Permission denied: Could not open password file.
Solution 1
You are having this problem because of SELinux security context.
To overcome this you need to change the selinux label of the directory/file in question.
You can find out the apache process security context using ps axZ | grep httpd
.
And check the same for ls -Z /var/www/html/server-auth/.htpasswd
To adjust the directory labeling try: chcon
command (it's like chown
).
To make it permanent you may use: semanage
command.
Detail instructions and a must read here: https://wiki.centos.org/HowTos/SELinux
Solution 2
With SELinux enabled Apache is unable to read files unless they are of the same type domain as the running process.
First, check the type domain of the httpd process.
ps axZ|grep httpd
Second, check the type domain of the .htpasswd file.
ls -Z /var/www/html/server-auth/.htpasswd
Use the command chcon
to change the domain of the file to match that of the httpd process.
Example:
chcon -Rv --type=httpd_sys_content_t /var/www/html/server-auth/.htpasswd
This will change it permanently but the default SELinux context will be re-applied if the file system were to be "relabeled". If a user initiates the relabel process SELinux will read rules from /etc/selinux/*/contexts/files and apply the rules to the file system. To avoid that from changing files modified with chcon
you have to create a new rule using the command semanage
.
Example:
semanage fcontext -a -t httpd_sys_content_t /var/www/html/server-auth/.htpasswd
Use chcon
first, test by looking at the audit log in /var/log/audit/audit.log
. When you are sure the correct SELinux rules are applied, save your changes with semanage
.
You use the restorecon
command if you need to rollback your changes. restorecon
reads the rules from /etc/selinux/*/contexts/files and applies them to the file system.
Example:
restorecon -v /var/www/html/server-auth/.htpasswd
Read more about SELinux on CentOS here https://wiki.centos.org/HowTos/SELinux.
Solution 3
Try wrapping your AuthUserFile in
AuthType Basic
AuthName "Restricted Access"
AuthUserFile "/var/www/html/server-auth/.htpasswd"
Require user manu
That solved the issues for me.
Related videos on Youtube
user1486269
Updated on September 18, 2022Comments
-
user1486269 over 1 year
I am using Apache Red hat .
I have .htaccess in my /var/www/html with permissions as followed
-rwxr-xr-x. 1 apache apache 127 Dec 18 14:17 .htaccess
.htaccess has following data set inside it
AuthType Basic AuthName "Restricted Access" AuthUserFile /var/www/html/server-auth/.htpasswd Require user manu
Permissions on var/www/html/server-auth/.htpasswd
-rwxr-xr-x. 1 apache apache 40 Dec 16 19:11 .htpasswd
When I open my web page on browser, and after putting username and password, the login prompts reappears. Even if the username and password is correct.
Error logs:
(13) Permission denied: Could not open password file: /var/www/html/server-auth/.htpasswd
access to / failed, reason: verification of user id 'manu' not configured
Any help!
-
Parthian Shot over 8 yearsAnd, probably an obvious question, but what are the permissions on
/var/www/html/server-auth/
? -
user1486269 over 8 yearsPermissions on server-auth drwxrwxr-x. 2 apache apache 4096 Dec 17 16:12 server-auth/
-
Diamond over 8 yearsIf you have SELinux enabled, you can test by disabling it temporarily
echo 0 > /selinux/enforce
. -
user1486269 over 8 years@bangal, yes it works by disabling it temporarily. So to use .htaccess, I have to disable SELinux ?
-
Parthian Shot over 8 years@user1486269 Or you could figure out what you'd need to do within Selinux to make it work. You could use audit2allow, for example. Learning about selinux is pretty useful down the road; the point of selinux is to increase security, so disabling it will have a lot of nasty side-effects from a security perspective.
-
Aaron over 8 yearsPlease follow the advise from @ParthianShot If I could upvote that more than once, I would.
-