Apache httpd permissions
Solution 1
What you have to do is copy the same security context /var/www/html has. To do this:
# ls -la --context /var/www/html
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t .
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t ..
-rw-r--r-- root root user_u:object_r:httpd_sys_content_t index.html
Then you have to set it to your desire DocumentRoot as follows:
# chcon -R system_u:object_r:httpd_sys_content_t /xyz/www
Solution 2
Is your target directory NTFS or ext3 ? Please check SELinux context of target directory using
ls -a --context /target/directory
If the context of target directory is alike
system_u:object_r:fusefs_t:s0
using
setsebool -P httpd_use_fusefs on
might work for you as it could be just a boolean issue for the filesystem. Please do confirm the security aspects of Booleans as I'm unaware of them.
Solution 3
I had the same problem - the chcon
command fixed it.
I was creating an install server and wanted my images under /export/install/<image>
with a symlink in the doc root. I was certain my httpd.conf
settings were correct.
The directories & files were 755 & 644 respectively, and the apache user could traverse the tree so what was it?
I used a similar command to the one above but used the reference option:
% chcon -R --reference=/var/www/html /export
Could have just shut off selinux
but I want to learn how to live with it.
Solution 4
Directories normally require the x
permission for processes to access files within them. With the permissions you currently have, you would be able to ls
the directory but not cd
into it. Since the directory is owned by you, Apache will be running with the permissions of the third column.
Try chmod +x /xyz/www
.
If you still have problems, check the permissions on /xyz/
as well.
Solution 5
http://wiki.centos.org/HowTos/SELinux
The 'chcon' command may be used to change SELinux security context of a file or files/directories in a similar way to how 'chown' or 'chmod' may be used to change the ownership or standard file permissions of a file.
chcon -Rv --type=httpd_sys_content_t /xyz/www
Related videos on Youtube
DD.
Updated on September 18, 2022Comments
-
DD. almost 2 years
I have created a directory
/xyz/www
With the following permissions:
-rw-r--r--. 1 myuser developers
I edited my http.conf:
DocumentRoot "/xyz/www/" <Directory "/xyz/www/"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory>
I get 403 error:
You don't have permission to access / on this server.
Looking in the logs:
(13)Permission denied: Can't open directory for index: /xyz/www/
I've tried recursively adding 777 permissions but still have the same issue.
-
zero_r about 12 yearsIs SELinux enabled?
-
DD. about 12 yearsYes it is enabled...when I setenforce 0...this fixes the problem!!
-
DD. about 12 years@zero_r can you suggest how to fix this? not familiar with SELinux
-
Michael Hampton almost 12 yearspossible duplicate of Permission denied in vhost document root
-
-
DD. about 12 yearsDid that already...amended post to add more clarity
-
gelraen about 12 yearsAnd reloaded httpd ?
-
DD. about 12 yearseven with 777 permissions on all files/directories I still get the same error.
-
Ladadadada about 12 yearsThe next place I generally look after that is SELinux or Apparmor but it looks like someone already suggested that.
-
Ben D almost 7 yearsI'm not sure how long I would have beaten my head against that problem... thanks!
-
Davor Josipovic over 6 yearsThis is a good point. The default security model of the Apache2 HTTPD server does not allow access to the root filesystem outside of /usr/share and /var/www. Check
apache2.conf
for this statement:<Directory /> Options FollowSymLinks AllowOverride None Require all denied </Directory>