Geek Answers Handbook

You have no permission error in Apache on CentOS

I installed apache 2.2 in centos 6. Everything worked fine when the Apache folder was by default /var/www/html . Then I set up a virtual host in my users home folder. After that, apache started showing Forbidden You don't have permission error when I tried to go to localhost or 127.0.0.1 from the browser.

this is the code i used in httpd.conf

 <VirtualHost *:80> DocumentRoot "/home/anjan/workspace/mfs" ServerName anjan-centOS <Directory "/home/anjan/workspace/mfs"> Options Indexes FollowSymLinks MultiViews AllowOverride All Order Deny,Allow Allow from all </Directory> </VirtualHost>

I also disabled SElinux , as mentioned in some articles, but in vain. If anyone could help me, that would be very grateful.

+6
source share
2 answers

I solved the problem. After interfering with the system, I found out that user "anjan" , who owns /home/anjan , had permission to read / write / execute on /home/anjan , but the group "anjan" created when user "anjan" was created didn’t have any permission whatsoever.

 ls -l /home/

showed

 drwx------. 28 anjan anjan 4096 Jan 21 13:19 anjan

so I changed the resolution with this command

 chmod -R 770 /home/anjan ls -l /home/ drwxrwx---. 28 anjan anjan 4096 Jan 21 13:19 anjan

I found out under which user apache works from this topic. It worked under user "apache"

so I added user "apache" to group "anjan" with this command.

 usermod -G anjan,apache apache

after that voila. No more Prohibited error.

PS I did everything as root user.

UPDATE The provided connection seems to be broken right now. Heres one more.

Just to be safe (to avoid future broken links) by copying the command here. In the terminal type -

 ps axo user,group,comm | grep apache
+6
source

This is (for me, at least) a dubious design. This basically means that the Apache user has WRITE access to all of these user files, including secrets like ssh-keys.

I do not like it if the cracker attacks apache.

A simple modification will be performed as "anjan":

 chmod -R g-rwx ~ # undo the unsafe -R first chmod g+rx ~ ~/workspace chmod -R g+rx ~/workspace/mfs

If apache is a member of the "anjan" group.

My recommendation is to use ACL: s if the file system supports this.

Is SELinux running? This should be so, and if it still remains that the SELinux policy blocks apache access to workspace/mfs , then the number of messages from sealert should be obvious in var / log / messages. This problem is usually fixed with the wise use of setsebol.

Disabling SELinux because something is not working and recommends this njaa method ....

The original problem is that apache works as it is, and because of this, it is reset when calculating permissions in another category.

 chmod o+rx ~anjan/ ~anjan/workspace/ ~anjan/workspace/mfs

should be enough.

CentOS 6 is a free version of RedHat Enterprise Linux (as in free beer), and as such a RedHat document https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/ is a must.

+1
source

More articles:


All Articles