Home / server / Questions / 396036
Accepted
DD.
Asked: 2012-06-07 03:35:15 +0800 CST

Apache httpd permissions

  • 772

I have created a directory

/xyz/www

With the following permissions:

-rw-r--r--. 1 myuser developers

I edited my http.conf:

DocumentRoot "/xyz/www/"
<Directory "/xyz/www/">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

I get 403 error: You don't have permission to access / on this server.

Looking in the logs:

(13)Permission denied: Can't open directory for index: /xyz/www/

I've tried recursively adding 777 permissions but still have the same issue.

linux permissions httpd

6 Answers

  1. Best Answer

    What you have to do is copy the same security context /var/www/html has. To do this:

    # ls -la --context /var/www/html
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t .
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t ..
-rw-r--r-- root root user_u:object_r:httpd_sys_content_t index.html

    Then you have to set it to your desire DocumentRoot as follows:

    # chcon -R system_u:object_r:httpd_sys_content_t /xyz/www
    • 17

  2. Is your target directory NTFS or ext3 ? Please check SELinux context of target directory using

    ls -a --context /target/directory

    If the context of target directory is alike

    system_u:object_r:fusefs_t:s0

    using

    setsebool -P httpd_use_fusefs on

    might work for you as it could be just a boolean issue for the filesystem. Please do confirm the security aspects of Booleans as I'm unaware of them.

    SELinux Booleans

    • 3

  3. Directories normally require the x permission for processes to access files within them. With the permissions you currently have, you would be able to ls the directory but not cd into it. Since the directory is owned by you, Apache will be running with the permissions of the third column.

    Try chmod +x /xyz/www.

    If you still have problems, check the permissions on /xyz/ as well.

    • 2

  4. I had the same problem - the chcon command fixed it.

    I was creating an install server and wanted my images under /export/install/<image> with a symlink in the doc root. I was certain my httpd.conf settings were correct.

    The directories & files were 755 & 644 respectively, and the apache user could traverse the tree so what was it?

    I used a similar command to the one above but used the reference option:

    % chcon -R --reference=/var/www/html /export

    Could have just shut off selinux but I want to learn how to live with it.

    • 2

  5. You should also add <Directory /xyz/www> section to apache config with something like

    Order allow,deny
Allow from all
    • 1

  6. http://wiki.centos.org/HowTos/SELinux

    The 'chcon' command may be used to change SELinux security context of a file or files/directories in a similar way to how 'chown' or 'chmod' may be used to change the ownership or standard file permissions of a file.

    chcon -Rv --type=httpd_sys_content_t /xyz/www

    • 1