Apache 403 Forbidden from jenkins 发布 ssh 调用 shell

Question

I using Apache/2.4.6 in Centos7 to open the server.

I also using docker open gitlab and jenkins to do CI/CD.

But I have a strange problem.

I using jenkins call the shell (I am root) to deploy PHP file to /var/www/html.

And I also try to stop the server and restart the server.

It will be 403 Forbidden.

This my shell:

#!/bin/bash
path=`pwd`
filepath="/var/www/html"
echo "$path"
echo "$filepath"
sudo service httpd stop
if [ -d "$path/testproject" ];then
        echo "fetch code..."
        cd "$path/testproject"
        git pull
else
        echo "clone code ..."
        git clone ssh://git@XXXXX.com:2222/XXXXX/testproject.git
fi

if [ -d "$filepath/testproject" ];then
        echo "rm it"
        rm -rf $filepath/testproject
else
        echo "not rm"
fi

sudo mv "$path/testproject/phptest.php" $filepath
service httpd start

The strange is if I using jenkins to call the shell it will be Forbidden.

But if I using Xshell and call the shell, It will be OK and two version permission is same (they all 755).

I don't know how to fix it and find where am I set wrong.

Please help me or give me some direction.

Answer 1

You can check SELinux.

sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted


setenforce 0 //pause
setenforce 1 //pause start

You can also change the config

vim /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled

They may help you fix your permission problem.