CentOS apache startup config file security error

apache-2.2 security centos6 configuration

6,727

Solution 1

Try checking the permissions on the folder that contains netdisco_apache.conf

You are right Apache should be able to access the file as it has the same permissions, but it might not be able to access the folder it is contained in.

If you don't want to change folder permissions, just move netdisco_apache.conf to the /etc/httpd/conf directory (remember to update the reference to it in the /etc/httpd/conf/httpd.conf file if you do that.)

Solution 2

I placed my new config file in the /etc/httpd/conf directory, and that didn't solve the problem. I then changed the permissions to match httpd.conf and that didn't solve the problem.

Then I learned about the command ls -Z. The output for mine looks like:

-rw-r--r--. root   root system_u:object_r:httpd_config_t:s0 httpd.conf
-rw-r--r--. root root unconfined_u:object_r:user_home_t:s0 httpd-vhosts.conf

Notice the part at the end. That is called the context. I had created it as my user which gave it the unconfined_u part. To fix this I ran:

sudo chcon system_u:object_r:httpd_config_t:s0 httpd-vhosts.conf

This fixed the problem.

Solution 3

This can easily happen if you are editing an apache.conf, then you save and realize you don't have permission to the current file. If you save to desktop, then using an elevated permission, copy the conf back into place. Thanks for the note on this.

6,727

Joon

BY DAY: Solution architect for large corporates BY NIGHT: Computer hobbyist and gamer

Updated on September 18, 2022

Comments

Joon over 1 year
I am setting up a NetDisco machine on CentOS, which entails adding an include to the apache httpd.conf file.

When I start apache by running "httpd" from a root command prompt, the process launches.

When I try start apache by running "service httpd start", I get the following output:
```
Starting httpd: httpd: Syntax error on line 1010 of /etc/httpd/conf/httpd.conf: 
Could not open configuration file /usr/local/netdisco/netdisco_apache.conf: 
Permission denied
                                                                  [FAILED]
```
That file has these permissions:
```
-rw-r--r--. 1 root root  1798 Apr 22 18:46 netdisco_apache.conf
```
And httpd.conf has these permissions:
```
-rw-r--r--. 1 root root 34520 Apr 22 17:06 httpd.conf
```
What gives, surely a file with the EXACT same permissions should be accessible to the apache service?
- Andrew M. about 12 years
  
  Could it be that, when you started up Apache as root, it wrote some temporary files or similar that are now owned by root--and the Permission Denied you're seeing is trickling up from one of them when it tries to run as the www-data (or httpd) user? Apache config errors can be cryptic like that.
Joon over 6 years

Thanks that is useful to know. In my case it was the parent folder that I didn't have permission to, but this answer should help someone else somewhere down the line :-)