Fedora 16: "Permission denied: file permissions deny server access"

permissions fedora selinux

13,514

Solution 1

If memory serves, you probably need to run chcon -R -h -t httpd_sys_content_t /var/www/html

This recursively sets your content directory to the proper context for Apache.

Solution 2

This file permission issue is, as you expected, due to SELinux. Its rather complicated, but the good folks at CentOS have put together a pretty good wiki to get you going. In short, you can either disable SELinux (totally bad idea), set it to permissive mode (slightly less bad idea), or work with SELinux. Since the wiki goes over the details in a fairly succinct fashion, i will keep it DRY and let you read the wiki.

I fixed mine by copying the files into /var/www/html and then restoring the default context for that folder using:

restorecon -Rv /var/www/html

13,514

Daniel Standage

Updated on September 18, 2022

Comments

Daniel Standage almost 2 years
I'm working with a fresh Fedora 16 install and I'm trying to get Apache up and running. I'm very familiar with Linux and somewhat with CentOS, but I have very little experience with Fedora and SELinux (whatever that is).

At first, after installing Apache, I couldn't even see the example webpage. I did some searching and finally fixed that problem by editing the iptables.
```
sudo iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
sudo iptables-save
```
I went ahead and started dropping some files in the web root, making sure the permissions were set correctly.
```
$ ls -Rlhp /var/www/html/
/var/www/html/:
total 8.0K
drwxr-xr-x. 2 apache root 4.0K Apr 20 22:47 files/

/var/www/html/files:
total 25M
-rw-r--r--. 1 apache users 25M Apr 20 22:47 SRR022918.errors.tar.gz
```
But then when I navigated to the corresponding URL (my.server.edu/files/SRR022918.errors.tar.gz), I got a 403 Permission denied error. I checked the Apache error log and found this message.
```
[Fri Apr 20 23:09:55 2012] [error] [client xxx.xxx.xx.xx] (13)Permission denied: file permissions deny server access: /var/www/html/files/SRR022918.errors.tar.gz
```
I tried setting file and directory permissions to 777, but that didn't solve the problem. This is really fishy, so I'm guessing this has something to do with SELinux. I have no experience with SELinux, so am I on the right track? If so, how do I fix this?
- becomingwisest about 12 years
  
  One thing to note is that sudo iptables-save only outputs the current iptables config. You will need to save that to /etc/sysconfig/iptables for it to survive a server reboot.
- Daniel Standage about 12 years
  
  And how is that done? Sorry for my lack of experience with Fedora...
- becomingwisest about 12 years
  
  I havent' tested this the following, so sudo cat /etc/sysconfig/iptables first so you know that it is before changing it, ( or use cp to back it up ). But sudo iptables-save | sudo tee /etc/sysconfig/iptables should work. Check the contents of it afterwards to see if it has the rule(s) you expect. If so, you could test it by then running sudo service iptables restart.
- Daniel Standage about 12 years
  
  @womble I personally prefer Debian (server) and Ubuntu (desktop), but the choice of distro was a decision made by my superior.
Josh over 5 years

I'd like to note that this answer worked perfectly for me on CentOS7.
Jtvd78 over 4 years

I tried just about everything to get file permissions to work. Thank you for this