How to undo these 2 chcon commands

Hi
I am a little new at Linux and recently I had some permission issues with some images in a folder on my Red Hat server.
After trying to chmod and chown with no success, I found this forums that instructed to type in the following 2 commands:

chcon -h system_u:object_r:httpd_sys_content_t /opt/coldfusion8/wwwroot/mysite/assets/
chcon -R -h root:object_r:httpd_sys_content_t /opt/coldfusion8/wwwroot/mysite/assets/*

the problem i had was in a folder called 'rta-images' inside 'assets'
after entering this, all image files inside 'assets' quit working ( i had more images than the rta-images )

i tried restorecon but with no success, not sure if i got it right though
i also tried:
chmod -R 755 assets
chown -R myuser assets
again no success

if anyone has any clue how to revert this and  fix the error below

(the error that i get now on all the files and folders including 'assets' is also the error that i got before only on the images: You don't have permission to access /assets/ on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.)

thanks
LVL 4
dwkdAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

farzanjCommented:
You want to restore the SELinux context.

Try restorecon

Do man restorecon

Also, if you don't want SELinux to be enforcing, issue command setenforce 0
0
teedo757Commented:
you most likely need root permission to change the folder permissions. At the prompt type su- to log in as root (you will need to know the root password) and then navigate to the folder and chmod 755 "filename"
0
dwkdAuthor Commented:
@farzanj

i restored using restorecon -R /path/to/assets/ --still forbidden
i disabled SELinux and still I get access forbidden

..strange

@farzanj & @teedo757 the assets dir is 755 (rwxr-xr-x) and everything recursive

any other ideas?
could it be that apache user is being blocked or not part of either owner,group or other?
could it be the httpd.conf?

the strange part is that it never gave me forbidden until i did a chcon .. which should of been cancelled when selinux got disabled

strange...
0
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

RizyDeWinoCommented:
1. If you have not already rebooted the server after disabling selinux in /etc/sysconfig/selinux then do try that.

2. secondly if selinux is fully disabled ( system rebooted as well ) then it got to do with ownership of the folder, are there any additional error details in apache error logs ?
0
dwkdAuthor Commented:
apache error_log doesnt show anything
restarted the server
cat /etc/sysconfig/selinux shows selinux as disabled
all folders and files inside the wwwroot are set to 755
the owner is the same everywhere and some files work
it seems it is only images that do not work and throw a 403 forbidden error when i try to access via http
everything else inside the assets folder is accessible, js files, css files, all that works via http
0
dwkdAuthor Commented:
ok i think i may have a new lead

i deleted this cpanel account and transferred it again from my other server and everything worked fine, all was great, no forbidden errors.
Then i modified the account and gave it a new ip address and the error started showing again.
Changed it back to the old ip and it seems that it is not reversible.
Any idea what could of happened? i looked at the dns zone and everything is fine..
0
RizyDeWinoCommented:
well its bit strange behavior , one incident where I remember something similar was that images got corrupt and re-copying images from backup resolved the issue. See if it works in your case.

Also check the suexec logs and check for any clues there, in such permission errors that log can provide some clues.
0
dwkdAuthor Commented:
re-copied images - no change
/usr/local/apache/logs/suexec_log free of errors
0
RizyDeWinoCommented:
hmm , what is you PHP configuration , running as dso , phpsuexec or suphp ? And anything in suphp logs ?
0
dwkdAuthor Commented:
I found two things that after fixing the errors went away:

1. cPanel "minimum user ID used when creating new accounts" value was set to ' ' (blank)  - i set it to 500 - I think this caused the second issue since the account that was throwing errors was recently imported from another cpanel

2. An .htacccess file, which didn't cause any errors when it was placed there, but only after making changes - which is still weird - again it is probably tied to the fact that the account was created without a valid UID

i noticed this by accident when I copied the .htaccess file to another existing account root folder - images went down immediately

Thank you all for the input
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dwkdAuthor Commented:
thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.