in 2025, Tips and Tricks |

SELiunux Make Any Directory Writable by Apache

For any regular hosting for to setup any laravel or wordpress website I do this type of permission


sudo chown -R apache:apache /var/www/html
sudo find /var/www/html -type f -exec chmod 644 {} \;
sudo find /var/www/html -type d -exec chmod 755 {} \;

But in SELinux any directory (and its contents) should have a read-write context for Apache. For for public dir or any dir that needs file uploads should have something like below:


semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/public(/.*)?"
restorecon -Rv "/var/www/html/public"
setfacl -R -m u:apache:rwX /var/www/html/public

These three lines are all about making a directory writable by Apache under SELinux, but each line plays a slightly different role. Let’s break them down carefully.

1ī¸âƒŖ semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/public(/.*)?"

  • Purpose: Tells SELinux that this directory (and its contents) should have a read-write context for Apache.

  • Components:

    • semanage fcontext → manage file contexts (SELinux labels).

    • -a → add a new rule.

    • -t httpd_sys_rw_content_t → type: read-write content for web servers.

    • "/var/www/html/public(/.*)?" → regex pattern:

      • /var/www/html/public → the directory itself
      • (/.*)? → all files and subdirectories under it

  • Effect: SELinux knows that files here are allowed to be written by Apache/PHP.

Think of it as marking the folder for write permissions in SELinux’s eyes.

2ī¸âƒŖ restorecon -Rv "/var/www/html/public"

  • Purpose: Applies the SELinux context physically to the filesystem.

  • Components:

    • restorecon → restore the SELinux context on a file/directory to what semanage defined.
    • -R → recursively apply to all subdirectories/files.
    • -v → verbose, so you see what changed.

  • Effect: Actually sets httpd_sys_rw_content_t on /var/www/html/public and everything inside.

Without this, semanage just records the rule, it doesn’t change existing files.

3ī¸âƒŖ setfacl -R -m u:apache:rwX /var/www/html/public

  • Purpose: Grants actual Linux permissions (Access Control List) for the Apache user.

  • Components:

    • setfacl → set file ACLs (extra permissions beyond standard chmod).

    • -R → recursively.

    • -m u:apache:rwX → modify the ACL for user apache:

      • r → read
      • w → write
      • X → execute only if it’s a directory or already executable

  • Effect: Ensures Apache can read/write/create files regardless of regular ownership/permissions.

✅ TL;DR

Command Role
semanage fcontext Tells SELinux this directory is writable for Apache.
restorecon Applies the SELinux label to existing files/folders.
setfacl Gives Apache Linux-level write permission (ACL), independent of ownership.

Together, these three lines guarantee that both SELinux and Linux permissions allow Apache/PHP to create or modify files in /var/www/html/public.

Self Promotion

Codeboxr.com

Since 2011, Codeboxr has been transforming client visions into powerful, user-friendly web experiences. We specialize in building bespoke web applications that drive growth and engagement. Our deep expertise in modern technologies like Laravel and Flutter allows us to create robust, scalable solutions from the ground up. As WordPress veterans, we also excel at crafting high-performance websites and developing advanced custom plugins that extend functionality perfectly to your needs. Let’s build the advanced web solution your business demands.

Visit and learn more about us

Published

Updated