Apache httpd permissions

linux permissions httpd

40,360

Solution 1

What you have to do is copy the same security context /var/www/html has. To do this:

# ls -la --context /var/www/html
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t .
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t ..
-rw-r--r-- root root user_u:object_r:httpd_sys_content_t index.html

Then you have to set it to your desire DocumentRoot as follows:

# chcon -R system_u:object_r:httpd_sys_content_t /xyz/www

Solution 2

Is your target directory NTFS or ext3 ? Please check SELinux context of target directory using

ls -a --context /target/directory

If the context of target directory is alike

system_u:object_r:fusefs_t:s0

using

setsebool -P httpd_use_fusefs on

might work for you as it could be just a boolean issue for the filesystem. Please do confirm the security aspects of Booleans as I'm unaware of them.

SELinux Booleans

Solution 3

I had the same problem - the chcon command fixed it.

I was creating an install server and wanted my images under /export/install/<image> with a symlink in the doc root. I was certain my httpd.conf settings were correct.

The directories & files were 755 & 644 respectively, and the apache user could traverse the tree so what was it?

I used a similar command to the one above but used the reference option:

% chcon -R --reference=/var/www/html /export

Could have just shut off selinux but I want to learn how to live with it.

Solution 4

Directories normally require the x permission for processes to access files within them. With the permissions you currently have, you would be able to ls the directory but not cd into it. Since the directory is owned by you, Apache will be running with the permissions of the third column.

Try chmod +x /xyz/www.

If you still have problems, check the permissions on /xyz/ as well.

Solution 5

http://wiki.centos.org/HowTos/SELinux

The 'chcon' command may be used to change SELinux security context of a file or files/directories in a similar way to how 'chown' or 'chmod' may be used to change the ownership or standard file permissions of a file.

chcon -Rv --type=httpd_sys_content_t /xyz/www

View more solutions

40,360

DD.

Updated on September 18, 2022

Comments

DD. almost 2 years
I have created a directory
```
/xyz/www
```
With the following permissions:
```
-rw-r--r--. 1 myuser developers
```
I edited my http.conf:
```
DocumentRoot "/xyz/www/"
<Directory "/xyz/www/">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
```
I get 403 error: You don't have permission to access / on this server.

Looking in the logs:
```
(13)Permission denied: Can't open directory for index: /xyz/www/
```
I've tried recursively adding 777 permissions but still have the same issue.
- zero_r about 12 years
  
  Is SELinux enabled?
- DD. about 12 years
  
  Yes it is enabled...when I setenforce 0...this fixes the problem!!
- DD. about 12 years
  
  @zero_r can you suggest how to fix this? not familiar with SELinux
- Michael Hampton almost 12 years
  
  possible duplicate of Permission denied in vhost document root
DD. about 12 years

Did that already...amended post to add more clarity
gelraen about 12 years

And reloaded httpd ?
DD. about 12 years

even with 777 permissions on all files/directories I still get the same error.
Ladadadada about 12 years

The next place I generally look after that is SELinux or Apparmor but it looks like someone already suggested that.
Ben D almost 7 years

I'm not sure how long I would have beaten my head against that problem... thanks!
Davor Josipovic over 6 years

This is a good point. The default security model of the Apache2 HTTPD server does not allow access to the root filesystem outside of /usr/share and /var/www. Check apache2.conf for this statement: <Directory /> Options FollowSymLinks AllowOverride None Require all denied </Directory>