Wordpress, CentOS 5, MySQL and SELinux

  • Posted by jeff
  • April 27, 2008

I have an appreciation for security. In my career as a software developer I have always pressed my view that users should only be allowed the minimum authorization within a system for them to effectively and efficiently perform there jobs. It’s not always easy because security is in fact amazingly complex under the covers. And most of it is “under the covers”.

I recently upgraded a Fedora Core 3 installation on the server that hosts this site to CentOS 5. CentOS 5 is a de-branded version of RedHat Advanced Server 5. I’ve used RedHat variants for years and I’m up on most of the new features and functionality. However, since the addition the SELinux kernel extensions I am periodically faced with odd misbehaviors on those servers.

That brings me to the point of this entry.

I decided to use Wordpress to manage the content on my new jeffbeard.org web site. I used MySQL Administrator to connect to the MySQL instance from my workstation over SSH as I typically do, setup a new database, user and granted all the appropriate permissions. I then expanded the WP archive and put it in the root of my web site folder and pointed my browser to the installation. I got a useless error message saying there was something wrong with my database configuration which wasn’t accurate at all. I could connect using the CLI (command line interface) MySQL client just fine with the credentials I supplied. So being a developer I added a line of “debugging” code in the wp-db.php file after the attempt to connect:



</code>
...
$this->dbh = @mysql_connect($dbhost, $dbuser, $dbpassword, true);
echo(mysql_error());
if (!$this->dbh) {
...

The caused an error stating that it couldn’t connect to the server at “localhost”. That too wasn’t informative. I tried a few things like changing the hostname argument to the path to the socket (/tmp/mysql.sock), the IP address for localhost (127.0.0.1:3306) but nothing changed the behavior or the error message. Then I hit another site I use WP for on that host and got the exact same error. This suggested to me that it had something to do with the upgrade since that site worked fine last week. It was this that got me thinking about SELinux. I asked Google about it but didn’t get anything useful back so I simply turned off the SELinux extensions with this command

sudo setenforce 0

I tried the install again a Voila! it worked. The issue is apparently that the httpd process isn’t allowed to connect to the MySQL UNIX socket. I tried a couple of misfires of the chcon command and setsebool to no avail.

I have not yet found a real solution to this problem. I tried installing the SELinux policy sources so I could configure it so that, at least, the HTTPD process can connect to the MySQL socket. However, the package manager stubbornly refuses to install anything.

I’ll follow up this post when I get that resolved.

Information and Links

Join the fray by commenting, tracking what others have to say, or linking to it from your blog.

Information
April 27th, 2008
No Responses
Feeds and Links
Comment Feed
From This Author
Del.icio.us
Digg
Technorati
Categories and Tags
Software
, , ,

Other Posts
Wildfire In Boulder CO
UDF median on Windows

Write a Comment

Take a moment to comment and tell us what you think. Some basic HTML is allowed for formatting.

Reader Comments

Be the first to leave a comment!