httpd (13) Permission denied: access to / denied

apache-2.2 centos httpd
27,089

Okay guys, problem was solved.

My issue was here:

[root@MSSPUPPET2 var]# ls -laZ /
drw-r--r--. root root system_u:object_r:root_t:s0      .
drw-r--r--. root root system_u:object_r:root_t:s0      ..
-rw-r--r--  root root ?                                .autofsck
dr-xr-xr-x. root root system_u:object_r:bin_t:s0       bin
dr-xr-xr-x. root root system_u:object_r:boot_t:s0      boot
drwxr-xr-x  root root ?                                BUILD
drwxr-xr-x  root root ?                                dev
drwxr-xr-x. root root system_u:object_r:etc_t:s0       etc
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 home
dr-xr-xr-x. root root system_u:object_r:lib_t:s0       lib
dr-xr-xr-x. root root system_u:object_r:lib_t:s0       lib64
drwx------. root root system_u:object_r:lost_found_t:s0 lost+found
drwxr-xr-x. root root system_u:object_r:mnt_t:s0       media
drwxr-xr-x. root root system_u:object_r:mnt_t:s0       mnt
drwxr-xr-x. root root system_u:object_r:usr_t:s0       opt
dr-xr-xr-x  root root ?                                proc
drw-r--r--. root root system_u:object_r:admin_home_t:s0 root
drwxr-xr-x. root root system_u:object_r:bin_t:s0       sbin
drwxr-xr-x. root root system_u:object_r:root_t:s0      selinux
drwxr-xr-x. root root system_u:object_r:var_t:s0       srv
drwxr-xr-x  root root ?                                sys
drwxrwxrwt. root root system_u:object_r:tmp_t:s0       tmp
drwxr-xr-x. root root system_u:object_r:usr_t:s0       usr
drwxr-xr-x. root root system_u:object_r:var_t:s0       var

The / directory did not have +x privileges.

Share:
27,089

Related videos on Youtube

mirage
Author by

mirage

Updated on September 18, 2022

Comments

  • mirage
    mirage over 1 year

    My question is "How do I get my httpd to work?"

    Whenever I try to access my http server, I get an access denied 403 message. The message described on the subject is got on the logfile:

    /var/log/httpd/error_log

    Let me post the output of certain things first.

    My httpd.conf first. (the default one served via yum)

    http://pastebin.com/yQCr7GTz

    No virtual hosts whatsoever. The relevant lines from the conf are:

    ServerTokens OS

ServerRoot "/etc/httpd"

PidFile run/httpd.pid

Timeout 60

KeepAlive Off

MaxKeepAliveRequests 100

KeepAliveTimeout 15


<IfModule prefork.c>
StartServers       8
MinSpareServers    5
MaxSpareServers   20
ServerLimit      256
MaxClients       256
MaxRequestsPerChild  4000
</IfModule>

<IfModule worker.c>
StartServers         4
MaxClients         300
MinSpareThreads     25
MaxSpareThreads     75 
ThreadsPerChild     25
MaxRequestsPerChild  0
</IfModule>
Listen 80
Include conf.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
UseCanonicalName Off
DocumentRoot "/var/www/html"
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>


<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<IfModule mod_userdir.c>
    #
    # UserDir is disabled by default since it can confirm the presence
    # of a username on the system (depending on home directory
    # permissions).
    #
    UserDir disabled

    #
    # To enable requests to /~user/ to serve the user's public_html
    # directory, remove the "UserDir disabled" line above, and uncomment
    # the following line instead:
    # 
    #UserDir public_html

</IfModule>


DirectoryIndex index.html index.html.var

AccessFileName .htaccess

<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>

TypesConfig /etc/mime.types

DefaultType text/plain

<IfModule mod_mime_magic.c>
    MIMEMagicFile conf/magic
</IfModule>

HostnameLookups Off



ErrorLog logs/error_log
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

CustomLog logs/access_log combined
ServerSignature On
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<IfModule mod_dav_fs.c>
    DAVLockDB /var/lib/dav/lockdb
</IfModule>

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^

DefaultIcon /icons/unknown.gif


ReadmeName README.html
HeaderName HEADER.html

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw

LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW

ForceLanguagePriority Prefer Fallback

AddDefaultCharset UTF-8



AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl



AddHandler type-map var

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/error/"

<IfModule mod_negotiation.c>
<IfModule mod_include.c>
    <Directory "/var/www/error">
        AllowOverride None
        Options IncludesNoExec
        AddOutputFilter Includes html
        AddHandler type-map var
        Order allow,deny
        Allow from all
        LanguagePriority en es de fr
        ForceLanguagePriority Prefer Fallback
    </Directory>


</IfModule>
</IfModule>

BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully

    Permissions in the DocumentRoot (/var/www/html) and it's parent directory seems to be fine.

    [root@MSSPUPPET2 ~]# ls -la /var/www
total 16
drwxr-xr-x 2 apache apache 4096 Aug 13 17:30 cgi-bin
drwxr-xr-x 3 apache apache 4096 Nov 22 09:37 error
drwxr-xr-x 5 apache apache 4096 Aug 13 17:30 html
drwxr-xr-x 3 apache apache 4096 Nov 22 09:39 icons

[root@MSSPUPPET2 ~]# ll /var/www/html
total 16
-rw-r--r--  1 apache apache   15 Nov 22 09:12 index.html
drwxr-xr-x 11 apache apache 4096 Nov 21 11:16 phabricator
drwxr-xr-x  7 apache apache 4096 Nov 21 14:16 varnish
drwxr-xr-x  4 apache apache 4096 Nov  7 07:04 varnish-interface

[root@MSSPUPPET2 ~]# cat /var/www/html/index.html 
<html>
</html>

    SELinux is disabled.

    [root@MSSPUPPET2 var]# getenforce
Disabled

    Httpd runs as user apache

    [root@MSSPUPPET2 var]# ps auxww | grep apache
apache    1358  0.0  0.2 246296  5392 ?        S    04:18   0:00 /usr/sbin/httpd
apache    1359  0.0  0.2 246296  5392 ?        S    04:18   0:00 /usr/sbin/httpd
apache    1360  0.0  0.2 246296  5392 ?        S    04:18   0:00 /usr/sbin/httpd
apache    1361  0.0  0.2 246296  5392 ?        S    04:18   0:00 /usr/sbin/httpd
apache    1362  0.0  0.2 246296  5392 ?        S    04:18   0:00 /usr/sbin/httpd
apache    1363  0.0  0.2 246296  5388 ?        S    04:18   0:00 /usr/sbin/httpd
apache    1364  0.0  0.2 246296  5392 ?        S    04:18   0:00 /usr/sbin/httpd
apache    1365  0.0  0.2 246296  4988 ?        S    04:18   0:00 /usr/sbin/httpd
root      1903  0.0  0.0 103236   860 pts/0    S+   04:29   0:00 grep apache

    O/p of httpd -S

    [root@MSSPUPPET2 var]# httpd -S
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
VirtualHost configuration:
Syntax OK
    • Ketola
      Ketola over 10 years
      What exactly is your question? Where do you see this "httpd (13) Permission denied: access to / denied" error?
    • mirage
      mirage over 10 years
      This can be seen in /var/log/httpd/error_log
    • Jenny D
      Jenny D over 10 years
      What's the output of ls -ld /var/www?
    • Ketola
      Ketola over 10 years
      First stopdisablingselinux.com, then if you want to keep selinux disabled, reboot just in case to make sure it really is disabled.
  • mirage
    mirage over 10 years
    Not really. I am getting access denied 403. Actually I found a lot of questions with the same topic (subject) on serverfault and others, so I guessed it was fine to just provide description of my system rather than precisely pinpoint my problem. Thanks for pointing it out.
  • nandoP
    nandoP over 10 years
    my understanding is that to be an rfc compliant host on the internet, u need to have valid dns entries, and valid icann provided ip(s)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Best Apache & MySQL config for 16GB and 8 Cores
How to add /home/user/public_html as virtual host in apache - centos
AH00027: No authentication done error after upgrading from Apache 2.2 to 2.4
High RAM usage by Apache without any visitors
Apache HTTPd - rotatelogs not working
error messages when enabling /server-status on Centos with Apache version httpd-2.2.3-31
apache is not responding from the outside (firewall/iptables problem)
Having trouble starting/restarting httpd (apache)
CentOS httpd running as both root and apache user
Apache not showing a test page when I browse to the server running it