DTT

Unable to open primary script

Published: December 1, 2025 (Updated: Dec 1, 2025)

Enjoying this content? Subscribe to the Channel!

Stop the Stress! How to Fix ‘unable to open primary script permission denied’ (CentOS 8 PHP/Moodle Fix)

Hi there! This is Darren O’Neill from Darren’s Tech Tutorials. If you’ve been spending hours scratching your head, wrestling with file permissions (chmod and chown) only to keep seeing the dreaded “Permission denied” error when trying to load your PHP application (like Moodle) on CentOS 8, you are definitely not alone.

This frustrating error often masks the true problem. You look in your Apache logs and see something like this:

Unable to open primary script var/www/html/moodle/index.php (Permission denied)

The good news? The solution is straightforward, and it has nothing to do with those standard permissions you’ve been debugging. The real culprit is SELinux.

In this quick guide, I’m going to walk you through the temporary fix to confirm the diagnosis and the permanent steps to disable SELinux so you can get your Moodle site (or any PHP application) up and running immediately!

## The Real Culprit: SELinux

When you see the ‘unable to open primary script permission denied’ message, it means the Apache web server (or whatever web service you are using) is being blocked from reading the file. While this usually points to standard Linux file permissions, on CentOS, it often means that SELinux (Security-Enhanced Linux) is enforcing security policies that prevent the web server from accessing that file path.

SELinux is a powerful security tool, but for development environments or when you need quick access, disabling it often provides the immediate relief needed to move forward.

Let’s first test if SELinux is indeed the cause.

## Step 1: Temporarily Disable SELinux for Instant Relief

We can temporarily disable SELinux without having to edit any configuration files. This is a fantastic troubleshooting step because if your site immediately starts working after this command, you know exactly what the problem is!

To temporarily disable SELinux, setting it to permissive mode, run the following command:

sudo setenforce 0

What this does: Setting setenforce 0 immediately changes the SELinux mode to Permissive. In permissive mode, SELinux policies are still loaded, but they only log warnings instead of enforcing blocks.

Now, try reloading your website (e.g., your Moodle index page). If the page loads correctly—perfect! You have successfully identified SELinux as the issue.

Note: This change is temporary and will revert back to its previous state (likely enforcing) once the system reboots. To solve this permanently, we need to edit the configuration file.

## Step 2: Permanently Disabling SELinux

If the temporary fix worked, we can now make this change permanent so you never encounter that permission denied error again.

We need to edit the main SELinux configuration file located at /etc/selinux/config. I’ll be using the vi editor here, but feel free to use nano if you prefer!

  1. Open the SELinux configuration file using sudo:

    sudo vi /etc/selinux/config

  2. Locate and Modify the SELINUX variable:

    In the file, find the line that starts with SELINUX= (it will likely be set to enforcing or permissive).

    # This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing  <-- THIS IS THE LINE WE NEED TO CHANGE

  3. Change the value to disabled:

    Edit the line to look exactly like this:

    SELINUX=disabled

  4. Save and Exit the file:

    • If you are using vi: Press Esc, then type :wq and press Enter (write and quit).

  5. Apply the Permanent Change:

    For this permanent change to take effect fully, the system needs to be initialized without the SELinux policy loaded. The easiest way to ensure this is to reboot your system.

    sudo reboot

Once your system restarts, SELinux will be fully disabled, and your Apache web server will no longer be blocked from opening primary PHP scripts like index.php. You should now be able to access your Moodle site or other PHP application without any errors!

## Wrapping Up

While there are more advanced SELinux tutorials available that teach you how to set specific contexts to allow access only for certain services (which is technically more secure), for most immediate troubleshooting and development needs, disabling SELinux is the fastest and most effective way to solve the unable to open primary script permission denied headache.

I hope this short guide saved you hours of frustrating debugging! Now you can spend less time fighting permissions and more time building your project.

If this video tutorial was helpful, please do me a favor and like this post and subscribe to Darren’s Tech Tutorials for more clear, actionable tech guides. Thanks for watching!