Yet another (13)Permission denied error on Apache2 server
Solution 1
Make your /home/username and /home has the permissions 755
EDITL: I'll add onto here so its easier to read
You posted this:
drwxr-xr-x 2 www-data root 4096 2011-04-18 03:04 .
drw-r--r-- 4 myusername myusername 4096 2011-04-18 02:13 ..
As you can see the /home/myusername folder has rw, r , r. You need to give "x" to that folder and the /home folder
chmod o+x /home
chmod o+x /home/myusername
Solution 2
(this is more of a debugging suggestion, as I think that Pratik has answered the question with the +x)
The error you mention is a file system permission error, so unless your apache config file is redirecting/aliasing onto some restricted place in the file system, then your problem is with the permissions on the /home/myusername/htdocs directory, or the index.html file.
In order to see where your apache user is being denied, run the following command;
su -s /bin/bash apache
and then attempt to
cd /home/myusername/htdocs
Solution 3
BEWARE of bad advice about permissions. Generally you should NOT put 755 on your /home/username directory.
The correct permissions are documented in the httpd.conf file and I will paste the pertinent sections here:
# This usually means that ~userid (/home/username for the lay person)
# must have permissions of 711
NOTE 711 on ~userid is recommended, please AVOID 755 for /home/username ( ~userid )!!!!!!!! ,
#~userid/public_html must have permissions"
# of 755"
~userid/public_html is ok to give 755, but if you give 755 to your ~userid folder EVERYONE on your system will be able to access your home folder and read your files and execute files in home, generally really BAD practice on a multi-user system. 711 avoids giving out read access to group and other
Related videos on Youtube
03 : 38
01 : 10
12 : 13
16 : 42
03 : 42
ImtiazeA
Updated on September 18, 2022Comments
-
ImtiazeA almost 2 years
I just can't figure it out. I'm running apache2 on a Ubuntu 10.04 i386 server. Whenever I visit my server (has an IP address, and is connected to internet with static IP xxx.xxx.xxx.xxx) so that's not the problem) in browser, mysub.domain.edu (renamed here), I get the following:
Forbidden You don't have permission to access /index.html on this serverThe apache2 error log confirms this:
[Mon Apr 18 02:38:20 2011] [error] [client zzz.zzz.zzz.zzz] (13)Permission denied: access to / deniedI'll try to provide all necessary information below:
1) Contents of /etc/apache2/httpd.conf
DirectoryIndex index.html index.php2) Contents of /etc/apache2/sites-available/default
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /home/myusername/htdocs <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/home/myusername/htdocs/"> Options Indexes FollowSymLinks MultiViews AllowOverride None order allow,deny allow from all DirectoryIndex index.html index.php Satisfy any </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> ServerName mysub.domain.edu </VirtualHost>3) Contents of /etc/apache2/sites-enabled/000-default
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /home/myusername/htdocs <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/home/myusername/htdocs/"> Options Indexes FollowSymLinks MultiViews AllowOverride None order allow,deny allow from all DirectoryIndex index.html index.php Satisfy any </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> ServerName mysub.domain.edu </VirtualHost>4) Result of ls -l (when I'm using sudo -i to be root):
root@myserver:/home/myusername# ls -l total 4 drwxr-xr-x 2 www-data root 4096 2011-04-18 03:04 htdocs5) ps auxwww | grep -i apache
root@myserver:/home# ps auxwww | grep -i apache root 15121 0.0 0.4 5408 2544 ? Ss 16:55 0:00 /usr/sbin/apache2 -k start www-data 15122 0.0 0.3 5180 1760 ? S 16:55 0:00 /usr/sbin/apache2 -k start www-data 15123 0.0 0.5 227020 2788 ? Sl 16:55 0:00 /usr/sbin/apache2 -k start www-data 15124 0.0 0.5 227020 2864 ? Sl 16:55 0:00 /usr/sbin/apache2 -k start root 29133 0.0 0.1 3320 680 pts/0 R+ 16:58 0:00 grep --color=auto -i apache6) ls -al /home/myusername/htdocs/
root@myserver:/# ls -al /home/myusername/htdocs/ total 20 drwxr-xr-x 2 www-data root 4096 2011-04-18 03:04 . drw-r--r-- 4 myusername myusername 4096 2011-04-18 02:13 .. -rw-r--r-- 1 root root 69 2011-04-18 02:14 index.htmlI'm not currently using any .htaccess files in my web root (htdocs) folder in my user folder.
I don't know what is wrong, I've been trying to fix his for over 12 hours and I've gotten nowhere. If you have any suggestions, I'm all ears...
-
BlueEel about 13 yearsI assume you've tried reloading the apache conf?
-
ImtiazeA about 13 yearsno, I haven't. do you mean just starting over from a blank /etc/apache2/apache2.conf? this is literally all I have in the file
DirectoryIndex index.html index.php -
Eduardo Ivanec about 13 yearsCan you also post the output of
ls -al /home/myusername/htdocs/? Also the output ofps auxwww | grep -i apacheto confirm apache is running as www-data. Finally, are you sure www-data can cd into /home/myusername? It needs to do that in order to reach htdocs. Postls -al /homeif in doubt. -
ImtiazeA about 13 years@eduardo i. done, it should be in the updated section also what is the -al flag?
-
-
ImtiazeA about 13 years
root@myserver:/home/myusername# ls -l total 4 drwxr-xr-x 2 www-data root 4096 2011-04-18 03:04 htdocs -
diomonogatari about 13 yearsYour problem is right here: drwxr-xr-x 2 www-data root 4096 2011-04-18 03:04 . drw-r--r-- 4 myusername myusername 4096 2011-04-18 02:13 .. The folder above your htdocs folder (i.e your home directory) has the wrong permissions. You need the "x" permisson on both /home and /home/myusername because that is needed to traverse through the directory Run the command chmod o+x /home/myusername -
ImtiazeA about 13 yearswow! that fixes it. I thought that www-data would only need +x on the htdocs folder...why does it need +x on home?
-
diomonogatari about 13 yearsIts because the www-data user needs to go through both folders, without x on the upper folders it never gets to htdocs
-
Ladadadada over 10 yearsIt might be worth explaining exactly what extra permission 755 gives a malicious user on your system compared to 711. The word access is rather vague and could be considered true for everything between 711 and 777. You could also explain what 711 still allows... for instance if you drop a world-readable
privatekey.pemin your home directory, can the malicious user still read it if your home directory has mode 711? -
Joseph Olstad over 10 years711 on the home folder grants rwx on owner, folder navigation but no file access at all for group and other. It is the minimum access required for UserDir to work, allows apache to navigate without file access. It is recommended in this case
