Solved

CentOS 6.5 Apache ACCESS DENIED

Posted on 2014-07-31
18
406 Views
Last Modified: 2014-07-31
I am able to get to the root of a web server, but all the sub-folders are getting access denied.  chmod permissions are set to 755 for all files and folders, and are owned by root:root.

Any assistance would be greatly appreciated.
httpd.conf.txt
0
Comment
Question by:tcloud
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 5
  • +1
18 Comments
 
LVL 12

Expert Comment

by:Kent W
ID: 40231987
Set the owner.group under your web root to root.apache recursively.
Also, check your httpd log, especially the error_log (however you have it named).
0
 

Author Comment

by:tcloud
ID: 40232011
[Thu Jul 31 10:40:55 2014] [client 10.1.80.21] (13)Permission denied: access to /setup/ denied
0
 
LVL 13

Expert Comment

by:duncanb7
ID: 40232019
change group at the sub-folder under root access and myloginname is next time you want
to login as user  with username

cd your sub-folder
chgrp -R -v myloginname *

if not okay, also change group for the sub-folder itself

Duncan
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Expert Comment

by:Kent W
ID: 40232030
That's a clue.  /setup to what?  In your webroot, try inserting a plain vanilla "index.htm" or whatever you have your indexes set to, with a simple "Hello World" or some text in it.  
Are you trying to install a php web app?  If so, that would be good information.  Many setups for php / web apps need at least temporary rwx.  You can see if this is really a permissions problem or an IP allowed problem by temporarily chmoding the directory to 777.  If it works, you know permissions are the right tree.  If not, then something else is amiss.

Also, is SELinux enforcing?  You may set that off too -
setenforce 0
But don't do both at once, try one at a time so you know what "fixed" the issue.

Also, your .htaccess may be redirecting to /setup (not sure if you are hitting that directory by naming in the URL, or you are being redirected to it)
0
 

Author Comment

by:tcloud
ID: 40232053
Duncan,

that changed permissions back to root:root, and did not resolve the issue.  Note that the /var/www/html folder (wwwroot) also has root:root permissions, and I am able to access the files in that folder via web page.

Thanks!
0
 

Author Comment

by:tcloud
ID: 40232057
mugojava,

I have a phpinfo.php in /var/www/html/ and one in /var/www/html/setup/ -- I cannot access the one in the setup.
0
 
LVL 13

Expert Comment

by:duncanb7
ID: 40232062
pls, "ls -la" on the sub-folder and sub-folder directory itself , send it to us
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40232074
Also, if you have selinux running, verify the security permissions:

ls -lZd /var/www/html/setup
and
ls -lZ /var/www/html/setup
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40232076
Which app are you trying to setup? Have you checked your .htaccess in that directory, so see if one exists and can possibly be blocking?  
You may have an /alias for that directory that's blocking somehow.  
Many times, depending on what app you are trying to install, you have to change something in htaccess to allow setup, then change it back to secure...it's a "security" feature many installs use.

Rule out selinux and htaccess first.
0
 

Author Comment

by:tcloud
ID: 40232081
[root@kayako setup]# ls -lZd /var/www/html/setup
drwxrwxr-x. root apache unconfined_u:object_r:user_tmp_t:s0 /var/www/html/setup
[root@kayako setup]#

[root@kayako html]# ls -la setup
total 32
drwxrwxr-x.  2 root root 4096 Jul 27 23:17 .
drwxr-xr-x. 16 root root 4096 Jul 27 23:17 ..
-rwxrwxr-x.  1 root root  694 Jul 21 05:20 console.setup.php
-rwxrwxr-x.  1 root root  696 Jul 21 05:20 console.upgrade.php
-rwxrwxr-x.  1 root root 1086 Jul 21 05:20 favicon.ico
-rwxrwxr-x.  1 root root  141 Jul 27 23:17 index.html
-rwxrwxr-x.  1 root root  626 Jul 21 05:20 index.php
-rwxrwxr-x.  1 root root   68 Jul 27 23:05 phpinfo.php
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40232088
chcon -Rv --type=httpd_sys_content_t  /html
0
 
LVL 12

Accepted Solution

by:
Kent W earned 500 total points
ID: 40232093
that "." at the end of your permissions means you have selinux ACLs in place, probably denying access.
Try
setenforce 0
then try to hit it again and see what happens.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40232106
ugh.  don't turn off selinux except to verify that selinux is the issue.  just fix the labels.

here is a good set of commands:

http://wiki.centos.org/HowTos/SELinux#head-0f6390ddacfab39ee973ed8018a32212c2a02199
0
 

Author Closing Comment

by:tcloud
ID: 40232107
SELINUX was it -- Thanks everyone!
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40232110
It's a test.  It can be turned back on ;) (setenforce 1)
Why change context when you are not sure it's the issue in the first place?
Really.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40232113
you just removed a layer of security.  definitely not the route to go.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40232118
because mugojava, i was *positive* that selinux was at least one of the issues having worked with it for several years.
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40232148
Having 20 years experience, I'm never positive until the end.  If dropping the shields for a minute to test is an issue for him, he has much bigger issues.

Take care now.

Glad you got it going rcloud!!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question