Random permission denied on Red Hat or CentOS

SELinux may be installed, which is completely independent level of security. And It ignores existing rights system and root!

Check if enabled: getenforce sestatus

List restrictions in real time: tail -n 0 -f /var/log/audit/audit.log

List types: ls -Z ps -Z

Example (add apache user write to graphite): chcon -R -h -t httpd_sys_content_t /opt/graphite/storage

Disable at all: echo 0 > /selinux/enforce