Permissions on RHEL 7

So I’m trying to set up Matomo on my customer’s lab.

We’re running:
RHEL 7.9 Maipo
rh-php 7.3
rh-mariadb 10.3
matomo 3.14

I’ve got PHP working without issue. I can see phpnfo. I’m still trying to get to the initial setup page, but I get:

“Matomo couldn’t write to some directories (running as user ‘apache’).
Try to Execute the following commands on your serer, to allow Write access to these directories:
chown -R apache:apache: /opt/rh/httpd24/root/var/www/html/matomo…”

I’ve tried:

  1. running all of the commands listed with 0755 (for assets, cache, logs, tcpdf, templates_c)
  2. changing the whole matomo directory to 0777
  3. Running apachectl (syntax OK)
  4. Made all the directories manually in RHEL and updated the permissions as above (owner apache, group apache, permissions 0777)
  5. Reloading the httpd24-httpd service

Anyone have any ideas as to what to do next?

Hi,

If the permissions are definitely correct (you could try a sudo -u apache touch /opt/rh/httpd24/root/var/www/html/matomo/tmp/somefile, then I guess there might be something else causing the write to fail. Is the disk maybe out of space? Is there some other permission framework that denies the access.

Thanks for responding, Lukas!

I am pretty new to Linux.

So I copied some files to different parts of the directory strucutre and changed the permissions to be owned by the apache user with CHOWN then ran the touch command you suggested without any issue.

So as you say, there must be some other thing preventing it from working.

I figured out the problem!

I checked sestatus and it turns out that SELinux in enforced by default! I turned it off and Matomo started working!

Of course, I don’t want that, so I’m trying to figure out how to set up the enforcement policy for Matomo to work with it on.

Hi,

Unfortunately my experience with SELinux is nearly zero, so I can’t help you much there. But great to see that this seems to be the reason.

Hopefully the Internet will supply the required knowledge. This definitely isn’t the only time this has happened, so I should be able to find documentation.