Solving the “Permission denied: make_sock: could not bind to address” issue when starting Apache on Linux

Does this looks familiar ?

[laurent2@centos2 conf]$ sudo service httpd start
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:8082
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:8082
no listening sockets available, shutting down
Unable to open logs
 [FAILED]

No, it’s not because I’m not running this as root (as explained here, here and there) : you can see in the command above that I’ve used the sudo command !

It’s (again) because SELinux is preventing the httpd process to listen on port 8082.

This can be checked by having a look at the SELinux log files:

  • if the auditd daemon is running, SELinux denials are in /var/log/audit/audit.log.
  • if the daemon is not running, you’ll find them in /var/log/messages.
[laurent2@centos2 conf]$ sudo tail /var/log/audit/audit.log
[SNIP]
type=AVC msg=audit(1350478371.269:183): avc: denied { name_bind } for pid=3207 comm="httpd" src=8082 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
[SNIP]

To make sure that SELinux is indeed the culprit, you can simply temporarly disable it to see if that solves your issue:

[laurent2@centos2 conf]$ getenforce
Enforcing
[laurent2@centos2 conf]$ sudo setenforce 0
[sudo] password for laurent2:
[laurent2@centos2 conf]$ getenforce
Permissive
[laurent2@centos2 conf]$ sudo service httpd start
Starting httpd: [ OK ]

Now the reason why SELinux prevents httpd to start listening on port 8082 is because only a certain number of ports are allowed:

[laurent2@centos2 conf]$ sudo semanage port -l | grep http
 http_cache_port_t tcp 3128, 8080, 8118, 8123, 10001-10010
 http_cache_port_t udp 3130
 http_port_t tcp 80, 443, 488, 8008, 8009, 8443
 pegasus_http_port_t tcp 5988
 pegasus_https_port_t tcp 5989

(by the way: if semanage is not installed, check here)

From there, you can choose to either disable SELinux, use a port that is currently allowed, or add the port you want to use to the list of authorized ports.

Advertisements

Fixing the “non appearing files” issue when sharing files with SAMBA on CentOS

OK, I easily lost 8 hours trying to fix this issue:

  • installed SAMBA on CentOS
  • correctly configured smb.conf (security=user, writable=yes)
  • created a user account and declared it using smbpasswd
  • made sure that this user had full read/write access to the shared folder
  • made sure that the firewall was allowing SAMBA traffic

Then, from a Windows 7 PC, I used the ‘Map network drive” option, connected to my SAMBA shared drive, entered my SAMBA user name and password… and then what ?

  • only read-only access to the shared drive
  • only folders were visible, no files whatsoever

Do you know why ? Because SELinux is activated by default on CentOS.

To check if this is the case for you, use the ‘sestatus’ command: if you get an ‘enabled’ result, then you may want to disable it by following the procedure detailed here.

Laurent KUBASKI