Permission denied: Could not open password file.

.htaccess .htpasswd
25,494

Solution 1

You are having this problem because of SELinux security context.

To overcome this you need to change the selinux label of the directory/file in question.

You can find out the apache process security context using ps axZ | grep httpd.

And check the same for ls -Z /var/www/html/server-auth/.htpasswd

To adjust the directory labeling try: chcon command (it's like chown). To make it permanent you may use: semanage command.

Detail instructions and a must read here: https://wiki.centos.org/HowTos/SELinux

Solution 2

With SELinux enabled Apache is unable to read files unless they are of the same type domain as the running process.

First, check the type domain of the httpd process.

ps axZ|grep httpd

Second, check the type domain of the .htpasswd file.

ls -Z /var/www/html/server-auth/.htpasswd

Use the command chcon to change the domain of the file to match that of the httpd process.

Example:

chcon -Rv --type=httpd_sys_content_t /var/www/html/server-auth/.htpasswd

This will change it permanently but the default SELinux context will be re-applied if the file system were to be "relabeled". If a user initiates the relabel process SELinux will read rules from /etc/selinux/*/contexts/files and apply the rules to the file system. To avoid that from changing files modified with chcon you have to create a new rule using the command semanage.

Example:

semanage fcontext -a -t httpd_sys_content_t /var/www/html/server-auth/.htpasswd

Use chcon first, test by looking at the audit log in /var/log/audit/audit.log. When you are sure the correct SELinux rules are applied, save your changes with semanage.

You use the restorecon command if you need to rollback your changes. restorecon reads the rules from /etc/selinux/*/contexts/files and applies them to the file system.

Example:

restorecon -v /var/www/html/server-auth/.htpasswd

Read more about SELinux on CentOS here https://wiki.centos.org/HowTos/SELinux.

Solution 3

Try wrapping your AuthUserFile in

AuthType Basic
AuthName "Restricted Access"
AuthUserFile "/var/www/html/server-auth/.htpasswd"
Require user manu

That solved the issues for me.

Share:
25,494

Related videos on Youtube

user1486269
Author by

user1486269

Updated on September 18, 2022

Comments

  • user1486269
    user1486269 over 1 year

    I am using Apache Red hat .

    I have .htaccess in my /var/www/html with permissions as followed

    -rwxr-xr-x. 1 apache apache 127 Dec 18 14:17 .htaccess

    .htaccess has following data set inside it 

    AuthType Basic
AuthName "Restricted Access"
AuthUserFile /var/www/html/server-auth/.htpasswd
Require user manu

    Permissions on var/www/html/server-auth/.htpasswd

    -rwxr-xr-x. 1 apache apache 40 Dec 16 19:11 .htpasswd

    When I open my web page on browser, and after putting username and password, the login prompts reappears. Even if the username and password is correct.

    Error logs:

    (13) Permission denied: Could not open password file: /var/www/html/server-auth/.htpasswd

    access to / failed, reason: verification of user id 'manu' not configured

    Any help!

    • Parthian Shot
      Parthian Shot over 8 years
      And, probably an obvious question, but what are the permissions on /var/www/html/server-auth/?
    • user1486269
      user1486269 over 8 years
      Permissions on server-auth drwxrwxr-x. 2 apache apache 4096 Dec 17 16:12 server-auth/
    • Diamond
      Diamond over 8 years
      If you have SELinux enabled, you can test by disabling it temporarily echo 0 > /selinux/enforce.
    • user1486269
      user1486269 over 8 years
      @bangal, yes it works by disabling it temporarily. So to use .htaccess, I have to disable SELinux ?
    • Parthian Shot
      Parthian Shot over 8 years
      @user1486269 Or you could figure out what you'd need to do within Selinux to make it work. You could use audit2allow, for example. Learning about selinux is pretty useful down the road; the point of selinux is to increase security, so disabling it will have a lot of nasty side-effects from a security perspective.
    • Aaron
      Aaron over 8 years
      Please follow the advise from @ParthianShot If I could upvote that more than once, I would.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

htaccess gives 500 - Internal Server Error
How to access htpasswd-protected page automatically
Password protect directory with Apache: "couldn't check user. Check your authn provider!"
How to create and edit .htaccess and .htpasswd locally on my computer and then upload to my site via ftp?
Invalid command 'AuthType', perhaps misspelled or defined by a module not included in the server configuration
Apache .htaccess error: 'not allowed here' on Debian Wheezy
How do I figure out what user & group Apache is running as?
Apache 2.4 "..authentication failure..:Password Mismatch"
How to logout when using .htaccess (and .htpasswd) authentication?
How to write "if...else" mod_rewrite statements in .htaccess