diagnosing and fixing common network connectivity problems on CentOS and RHEL, including interfaces that fail to come up after configuration changes and alias interfaces that do not respond to ping.

Prerequisites

  • Root or sudo access
  • Network interface already configured in /etc/sysconfig/network-scripts/

Steps

  1. Check network interface status: 
    ip addr show

    Confirm the expected interfaces and IP addresses are present.

  2. Bring up a specific interface without restarting the full network service: 
    ifup eth0:1

    Replace eth0:1 with the actual interface name.

  3. If the interface still fails, restart the network service: 
    # CentOS 6
service network restart

# CentOS 7
systemctl restart network
  4. Verify routing table is correct: 
    ip route show

    Ensure a default route exists and secondary IPs are routed correctly.

  5. Test connectivity: 
    ping -c 4 8.8.8.8
ping -c 4 <secondary-ip>

Verify

A successful ping output looks like:

4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.029/0.043/0.073/0.018 ms

Troubleshooting

  • 100% packet loss to a secondary IP: Check that the alias config file (ifcfg-eth0:1) does not have a GATEWAY entry and that ONBOOT=yes is set.
  • Interface not found: Verify the config filename matches the DEVICE= value inside it.
  • DNS resolution fails: Ensure /etc/resolv.conf has valid nameserver entries.

Set a Static IP Address on CentOS 7 Minimal

This guide explains how to configure a static IP address on a CentOS 7 minimal installation by editing the network interface configuration file directly.

Prerequisites

  • Root or sudo access
  • CentOS 7 minimal installation
  • Known static IP, subnet mask, gateway, and DNS server values for your network

Steps

  1. Identify the network interface name: 
    ip link show

    Note the interface name (e.g., ens33, enp0s3, or eth0).

  2. Edit the interface configuration file (replace ens33 with your interface name): 
    nano /etc/sysconfig/network-scripts/ifcfg-ens33
  3. Configure the file for static IP. Replace or add the following lines: 
    TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.1.100
PREFIX=24
GATEWAY=192.168.1.1
DNS1=8.8.8.8
DNS2=8.8.4.4

    Adjust IPADDR, PREFIX, GATEWAY, and DNS1 to match your network.

  4. Restart the network service to apply changes: 
    systemctl restart network

Verify

ip addr show ens33
ping -c 4 8.8.8.8

The interface should show the configured static IP, and ping should succeed.

Troubleshooting

  • Network fails to restart: Check for syntax errors with systemctl status network and review /var/log/messages.
  • Cannot reach gateway: Verify GATEWAY is set correctly and on the same subnet as IPADDR.
  • DNS not resolving: Confirm DNS1 is set and /etc/resolv.conf has been updated.

Mount a DVD-ROM on CentOS 7

This guide explains how to manually mount a DVD-ROM or CD-ROM drive on CentOS 7 when auto-mounting does not occur.

Prerequisites

  • Root or sudo access
  • A DVD-ROM drive connected to the system

Steps

  1. Insert the disc and identify the device name: 
    tail -f /var/log/messages

    Insert the disc. The log output will show the device name (e.g., /dev/sr0 or /dev/cdrom). Press Ctrl+C to stop.

  2. Create a mount point: 
    mkdir -p /mnt/dvd
  3. Mount the disc: 
    mount /dev/sr0 /mnt/dvd

    Replace /dev/sr0 with the actual device name if different.

  4. Access the disc contents: 
    ls /mnt/dvd
  5. Unmount when finished: 
    umount /mnt/dvd

Verify

df -h | grep dvd

The mount point should appear in the output while the disc is mounted.

Notes

  • Common device names: /dev/sr0, /dev/cdrom, /dev/dvd.
  • DVD/CD media uses the ISO 9660 filesystem, which is read-only.
  • To enable auto-mounting, install and enable the udisks2 service.

Mount a CD-ROM on Linux

This guide explains how to mount a CD-ROM or DVD drive on Linux. CDs and DVDs use the ISO 9660 filesystem, which all Linux distributions support natively.

Prerequisites

  • Root or sudo access
  • A CD/DVD drive with a disc inserted

Steps

  1. Identify the CD-ROM device: 
    ls -l /dev/cdrom
ls -l /dev/sr0

    Typically the device is /dev/sr0 with a symlink at /dev/cdrom.

  2. Create a mount point: 
    mkdir -p /mnt/cdrom
  3. Mount the CD-ROM: 
    mount -t iso9660 /dev/cdrom /mnt/cdrom

    Or simply:

    mount /dev/cdrom /mnt/cdrom
  4. Browse the contents: 
    ls /mnt/cdrom
  5. Unmount the disc when done: 
    umount /mnt/cdrom

    Ensure no terminal session has the mount point as its current directory before unmounting.

Verify

mount | grep cdrom

The output should show the cdrom device mounted at /mnt/cdrom with type iso9660.

Troubleshooting

  • "device is busy" on unmount: Make sure no process has the mount directory open. Use lsof /mnt/cdrom to find and close those processes.
  • Mount fails with "no medium found": The disc tray may be empty or the disc is not readable.
  • Permission denied: Run the mount command with sudo.

Set CentOS 7 to Boot to Command Line (Multi-User Target)

This guide explains how to configure CentOS 7 to boot directly to the command line (multi-user mode) instead of a graphical desktop environment, which is the recommended configuration for servers.

Prerequisites

  • Root or sudo access
  • CentOS 7 with systemd

Steps

  1. Check the current default boot target: 
    systemctl get-default

    If it returns graphical.target, the system boots to a GUI.

  2. Set the default target to multi-user (command line): 
    systemctl set-default multi-user.target

    Expected output:

    Removed symlink /etc/systemd/system/default.target.
Created symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/multi-user.target.
  3. Reboot to apply: 
    reboot

Verify

systemctl get-default

Output should be multi-user.target. After reboot, the system will present a text login prompt.

Notes

  • To revert to graphical boot: systemctl set-default graphical.target
  • To switch to the graphical environment temporarily without rebooting: systemctl isolate graphical.target
  • Multi-user mode is equivalent to runlevel 3 in older SysV init systems.

Install a LAMP Stack on CentOS 7

This guide walks through installing a full LAMP stack (Linux, Apache, MySQL/MariaDB, PHP) on CentOS 7, including enabling the Remi and EPEL repositories for an up-to-date PHP version.

Prerequisites

  • Root or sudo access
  • CentOS 7 server with internet access
  • yum-utils installed (yum install yum-utils)

Steps

  1. Verify the kernel version: 
    uname -r
  2. Install the Remi and EPEL repositories: 
    wget -q http://rpms.remirepo.net/enterprise/remi-release-7.rpm
wget -q https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh remi-release-7.rpm epel-release-latest-7.noarch.rpm
  3. Enable the desired PHP version (e.g., PHP 7.0): 
    yum-config-manager --enable remi-php70
  4. Install Apache: 
    yum install httpd
systemctl start httpd
systemctl enable httpd
  5. Install MariaDB: 
    yum install mariadb-server mariadb
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation
  6. Install PHP and common extensions: 
    yum install php php-mysql php-gd php-xml php-mbstring php-mcrypt
  7. Restart Apache to load PHP: 
    systemctl restart httpd
  8. Open HTTP and HTTPS ports in the firewall: 
    firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

Verify

Create a PHP info file to confirm PHP is working:

echo "<?php phpinfo(); ?>" > /var/www/html/info.php

Open http://<your-server-ip>/info.php in a browser. You should see the PHP information page. Remove the file afterward:

rm /var/www/html/info.php

Troubleshooting

  • Apache fails to start: Check systemctl status httpd and review /var/log/httpd/error_log.
  • PHP not processing: Ensure mod_php is installed and Apache was restarted after PHP installation.
  • Database connection errors: Verify MariaDB is running and the correct credentials are used.

Add Swap Space on CentOS 6

This guide explains how to add a swap file to a CentOS 6 server. Swap space allows the system to move idle memory pages to disk, preventing out-of-memory conditions on servers with limited RAM.

Prerequisites

  • Root or sudo access
  • Sufficient disk space for the swap file (recommended: 1-2x your RAM)

Steps

  1. Check existing swap: 
    swapon -s
free -m
  2. Create the swap file (this example creates a 1 GB file): 
    dd if=/dev/zero of=/swapfile bs=1024 count=1048576

    For a 2 GB file, use count=2097152.

  3. Secure the swap file: 
    chmod 600 /swapfile
  4. Set up the swap area: 
    mkswap /swapfile
  5. Enable the swap file: 
    swapon /swapfile
  6. Make swap permanent across reboots. Add the following line to /etc/fstab: 
    echo "/swapfile   swap   swap   sw   0   0" >> /etc/fstab

Verify

swapon -s
free -m

The swap file should appear in swapon -s output and the Swap row in free -m should reflect the new size.

Notes

  • Linux RAM is divided into pages. Swap allows inactive pages to be moved to disk, freeing RAM for active processes.
  • Adjust the swappiness value to control how aggressively the kernel uses swap: sysctl vm.swappiness=10 to make swap a last resort.
  • Swap on SSDs is generally fine but increases write wear; on HDDs it adds significant latency.

Install Ruby with RVM on CentOS

This guide explains how to install Ruby using RVM (Ruby Version Manager) on a CentOS server, which is the recommended method when deploying Ruby applications with Passenger and Nginx or Apache.

Prerequisites

  • Root or sudo access
  • CentOS 6 or 7 with internet access
  • Basic development tools installed

Steps

  1. Install required dependencies: 
    sudo yum install -y curl gpg gcc gcc-c++ make patch autoconf automake bison libffi-devel libtool readline-devel sqlite-devel zlib-devel openssl-devel
  2. Import the RVM GPG keys: 
    gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
  3. Install RVM: 
    curl -sSL https://get.rvm.io | bash -s stable
  4. Load RVM into the current shell session: 
    source /etc/profile.d/rvm.sh
  5. Install the required Ruby version (replace 2.7 with your target version): 
    rvm install 2.7
rvm use 2.7 --default
  6. Install Bundler: 
    gem install bundler

Verify

ruby -v
gem -v
bundler -v

Each command should print the installed version.

Notes

  • RVM installs Ruby per-user by default. For system-wide installation, use rvmsudo.
  • List available Ruby versions with: rvm list known
  • Switch between installed versions: rvm use <version>
  • For Passenger deployment, refer to the Passenger Library documentation for configuring Nginx or Apache to serve your Ruby application.

Linux Log Files Reference for System Administrators

This reference lists the most important log files on a Linux server running Apache, PHP, and related services. Knowing where to find logs is essential for diagnosing application and system problems.

Apache Log Files

FileDescription
/etc/httpd/logs/error_logApache main error log
/etc/httpd/logs/access_logApache access log (all HTTP requests)
/etc/httpd/logs/ssl_error_logSSL/TLS error log
/etc/httpd/conf.d/ssl.confVirtual host config for SSL (not a log, but referenced here)

System Log Files

FileDescription
/var/log/messagesGeneral system messages (kernel, services)
/var/log/secureAuthentication and authorization events (SSH, sudo)
/var/log/boot.logSystem boot messages
/var/log/cronCron job execution log
/var/log/dmesgKernel ring buffer (hardware detection at boot)
/var/log/yum.logYUM package manager installation history

MySQL / MariaDB Log Files

FileDescription
/var/log/mysqld.logMySQL error and startup log
/var/lib/mysql/<hostname>.errAlternate MySQL error log location

Mail Log Files

FileDescription
/var/log/maillogPostfix/Sendmail mail delivery log

Tips for Reading Logs

  • Follow a log in real time: tail -f /var/log/messages
  • Search for specific errors: grep -i error /var/log/httpd/error_log
  • View systemd journal logs: journalctl -xe
  • View logs for a specific service: journalctl -u httpd

Install ISPConfig 3 on CentOS 7 with Apache, Postfix, Dovecot, and BIND

This guide covers the installation of ISPConfig 3.1 on a CentOS 7.2 (64-bit) server. ISPConfig is a web hosting control panel that manages Apache, Postfix, Dovecot, Pure-FTPd, BIND DNS, and more through a web browser interface.

Prerequisites

  • A fresh CentOS 7.2 64-bit server
  • Root access
  • A fully qualified domain name (FQDN) pointed to the server
  • All updates applied: yum update -y

Steps

  1. Set the hostname: 
    hostnamectl set-hostname server1.example.com
  2. Install required packages: 
    yum install -y bind bind-utils mariadb-server mariadb httpd postfix dovecot pure-ftpd   clamav clamav-update spamassassin wget curl perl quota
  3. Install PHP (via Remi repo): 
    yum install -y epel-release
rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php56
yum install -y php php-mysql php-gd php-xml php-mbstring php-bcmath
  4. Enable and start core services: 
    systemctl enable mariadb httpd named postfix dovecot
systemctl start mariadb httpd named postfix dovecot
  5. Secure the MariaDB installation: 
    mysql_secure_installation
  6. Download and run the ISPConfig installer: 
    cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q install.php

    Follow the interactive prompts. Accept defaults unless you have specific requirements.

Verify

Access the ISPConfig panel in your browser:

https://<your-server-ip>:8080/

Log in with the admin credentials set during installation.

Notes

  • ISPConfig uses port 8080 by default. Ensure this port is open in your firewall: firewall-cmd --permanent --add-port=8080/tcp && firewall-cmd --reload
  • Refer to the official ISPConfig documentation for post-installation configuration of virtual hosts, email domains, and DNS zones.

Install and Configure VNC Remote Access for GNOME on CentOS 7

This guide explains how to install TigerVNC Server on CentOS 7 and configure it to provide remote desktop access to a GNOME desktop environment for one or more users.

Prerequisites

  • Root or sudo access
  • CentOS 7 with a network connection
  • At least one non-root user account for VNC access

Steps

  1. Create user accounts for VNC access (if not already created): 
    useradd user1
passwd user1
  2. Install the GNOME desktop environment: 
    yum groupinstall -y "GNOME Desktop"
  3. Install TigerVNC Server: 
    yum install -y tigervnc-server
  4. Create a VNC service config file for each user. Copy the template: 
    cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

    Edit the file and replace <USER> with the actual username:

    nano /etc/systemd/system/vncserver@:1.service

    Change the lines containing <USER>:

    ExecStart=/usr/bin/vncserver_wrapper <USER> %i
PIDFile=/home/<USER>/.vnc/%H%i.pid
  5. Set the VNC password for the user: 
    su - user1
vncpasswd
exit
  6. Reload systemd and start the VNC service: 
    systemctl daemon-reload
systemctl start vncserver@:1.service
systemctl enable vncserver@:1.service
  7. Open the VNC port in the firewall: 
    firewall-cmd --permanent --add-port=5901/tcp
firewall-cmd --reload

Verify

systemctl status vncserver@:1.service

The service should show as active. Connect using a VNC client to <server-ip>:1 (port 5901) with the VNC password set earlier.

Troubleshooting

  • Black screen on connect: Ensure the GNOME desktop group is fully installed and the user has a valid ~/.vnc/xstartup file.
  • Connection refused: Check that the firewall allows port 5901 and the VNC service is running.
  • For a second user, create vncserver@:2.service pointing to port 5902.

Set Up User and Group Disk Quotas on Linux

This guide explains how to configure filesystem-based disk quotas on Linux to limit disk usage per user or group, preventing any single user from consuming all available disk space.

Prerequisites

  • Root access
  • A filesystem that supports quotas (ext2/ext3/ext4, XFS)
  • quota package installed: yum install quota

Steps

  1. Enable quota options on the filesystem. Edit /etc/fstab and add usrquota and/or grpquota options to the target partition: 
    /dev/sda1   /home   ext4   defaults,usrquota,grpquota   0 2

    Remount the filesystem to apply changes:

    mount -o remount /home
  2. Create the quota database files: 
    quotacheck -cug /home

    This creates aquota.user and aquota.group in the filesystem root.

  3. Enable quotas: 
    quotaon -vug /home
  4. Set quota limits for a specific user (replace username with the actual user): 
    edquota -u username

    This opens a text editor. Set soft and hard limits (in KB) for blocks and inodes:

    Disk quotas for user username (uid 1001):
  Filesystem   blocks   soft   hard   inodes   soft   hard
  /dev/sda1    100      512000 1024000  0       0      0

    Soft limit: a warning threshold. Hard limit: the absolute maximum.

  5. Set quota limits for a group (optional): 
    edquota -g groupname

Verify

# Report quota usage for all users
repquota -a

# Check quota for a specific user
quota -u username

Notes

  • Soft limits allow temporary overages; users exceeding the soft limit during a grace period will be blocked when the grace period expires.
  • Set the grace period with: edquota -t
  • Quotas are checked at login; changes take effect without a reboot.
  • XFS has built-in quota support managed differently — use xfs_quota instead.

Fix Apache Subsys Lock Problem on CentOS 6

This guide explains how to resolve an Apache startup failure on CentOS 6.2 caused by a stale subsys lock file, which prevents Apache from starting normally.

Prerequisites

  • Root or sudo access
  • Apache (httpd) installed on CentOS 6

Understanding the Problem

The /var/lock/subsys/httpd file is created when Apache starts and removed when it stops. If Apache crashes or is killed unexpectedly, the lock file can remain, causing subsequent start attempts to fail with errors referencing the subsys lock.

Steps

  1. Check Apache status to confirm the error: 
    service httpd status
  2. Verify the stale lock file exists: 
    ls -la /var/lock/subsys/httpd
  3. Remove the stale lock file: 
    rm -f /var/lock/subsys/httpd
  4. Check for and remove any stale PID files: 
    rm -f /var/run/httpd/httpd.pid
  5. Start Apache: 
    service httpd start

Verify

service httpd status

Apache should report as running. Confirm by accessing the server in a browser or with:

curl -I http://localhost

Troubleshooting

  • Apache still fails to start: Check the error log for configuration issues: tail -50 /var/log/httpd/error_log
  • Syntax errors in config: Test configuration before starting: httpd -t
  • Port already in use: Another process may be on port 80: netstat -tlnp | grep :80

Disable IPv6 on RHEL / CentOS 6

This guide explains how to disable IPv6 on Red Hat Enterprise Linux or CentOS 6 systems where IPv6 is not required, which can simplify networking configuration and reduce potential attack surface.

Prerequisites

  • Root access
  • RHEL or CentOS 6.x

Steps

  1. Disable IPv6 in the kernel module configuration. Edit /etc/modprobe.d/modprobe.conf and add: 
    options ipv6 disable=1
alias net-pf-10 off
alias ipv6 off
install ipv6 /bin/true

    Note: On RHEL/CentOS 5.x, the file is /etc/modprobe.conf.

  2. Disable IPv6 in the network configuration. Edit /etc/sysconfig/network and add: 
    NETWORKING_IPV6=no
IPV6INIT=no
  3. Reboot the system: 
    reboot

Verify

After reboot, confirm IPv6 is disabled:

ip addr show | grep inet6

The command should return no output. Also check:

cat /proc/sys/net/ipv6/conf/all/disable_ipv6

Output should be 1.

Notes

  • On CentOS 7, IPv6 can be disabled via sysctl: add net.ipv6.conf.all.disable_ipv6 = 1 to /etc/sysctl.conf and run sysctl -p.
  • Some applications (like Postfix) may need additional configuration adjustments if they were listening on IPv6 addresses.

Configure SELinux Policies for Apache Web Servers

This guide explains how to configure SELinux policies to allow Apache to operate correctly on CentOS and RHEL systems where SELinux is enforcing. Rather than disabling SELinux, this guide shows how to create targeted policy rules that maintain security while allowing Apache to function.

Prerequisites

  • Root or sudo access
  • Apache (httpd) installed
  • SELinux in enforcing mode: getenforce should return Enforcing
  • Tools: yum install -y policycoreutils-python setroubleshoot-server

Steps

  1. Check the current SELinux mode: 
    getenforce
sestatus
  2. Check the SELinux context of web files. Files served by Apache should have the httpd_sys_content_t context: 
    ls -Z /var/www/html/

    If contexts are wrong, restore them:

    restorecon -Rv /var/www/html/
  3. Allow Apache to connect to the network (required for proxying or connecting to external services): 
    setsebool -P httpd_can_network_connect 1
  4. Allow Apache to connect to databases: 
    setsebool -P httpd_can_network_connect_db 1
  5. Allow Apache to read user home directories (for ~/public_html): 
    setsebool -P httpd_enable_homedirs 1
  6. Set the correct context on a custom web directory: 
    semanage fcontext -a -t httpd_sys_content_t "/custom/webroot(/.*)?"
restorecon -Rv /custom/webroot
  7. Diagnose denials using audit log: 
    tail -f /var/log/audit/audit.log | grep denied
# Or use audit2why for human-readable explanations:
grep AVC /var/log/audit/audit.log | audit2why
  8. Generate a custom policy from denials: 
    grep httpd /var/log/audit/audit.log | audit2allow -M my-httpd
semodule -i my-httpd.pp

Verify

systemctl restart httpd
curl -I http://localhost

Apache should respond correctly. Check /var/log/audit/audit.log for any remaining AVC denials.

Notes

  • Never set SELinux to permissive or disabled on production servers. Use targeted policy adjustments instead.
  • Use sealert -a /var/log/audit/audit.log for detailed denial analysis with suggested fixes.
  • List all httpd-related SELinux booleans: getsebool -a | grep httpd

Upgrade MySQL 5.5 to 5.6/5.7 or MariaDB on Linux

This guide explains how to safely upgrade MySQL from version 5.5 to 5.6 or 5.7, or upgrade MariaDB from 5.5 to 10.x on a Linux server. Always back up your data before performing any database upgrade.

Prerequisites

  • Root access
  • Current MySQL 5.5 or MariaDB 5.5 installation
  • Sufficient disk space for a full database backup

Steps

  1. Back up all databases: 
    mysqldump --all-databases --routines --triggers > /root/all-databases-backup.sql
  2. Stop the MySQL/MariaDB service: 
    systemctl stop mysqld
# or for MariaDB:
systemctl stop mariadb
  3. Remove the old MySQL packages (data files are preserved): 
    yum remove mysql mysql-server mysql-libs
  4. Install the new version repository and packages.

    For MySQL 5.7:

    rpm -Uvh https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
yum install mysql-community-server

    For MariaDB 10.x, create the repo file /etc/yum.repos.d/MariaDB.repo:

    [mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

    Then install:

    yum install MariaDB-server MariaDB-client
  5. Start the database service: 
    systemctl start mysqld
# or for MariaDB:
systemctl start mariadb
  6. Run the upgrade script to update system tables: 
    mysql_upgrade -u root -p
  7. Restart the service after upgrade: 
    systemctl restart mysqld

Verify

mysql -u root -p -e "SELECT VERSION();"

The output should show the new version number.

Troubleshooting

  • Service fails to start after upgrade: Check /var/log/mysqld.log for errors. Common issues include incompatible configuration options in /etc/my.cnf.
  • mysql_upgrade errors: Ensure the service is running before running mysql_upgrade.
  • Restore from backup if needed: mysql -u root -p < /root/all-databases-backup.sql

Create an SSL Certificate on Apache for CentOS 7

This guide explains how to create and configure a self-signed SSL certificate on Apache for CentOS 7, enabling HTTPS for your web server.

Prerequisites

  • Root or sudo access
  • Apache (httpd) installed and running
  • Port 443 accessible (check firewall)

Steps

  1. Install mod_ssl: 
    yum install -y mod_ssl openssl
  2. Generate a self-signed certificate: 
    openssl req -x509 -nodes -days 365 -newkey rsa:2048   -keyout /etc/pki/tls/private/ca.key   -out /etc/pki/tls/certs/ca.crt

    Fill in the prompts (Country, State, Organization, Common Name). Set Common Name to your server's IP or domain name.

  3. Configure Apache to use the certificate. Edit the SSL config file: 
    nano /etc/httpd/conf.d/ssl.conf

    Set the following lines (update paths if you used different file locations):

    SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
  4. Ensure Apache listens on port 443. In /etc/httpd/conf/httpd.conf, confirm this line exists: 
    Listen 443
  5. Open port 443 in the firewall: 
    firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload
  6. Restart Apache: 
    systemctl restart httpd

Verify

curl -k https://localhost
# Or check the certificate details:
openssl s_client -connect localhost:443 -showcerts

Notes

  • Self-signed certificates will show a browser warning. For production sites, use a certificate from a trusted CA such as Let's Encrypt: yum install certbot python2-certbot-apache.
  • The -days 365 flag sets certificate validity to one year. Increase this value for longer-lived certs.
  • If using SELinux, ensure httpd_can_network_connect is set and certificate file contexts are correct.

Fix PHP Version Conflicts Between php72w and php-common

This guide explains how to resolve the RPM conflict error php72w-common conflicts with php-common, which occurs when the Webtatic repository (providing php72w) and the Remi repository (providing php-common) are both installed and conflict with each other.

Understanding the Problem

When both the webtatic-release and remi repositories are enabled, their PHP packages conflict. The Webtatic repo provides packages like php72w-common while Remi provides php-common, and they cannot coexist.

Steps

  1. Identify the conflicting repository: 
    yum repolist
rpm -qa | grep webtatic
  2. Remove the Webtatic release package: 
    yum remove webtatic-release
  3. Clear the YUM cache: 
    yum clean all
  4. Retry your original installation command: 
    yum install php72w php72w-mysql php72w-gd
# or use Remi's packages:
yum install php php-mysql php-gd

Verify

php -v

The installed PHP version should display without errors.

Notes

  • Only enable one PHP repository at a time (either Webtatic or Remi, not both).
  • To disable a repo without removing it: yum-config-manager --disable webtatic
  • If you need packages from both repos, use yum install --disablerepo=webtatic or --disablerepo=remi flags on specific commands.

Fix phpMyAdmin 403 Forbidden Error on CentOS

This guide explains how to resolve a "403 Forbidden: You don't have permission to access /phpmyadmin" error on a CentOS server running Apache, by correctly configuring access control in the phpMyAdmin Apache configuration file.

Prerequisites

  • Root or sudo access
  • phpMyAdmin installed via yum
  • Apache running

Understanding the Problem

The default phpMyAdmin configuration restricts access to localhost only. When accessing phpMyAdmin from a remote IP, Apache returns 403 Forbidden.

Steps

  1. Edit the phpMyAdmin Apache config: 
    nano /etc/httpd/conf.d/phpMyAdmin.conf
  2. Locate the access control block for the /usr/share/phpMyAdmin/ directory. For Apache 2.4, it uses Require directives. Update it to allow access from your IP or all IPs:

    To allow a specific IP:

    <Directory /usr/share/phpMyAdmin/>
  AddDefaultCharset UTF-8
  <IfModule mod_authz_core.c>
    # Apache 2.4
    <RequireAny>
      Require ip 127.0.0.1
      Require ip ::1
      Require ip 192.168.1.0/24
    </RequireAny>
  </IfModule>
</Directory>

    To allow access from any IP (not recommended for public servers):

    Require all granted
  3. Restart Apache: 
    systemctl restart httpd

Verify

Access http://<your-server-ip>/phpmyadmin in a browser. The phpMyAdmin login page should appear.

Troubleshooting

  • Still getting 403: Check SELinux — it may be blocking access even if Apache config is correct. Run: setsebool -P httpd_can_network_connect_db 1
  • Configuration syntax errors: Test before restarting: apachectl configtest
  • Security recommendation: Restrict phpMyAdmin access to specific trusted IPs rather than opening it to all. Consider using an SSH tunnel for access.

Install PHP OPcache on CentOS 7

This guide explains how to install and configure PHP OPcache on CentOS 7. OPcache improves PHP performance by storing precompiled script bytecode in shared memory, eliminating the need for PHP to load and parse scripts on every request.

Prerequisites

  • Root or sudo access
  • PHP installed (PHP 5.5+ includes OPcache in the core)
  • Apache or Nginx running

Steps

  1. Install the OPcache extension: 
    yum install -y php-opcache
  2. Verify the OPcache config file was created: 
    ls /etc/php.d/10-opcache.ini
  3. Edit the OPcache configuration for optimal performance: 
    nano /etc/php.d/10-opcache.ini

    Recommended settings:

    opcache.enable=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
opcache.fast_shutdown=1
opcache.enable_cli=1
  4. Restart the web server: 
    systemctl restart httpd

Verify

Create a PHP info file and check for OPcache in the output:

echo "<?php phpinfo(); ?>" > /var/www/html/info.php

Open http://<your-server-ip>/info.php in a browser and search for "opcache". The OPcache section should show it as enabled. Remove the file when done:

rm /var/www/html/info.php

Notes

  • OPcache was previously known as Zend Optimizer+.
  • PHP 5.5 and later include OPcache in the core; for PHP 5.2-5.4, install via PECL: pecl install ZendOpcache.
  • Increase opcache.memory_consumption on servers with many PHP scripts or high traffic.
  • For development environments, set opcache.revalidate_freq=0 so code changes are picked up immediately.

Set the X-Frame-Options HTTP Header in Apache

This guide explains how to configure the X-Frame-Options HTTP response header in Apache to control whether your site can be embedded in iframes on other domains, protecting against clickjacking attacks.

Prerequisites

  • Root or sudo access
  • Apache (httpd) installed
  • mod_headers enabled (included by default in most Apache installations)

Understanding X-Frame-Options Values

  • DENY — Prevents any domain from framing your content
  • SAMEORIGIN — Allows framing only from the same origin
  • ALLOW-FROM https://example.com — Allows framing from a specific URL

Steps

  1. Check the current X-Frame-Options setting: 
    curl -I http://localhost

    Look for the X-Frame-Options header in the response.

  2. Find where X-Frame-Options is currently configured. Search in the Apache config directory: 
    grep -r "X-Frame-Options" /etc/httpd/conf.d/
  3. Edit the relevant config file (commonly /etc/httpd/conf.d/ssl.conf or a site-specific vhost file): 
    nano /etc/httpd/conf.d/ssl.conf

    Change DENY to SAMEORIGIN (or your preferred value):

    Header always set X-Frame-Options "SAMEORIGIN"
  4. Restart Apache: 
    systemctl restart httpd

Verify

curl -I http://localhost | grep X-Frame-Options

The header should reflect the new value.

Notes

  • To set the header globally, add the directive to /etc/httpd/conf/httpd.conf inside the <VirtualHost> or at server level.
  • Ensure mod_headers is loaded: httpd -M | grep headers
  • The modern replacement for X-Frame-Options is the Content-Security-Policy: frame-ancestors directive, which offers more fine-grained control.

Fix Common CentOS yum / Network Errors at Boot

This guide explains how to fix common YUM errors on CentOS such as "Cannot find a valid baseurl for repo: base/7/x86_64" or "could not retrieve mirrorlist", which are typically caused by the network interface not starting automatically at boot.

Understanding the Problem

These errors occur because the network interface is not up when yum tries to connect to repositories. The fix is to configure the interface to start automatically on boot.

Steps

  1. Identify your network interface name: 
    ip link show

    Note the interface name (e.g., enp0s3, eth0).

  2. Edit the interface config file: 
    nano /etc/sysconfig/network-scripts/ifcfg-enp0s3

    Set ONBOOT to yes:

    ONBOOT=yes
  3. Bring the interface up immediately: 
    dhclient enp0s3

    Or restart the network service:

    # CentOS 6
service network restart
# CentOS 7
systemctl restart network
  4. Retry the yum command: 
    yum update

Verify

ping -c 4 8.8.8.8

A successful ping confirms the network is up. yum update should now complete without mirror errors.

Troubleshooting

  • Interface still not coming up: Check for errors in /var/log/messages and confirm the config file has BOOTPROTO=dhcp (or a valid static IP).
  • YUM mirror errors persist despite network being up: See the guide on fixing YumRepo Mirror URL Errors for CentOS 6 EOL repositories.
  • DNS not resolving: Check /etc/resolv.conf has valid nameserver entries.

Install MySQL 5.6 on CentOS 7 / RHEL 7

This guide explains how to install MySQL Server 5.6 on CentOS 7 or RHEL 7. Because CentOS 7 ships with MariaDB in its default repositories, MySQL 5.6 must be installed from the official MySQL community repository.

Prerequisites

  • Root or sudo access
  • CentOS 7 or RHEL 7 with internet access

Steps

  1. Download and install the MySQL community repository RPM: 
    wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
rpm -ivh mysql-community-release-el7-5.noarch.rpm
  2. Install MySQL Server: 
    yum install mysql-community-server
  3. Start the MySQL service: 
    systemctl start mysqld
systemctl enable mysqld
  4. Retrieve the temporary root password (MySQL 5.6 generates one at first start): 
    grep 'temporary password' /var/log/mysqld.log
  5. Secure the installation and set a new root password: 
    mysql_secure_installation

    Follow the prompts to change the root password, remove anonymous users, disallow remote root login, and remove the test database.

Verify

mysql -u root -p -e "SELECT VERSION();"

The output should confirm MySQL 5.6.x is running.

Troubleshooting

  • Conflict with MariaDB: If MariaDB is installed, remove it first: yum remove mariadb mariadb-server
  • Service fails to start: Check /var/log/mysqld.log for errors.
  • Firewall: If remote MySQL access is needed, open port 3306: firewall-cmd --permanent --add-port=3306/tcp && firewall-cmd --reload

Install phpMyAdmin with Nginx on CentOS 7

This guide explains how to install phpMyAdmin on a CentOS 7 server running Nginx. phpMyAdmin is a web-based interface for managing MySQL and MariaDB databases.

Prerequisites

  • Root or sudo access
  • Nginx installed and running
  • PHP-FPM installed and running
  • MySQL or MariaDB installed
  • EPEL repository enabled: yum install epel-release

Steps

  1. Install phpMyAdmin: 
    yum install phpmyadmin
  2. Create an Nginx server block for phpMyAdmin. Create the file /etc/nginx/conf.d/phpmyadmin.conf: 
    server {
    listen 80;
    server_name your_domain_or_ip;
    root /usr/share/phpMyAdmin;
    index index.php index.html;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}
  3. Test and reload Nginx: 
    nginx -t
systemctl reload nginx
  4. Ensure PHP-FPM is running: 
    systemctl start php-fpm
systemctl enable php-fpm
  5. Open the firewall for HTTP: 
    firewall-cmd --permanent --add-service=http
firewall-cmd --reload

Verify

Access phpMyAdmin in a browser: http://<your-server-ip>/

The phpMyAdmin login screen should appear. Log in with your MySQL/MariaDB root credentials.

Troubleshooting

  • 502 Bad Gateway: Verify PHP-FPM is running and the socket path in the Nginx config matches the actual PHP-FPM socket.
  • 403 Forbidden: Check that Nginx has read access to the phpMyAdmin directory. Also verify SELinux contexts: restorecon -Rv /usr/share/phpMyAdmin
  • phpMyAdmin not found: Confirm the package installed to /usr/share/phpMyAdmin: rpm -ql phpmyadmin | head

Open and Close Ports with iptables on CentOS

This guide explains how to open and close specific TCP/UDP ports using iptables on CentOS and RHEL systems where iptables is the active firewall.

Prerequisites

  • Root or sudo access
  • iptables service installed and running (not firewalld)

Steps — Open a Port

  1. Open a TCP port (e.g., port 8080): 
    iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
  2. Open a UDP port (e.g., port 53 for DNS): 
    iptables -I INPUT -p udp --dport 53 -j ACCEPT
  3. Save the rules to persist across reboots: 
    # CentOS 6
service iptables save

# CentOS 7
iptables-save > /etc/sysconfig/iptables

Steps — Close a Port

  1. Block a TCP port (e.g., port 8080): 
    iptables -I INPUT -p tcp --dport 8080 -j DROP
  2. Remove an existing ACCEPT rule: 
    iptables -D INPUT -p tcp --dport 8080 -j ACCEPT

View Current Rules

iptables -L -n -v --line-numbers

Allow Access from a Specific IP Only

iptables -I INPUT -p tcp --dport 3306 -s 192.168.1.50 -j ACCEPT
iptables -I INPUT -p tcp --dport 3306 -j DROP

Verify

After adding a rule, test the port from another machine:

nc -zv <server-ip> 8080
# or
telnet <server-ip> 8080

Notes

  • Use -I INPUT (insert at top) rather than -A INPUT (append) to ensure your rule is evaluated before any DROP rules.
  • On CentOS 7, firewalld is the default firewall. If both iptables and firewalld are running, they may conflict. Use one or the other.
  • To switch from firewalld to iptables on CentOS 7: systemctl stop firewalld; systemctl disable firewalld; systemctl enable iptables; systemctl start iptables

Manage Firewall Rules with firewalld on CentOS 7

This guide explains how to use firewalld, the default firewall management tool on CentOS 7, which replaced iptables as the primary interface for managing firewall rules.

Prerequisites

  • Root or sudo access
  • CentOS 7 with firewalld installed (installed by default)

Starting and Enabling firewalld

systemctl start firewalld
systemctl enable firewalld
systemctl status firewalld

Common firewalld Commands

  1. Check the current firewall zone and rules: 
    firewall-cmd --state
firewall-cmd --get-active-zones
firewall-cmd --list-all
  2. Open a port permanently: 
    firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --reload
  3. Allow a service by name: 
    firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-service=ssh
firewall-cmd --reload
  4. Remove a port or service: 
    firewall-cmd --permanent --remove-port=8080/tcp
firewall-cmd --permanent --remove-service=http
firewall-cmd --reload
  5. List available service names: 
    firewall-cmd --get-services

Verify

firewall-cmd --list-all

The output shows the active zone, allowed services, and open ports.

Notes

  • Changes made without --permanent are runtime-only and lost on reload or reboot.
  • Always run firewall-cmd --reload after making permanent changes to apply them.
  • To use legacy iptables instead of firewalld: systemctl disable firewalld; systemctl enable iptables
  • Zones control the trust level of network connections. The default zone for most server setups is public.

Install PHP 5.4, 5.5, or 5.6 on CentOS 6 / CentOS 7

This guide explains how to install PHP 5.4, 5.5, or 5.6 on CentOS 6 or CentOS 7 using the Remi repository, which provides more up-to-date PHP packages than the default CentOS repos.

Prerequisites

  • Root or sudo access
  • CentOS 6 or CentOS 7 with internet access

Steps

  1. Install the EPEL repository: 
    # CentOS 7
yum install epel-release

# CentOS 6
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
  2. Install the Remi repository: 
    # CentOS 7
rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm

# CentOS 6
rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-6.rpm
  3. Install yum-utils for managing repository configs: 
    yum install yum-utils
  4. Enable the desired PHP version repo. Choose one: 
    # PHP 5.4
yum-config-manager --enable remi-php54

# PHP 5.5
yum-config-manager --enable remi-php55

# PHP 5.6
yum-config-manager --enable remi-php56
  5. Install PHP and common extensions: 
    yum install php php-mysql php-gd php-xml php-mbstring php-mcrypt php-pear
  6. Restart Apache to load the new PHP version: 
    systemctl restart httpd
# or on CentOS 6:
service httpd restart

Verify

php -v

The output should show the installed PHP version (5.4.x, 5.5.x, or 5.6.x).

Notes

  • Only enable one PHP version repo at a time. Disable previously enabled versions before switching: yum-config-manager --disable remi-php54
  • PHP 5.4, 5.5, and 5.6 are all end-of-life. For production servers, use PHP 7.4 or 8.x where possible.
  • To install PHP 7.x, use remi-php70, remi-php71, etc.

Fix YumRepo Mirror URL Error on CentOS 6

This guide explains how to fix the error "YumRepo Error: All mirror URLs are not using ftp, http[s] or file" on CentOS 6. This error occurs because CentOS 6 has reached end-of-life and the default mirror URLs no longer work. The fix is to point yum to the CentOS vault archive.

Understanding the Problem

CentOS 6 reached end-of-life in November 2020. The default yum repository mirrors have been removed. To continue using yum on CentOS 6, the repository configuration must be updated to point to the archived packages at vault.centos.org.

Steps

  1. Back up the existing repo file: 
    cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
  2. Replace the contents of /etc/yum.repos.d/CentOS-Base.repo with vault URLs: 
    cat > /etc/yum.repos.d/CentOS-Base.repo << 'EOF'
[base]
name=CentOS-$releasever - Base
baseurl=https://vault.centos.org/6.10/os/$basearch/
gpgcheck=1
gpgkey=https://vault.centos.org/RPM-GPG-KEY-CentOS-6

[updates]
name=CentOS-$releasever - Updates
baseurl=https://vault.centos.org/6.10/updates/$basearch/
gpgcheck=1
gpgkey=https://vault.centos.org/RPM-GPG-KEY-CentOS-6

[extras]
name=CentOS-$releasever - Extras
baseurl=https://vault.centos.org/6.10/extras/$basearch/
gpgcheck=1
gpgkey=https://vault.centos.org/RPM-GPG-KEY-CentOS-6
EOF
  3. Clean the YUM cache: 
    yum clean all
  4. Test the repository: 
    yum repolist

Verify

yum update

YUM should connect to the vault URLs without errors.

Notes

  • The vault contains the final CentOS 6.10 packages, which are no longer receiving security updates.
  • For production servers, migration to CentOS 7, CentOS Stream 8, or RHEL is strongly recommended.
  • If you also have EPEL or other third-party repos configured, update those to point to archived versions as well.

Fix "yum update" Failure on CentOS 6 After End-of-Life

This guide explains how to fix the error "Cannot find a valid baseurl for repo: base" when running yum update on CentOS 6, which occurs because CentOS 6 has reached end-of-life and the default repositories are no longer available.

Understanding the Problem

Two things can cause this error on CentOS 6: the network interface not being up at boot, or the repository mirrors being decommissioned after CentOS 6 EOL. Both solutions are covered here.

Solution 1 — Fix Network Interface Not Starting at Boot

  1. Edit the network interface config: 
    vim /etc/sysconfig/network-scripts/ifcfg-eth0
  2. Comment out or delete any mirrorlist= lines and ensure ONBOOT=yes: 
    ONBOOT=yes
  3. Start the network and retry: 
    service network start
yum update

Solution 2 — Point Repos to the CentOS Vault

  1. Edit the base repo file: 
    vim /etc/yum.repos.d/CentOS-Base.repo
  2. Comment out all mirrorlist= lines and add baseurl= pointing to the vault: 
    # Comment out:
# mirrorlist=http://mirrorlist.centos.org/...

# Add baseurl lines for each section, for example for [base]:
baseurl=https://vault.centos.org/6.10/os/$basearch/

    Repeat for [updates] and [extras] sections, using the corresponding vault paths.

  3. Clean YUM cache and retry: 
    yum clean all
yum update

Verify

yum repolist
yum update

Notes

  • CentOS 6 reached end-of-life in November 2020 and no longer receives security patches.
  • Plan migration to CentOS 7 or a supported distribution as soon as possible.
  • See the companion guide "Fix YumRepo Mirror URL Error on CentOS 6" for the complete vault repository configuration.

Fix WordPress Update File Copy Error on CentOS with SELinux

This guide explains how to fix the WordPress error "The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions" on a CentOS server running Apache with SELinux enforcing.

Understanding the Problem

This error typically occurs when the Apache process (httpd) does not have write permission to the WordPress files, either due to incorrect file ownership/permissions or SELinux denying write access.

Steps

  1. Check the ownership of your WordPress directory: 
    ls -la /var/www/html/wordpress/

    Files should be owned by the Apache user (apache on CentOS).

  2. Fix file ownership: 
    chown -R apache:apache /var/www/html/wordpress/
  3. Fix file permissions: 
    find /var/www/html/wordpress/ -type d -exec chmod 755 {} \;
find /var/www/html/wordpress/ -type f -exec chmod 644 {} \;
  4. If SELinux is enforcing, check for AVC denials: 
    grep httpd /var/log/audit/audit.log | grep denied | tail -20
  5. Set the correct SELinux context to allow Apache to write to WordPress files: 
    chcon -R -t httpd_sys_rw_content_t /var/www/html/wordpress/wp-content/
chcon -R -t httpd_sys_rw_content_t /var/www/html/wordpress/wp-includes/

    To make the context change permanent:

    semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/wordpress/wp-content(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/wordpress/wp-includes(/.*)?"
restorecon -Rv /var/www/html/wordpress/

Verify

Go to the WordPress admin dashboard and attempt the update again (Dashboard > Updates). The update should complete successfully.

Troubleshooting

  • Error persists after fixing ownership: SELinux may still be blocking writes. Set Apache to allow writes: setsebool -P httpd_unified 1
  • FTP credentials prompt: WordPress falls back to requesting FTP credentials when it cannot write directly. Fixing permissions and SELinux context eliminates this prompt.
  • Check SELinux booleans: getsebool -a | grep httpd_write