Solving the “Permission denied: make_sock: could not bind to address” issue when starting Apache on Linux
October 17, 2012 5 Comments
Does this looks familiar ?
[laurent2@centos2 conf]$ sudo service httpd start Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:8082 (13)Permission denied: make_sock: could not bind to address 0.0.0.0:8082 no listening sockets available, shutting down Unable to open logs [FAILED]
No, it’s not because I’m not running this as root (as explained here, here and there) : you can see in the command above that I’ve used the sudo command !
It’s (again) because SELinux is preventing the httpd process to listen on port 8082.
This can be checked by having a look at the SELinux log files:
- if the auditd daemon is running, SELinux denials are in /var/log/audit/audit.log.
- if the daemon is not running, you’ll find them in /var/log/messages.
[laurent2@centos2 conf]$ sudo tail /var/log/audit/audit.log [SNIP] type=AVC msg=audit(1350478371.269:183): avc: denied { name_bind } for pid=3207 comm="httpd" src=8082 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket [SNIP]
To make sure that SELinux is indeed the culprit, you can simply temporarly disable it to see if that solves your issue:
[laurent2@centos2 conf]$ getenforce Enforcing [laurent2@centos2 conf]$ sudo setenforce 0 [sudo] password for laurent2: [laurent2@centos2 conf]$ getenforce Permissive [laurent2@centos2 conf]$ sudo service httpd start Starting httpd: [ OK ]
Now the reason why SELinux prevents httpd to start listening on port 8082 is because only a certain number of ports are allowed:
[laurent2@centos2 conf]$ sudo semanage port -l | grep http http_cache_port_t tcp 3128, 8080, 8118, 8123, 10001-10010 http_cache_port_t udp 3130 http_port_t tcp 80, 443, 488, 8008, 8009, 8443 pegasus_http_port_t tcp 5988 pegasus_https_port_t tcp 5989
(by the way: if semanage is not installed, check here)
From there, you can choose to either disable SELinux, use a port that is currently allowed, or add the port you want to use to the list of authorized ports.
thank you!!! It was very helpful
THANK YOU THANK YOU THANK YOU. Do you know how many “you’re not running it as root” posts I saw? lol
it works like a charm, thank you mate.
This made my day. Thanks mate!
Muchas gracias. Llevaba varios dias con este error sin saber como solucionarlo. Mil gracias!!