httpd (13) Permission denied: access to / denied
27,089
Okay guys, problem was solved.
My issue was here:
[root@MSSPUPPET2 var]# ls -laZ /
drw-r--r--. root root system_u:object_r:root_t:s0 .
drw-r--r--. root root system_u:object_r:root_t:s0 ..
-rw-r--r-- root root ? .autofsck
dr-xr-xr-x. root root system_u:object_r:bin_t:s0 bin
dr-xr-xr-x. root root system_u:object_r:boot_t:s0 boot
drwxr-xr-x root root ? BUILD
drwxr-xr-x root root ? dev
drwxr-xr-x. root root system_u:object_r:etc_t:s0 etc
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 home
dr-xr-xr-x. root root system_u:object_r:lib_t:s0 lib
dr-xr-xr-x. root root system_u:object_r:lib_t:s0 lib64
drwx------. root root system_u:object_r:lost_found_t:s0 lost+found
drwxr-xr-x. root root system_u:object_r:mnt_t:s0 media
drwxr-xr-x. root root system_u:object_r:mnt_t:s0 mnt
drwxr-xr-x. root root system_u:object_r:usr_t:s0 opt
dr-xr-xr-x root root ? proc
drw-r--r--. root root system_u:object_r:admin_home_t:s0 root
drwxr-xr-x. root root system_u:object_r:bin_t:s0 sbin
drwxr-xr-x. root root system_u:object_r:root_t:s0 selinux
drwxr-xr-x. root root system_u:object_r:var_t:s0 srv
drwxr-xr-x root root ? sys
drwxrwxrwt. root root system_u:object_r:tmp_t:s0 tmp
drwxr-xr-x. root root system_u:object_r:usr_t:s0 usr
drwxr-xr-x. root root system_u:object_r:var_t:s0 var
The / directory did not have +x privileges.
Related videos on Youtube
Author by
mirage
Updated on September 18, 2022Comments
-
mirage over 1 year
My question is "How do I get my httpd to work?"
Whenever I try to access my http server, I get an access denied 403 message. The message described on the subject is got on the logfile:
/var/log/httpd/error_log
Let me post the output of certain things first.
My httpd.conf first. (the default one served via yum)
No virtual hosts whatsoever. The relevant lines from the conf are:
ServerTokens OS ServerRoot "/etc/httpd" PidFile run/httpd.pid Timeout 60 KeepAlive Off MaxKeepAliveRequests 100 KeepAliveTimeout 15 <IfModule prefork.c> StartServers 8 MinSpareServers 5 MaxSpareServers 20 ServerLimit 256 MaxClients 256 MaxRequestsPerChild 4000 </IfModule> <IfModule worker.c> StartServers 4 MaxClients 300 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 </IfModule> Listen 80 Include conf.d/*.conf User apache Group apache ServerAdmin root@localhost UseCanonicalName Off DocumentRoot "/var/www/html" <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> <IfModule mod_userdir.c> # # UserDir is disabled by default since it can confirm the presence # of a username on the system (depending on home directory # permissions). # UserDir disabled # # To enable requests to /~user/ to serve the user's public_html # directory, remove the "UserDir disabled" line above, and uncomment # the following line instead: # #UserDir public_html </IfModule> DirectoryIndex index.html index.html.var AccessFileName .htaccess <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy All </Files> TypesConfig /etc/mime.types DefaultType text/plain <IfModule mod_mime_magic.c> MIMEMagicFile conf/magic </IfModule> HostnameLookups Off ErrorLog logs/error_log LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog logs/access_log combined ServerSignature On Alias /icons/ "/var/www/icons/" <Directory "/var/www/icons"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> <IfModule mod_dav_fs.c> DAVLockDB /var/lib/dav/lockdb </IfModule> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" <Directory "/var/www/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8 AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ DefaultIcon /icons/unknown.gif ReadmeName README.html HeaderName HEADER.html IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t AddLanguage ca .ca AddLanguage cs .cz .cs AddLanguage da .dk AddLanguage de .de AddLanguage el .el AddLanguage en .en AddLanguage eo .eo AddLanguage es .es AddLanguage et .et AddLanguage fr .fr AddLanguage he .he AddLanguage hr .hr AddLanguage it .it AddLanguage ja .ja AddLanguage ko .ko AddLanguage ltz .ltz AddLanguage nl .nl AddLanguage nn .nn AddLanguage no .no AddLanguage pl .po AddLanguage pt .pt AddLanguage pt-BR .pt-br AddLanguage ru .ru AddLanguage sv .sv AddLanguage zh-CN .zh-cn AddLanguage zh-TW .zh-tw LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW ForceLanguagePriority Prefer Fallback AddDefaultCharset UTF-8 AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl AddHandler type-map var AddType text/html .shtml AddOutputFilter INCLUDES .shtml Alias /error/ "/var/www/error/" <IfModule mod_negotiation.c> <IfModule mod_include.c> <Directory "/var/www/error"> AllowOverride None Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var Order allow,deny Allow from all LanguagePriority en es de fr ForceLanguagePriority Prefer Fallback </Directory> </IfModule> </IfModule> BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "MS FrontPage" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully BrowserMatch "^gnome-vfs/1.0" redirect-carefully BrowserMatch "^XML Spy" redirect-carefully BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
Permissions in the DocumentRoot (/var/www/html) and it's parent directory seems to be fine.
[root@MSSPUPPET2 ~]# ls -la /var/www total 16 drwxr-xr-x 2 apache apache 4096 Aug 13 17:30 cgi-bin drwxr-xr-x 3 apache apache 4096 Nov 22 09:37 error drwxr-xr-x 5 apache apache 4096 Aug 13 17:30 html drwxr-xr-x 3 apache apache 4096 Nov 22 09:39 icons [root@MSSPUPPET2 ~]# ll /var/www/html total 16 -rw-r--r-- 1 apache apache 15 Nov 22 09:12 index.html drwxr-xr-x 11 apache apache 4096 Nov 21 11:16 phabricator drwxr-xr-x 7 apache apache 4096 Nov 21 14:16 varnish drwxr-xr-x 4 apache apache 4096 Nov 7 07:04 varnish-interface [root@MSSPUPPET2 ~]# cat /var/www/html/index.html <html> </html>
SELinux is disabled.
[root@MSSPUPPET2 var]# getenforce Disabled
Httpd runs as user apache
[root@MSSPUPPET2 var]# ps auxww | grep apache apache 1358 0.0 0.2 246296 5392 ? S 04:18 0:00 /usr/sbin/httpd apache 1359 0.0 0.2 246296 5392 ? S 04:18 0:00 /usr/sbin/httpd apache 1360 0.0 0.2 246296 5392 ? S 04:18 0:00 /usr/sbin/httpd apache 1361 0.0 0.2 246296 5392 ? S 04:18 0:00 /usr/sbin/httpd apache 1362 0.0 0.2 246296 5392 ? S 04:18 0:00 /usr/sbin/httpd apache 1363 0.0 0.2 246296 5388 ? S 04:18 0:00 /usr/sbin/httpd apache 1364 0.0 0.2 246296 5392 ? S 04:18 0:00 /usr/sbin/httpd apache 1365 0.0 0.2 246296 4988 ? S 04:18 0:00 /usr/sbin/httpd root 1903 0.0 0.0 103236 860 pts/0 S+ 04:29 0:00 grep apache
O/p of httpd -S
[root@MSSPUPPET2 var]# httpd -S httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName VirtualHost configuration: Syntax OK
-
Ketola over 10 yearsWhat exactly is your question? Where do you see this "httpd (13) Permission denied: access to / denied" error?
-
mirage over 10 yearsThis can be seen in /var/log/httpd/error_log
-
Jenny D over 10 yearsWhat's the output of
ls -ld /var/www
? -
Ketola over 10 yearsFirst stopdisablingselinux.com, then if you want to keep selinux disabled, reboot just in case to make sure it really is disabled.
-
-
mirage over 10 yearsNot really. I am getting access denied 403. Actually I found a lot of questions with the same topic (subject) on serverfault and others, so I guessed it was fine to just provide description of my system rather than precisely pinpoint my problem. Thanks for pointing it out.
-
nandoP over 10 yearsmy understanding is that to be an rfc compliant host on the internet, u need to have valid dns entries, and valid icann provided ip(s)