apache更改端口后无法启动成功的解决方案

转自:http://blog.itechol.com/space-33-do-blog-id-5114.html

CentOS5.5 系统 安装apache 
apache更改端口后无法启动显示现象如下:
第一次更改端口为:8000
[root@cacti-test cacti]# service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
(13)Permission denied: make_sock: could not bind to address [::]:8000
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:8000
no listening sockets available, shutting down
Unable to open logs
[FAILED]

尝试第二次将端口改为81
[root@cacti-test httpd]# service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
(13)Permission denied: make_sock: could not bind to address [::]:81
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:81
no listening sockets available, shutting down
Unable to open logs
[FAILED]


 Google 一下,发现原来是 SELinux  安全机制的作用。

(很难搞,如果很多牵扯的权限的事情找不到原因,就可以分析是否是它的作用)

解决方法如下:

查看selinux状态:

[root@cacti-test httpd]# sestatus

SELinux status:                 enabled

SELinuxfs mount:                /selinux

Current mode:                   enforcing

Mode from config file:          enforcing

Policy version:                 21

Policy from config file:        targeted

或者用

[root@cacti-test httpd]# getenforce

Enforcing

关闭selinux状态:(使用无启重启系统的方法)

详见:http://blog.itechol.com/space-33-do-blog-id-5088.html

[root@cacti-test httpd]# setenforce 0            关闭命令

[root@cacti-test httpd]# getenforce              重新查看selinux状态

Permissive  

尝试再次启动apache

[root@cacti-test httpd]# service httpd start

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

[  OK  ]        成功!!


附: selinux 管理命令semanage详解

semanage使用详解

NAME

semanage - SELinux Policy Management tool

SYNOPSIS

Output local customizations:导出selinux当前策略
semanage [ -S store ] -o [ output_file | - ]

Input local customizations:导入selinux策略
semanage [ -S store ] -i [ input_file | - ]

Manage booleans. Booleans allow the administrator to modify the confinement of processes based on his configuration.:管理一些进程、服务的开关、配置等等,全是开关两个状态
semanage boolean [-S store] -{d|m|l|n|D} -[-on|-off|1|0] -F boolean | boolean_file

Manage SELinux confined users (Roles and levels for an SELinux user)

semanage user [-S store] -{a|d|m|l|n|D} [-LrRP] selinux_name

Manage login mappings between linux users and SELinux confined users:将linux已存在的用户user映射到登陆保护

semanage login [-S store] -{a|d|m|l|n|D} [-sr] login_name | %groupname

-a:添加

-d:删除

-m:修改

-l:列举

-n:不打印说明头

-D:全部删除

例子:semanage login -a -s unconfined_u leowang

Manage network port type definitions:管理网络端口
semanage port [-S store] -{a|d|m|l|n|D} [-tr] [-p proto] port | port_range

-t:类型

-r:角色

例子:semanage port -a -t http_port_t -p tcp 81

Manage network interface type definitions
semanage interface [-S store] -{a|d|m|l|n|D} [-tr] interface_spec

Manage network node type definitions
semanage node [-S store] -{a|d|m|l|n|D} [-tr] [ -p protocol ] [-M netmask] address

Manage file context mapping definitions:管理文件安全上下文的映射

-f:文件

-s:用户

-t:类型

r:角色
semanage fcontext [-S store] -{a|d|m|l|n|D} [-frst] file_spec
semanage fcontext [-S store] -{a|d|m|l|n|D} -e replacement target
例子:semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" //新建一条规则,指定/web目录及其下的所有文件的扩展属性为httpd_sys_content_t

Manage processes type enforcement mode
semanage permissive [-S store] -{a|d|l|n|D} type

Disable/Enable dontaudit rules in policy
semanage dontaudit [-S store] [ on | off ]

Execute multiple commands within a single transaction.
semanage [-S store] -i command-file

  查看一下预定义

  #semanage port -l

http_cache_port_t              tcp      3128, 8080, 8118, 11211, 10001-10010
http_cache_port_t              udp      3130, 11211
http_port_t                    tcp      80, 443, 488, 8008, 8009, 8443

soundd_port_t                  tcp      8000, 9433, 16001

 原来8000 已经被预定义占用了,所有不能使用8000端口。

  # semanage port -a -t http_port_t -p tcp 81

 为Http 服务增加一个端口 81 ,同时将httpd 的端口改成 81 ,启动成功

Centos selinux


你可能感兴趣的:(apache更改端口后无法启动成功的解决方案)