CentOS apache startup config file security error
Solution 1
Try checking the permissions on the folder that contains netdisco_apache.conf
You are right Apache should be able to access the file as it has the same permissions, but it might not be able to access the folder it is contained in.
If you don't want to change folder permissions, just move netdisco_apache.conf to the /etc/httpd/conf directory (remember to update the reference to it in the /etc/httpd/conf/httpd.conf file if you do that.)
Solution 2
I placed my new config file in the /etc/httpd/conf directory, and that didn't solve the problem. I then changed the permissions to match httpd.conf and that didn't solve the problem.
Then I learned about the command ls -Z
. The output for mine looks like:
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 httpd.conf
-rw-r--r--. root root unconfined_u:object_r:user_home_t:s0 httpd-vhosts.conf
Notice the part at the end. That is called the context. I had created it as my user which gave it the unconfined_u part. To fix this I ran:
sudo chcon system_u:object_r:httpd_config_t:s0 httpd-vhosts.conf
This fixed the problem.
Solution 3
This can easily happen if you are editing an apache.conf, then you save and realize you don't have permission to the current file. If you save to desktop, then using an elevated permission, copy the conf back into place. Thanks for the note on this.
Related videos on Youtube
Joon
BY DAY: Solution architect for large corporates BY NIGHT: Computer hobbyist and gamer
Updated on September 18, 2022Comments
-
Joon over 1 year
I am setting up a NetDisco machine on CentOS, which entails adding an include to the apache httpd.conf file.
When I start apache by running "httpd" from a root command prompt, the process launches.
When I try start apache by running "service httpd start", I get the following output:
Starting httpd: httpd: Syntax error on line 1010 of /etc/httpd/conf/httpd.conf: Could not open configuration file /usr/local/netdisco/netdisco_apache.conf: Permission denied [FAILED]
That file has these permissions:
-rw-r--r--. 1 root root 1798 Apr 22 18:46 netdisco_apache.conf
And httpd.conf has these permissions:
-rw-r--r--. 1 root root 34520 Apr 22 17:06 httpd.conf
What gives, surely a file with the EXACT same permissions should be accessible to the apache service?
-
Andrew M. about 12 yearsCould it be that, when you started up Apache as root, it wrote some temporary files or similar that are now owned by root--and the
Permission Denied
you're seeing is trickling up from one of them when it tries to run as the www-data (or httpd) user? Apache config errors can be cryptic like that.
-
-
Joon over 6 yearsThanks that is useful to know. In my case it was the parent folder that I didn't have permission to, but this answer should help someone else somewhere down the line :-)