CentOS and RHEL Access and Permission Problems

Trying to configure mail systems and you're hitting mysterious 'access denied' or 'permission denied' issues, even though permissions allow access? This often happens when trying to get postfix and dovecot to talk to each other.

The problem is most likely SELinux. Most people cop out by disabling SELinux; and if you disable it, it might solve your problem. In some cases, SELinux appears to interfere with access even when disabled - do a full rebuild of the permissions if you seem to have this problem. Check out this guide to CentOS security for information on how to enable and disable SELinux, and how to fix your security without disabling it.

Here is a full guide on SELinux in CentOS.

This wiki on SELinux booleans may also be helpful for the serious SELinux user (e.g. people who don't simply want to turn it off) .

Use sestatus to check your SELinux status.

The setenforce command allows you to change between Enforcing and Permissive modes on the fly but such changes do not persist through reboot.

To make changes persistent through a system reboot, edit the SELINUX= line in /etc/selinux/config to either 'enforcing', 'permissive', or 'disabled'.
e.g. SELINUX=permissive.

To relabel the entire filesystem (this seems to fix some problems where you have changed SELinux status):

# touch /.autorelabel
# reboot 

Users of Ubuntu may experience similar problems due to AppArmor. Problems are usually resolved by setting the AppArmor properties correctly.