Solved

CentOS 6.5 Apache ACCESS DENIED

Posted on 2014-07-31
18
393 Views
Last Modified: 2014-07-31
I am able to get to the root of a web server, but all the sub-folders are getting access denied.  chmod permissions are set to 755 for all files and folders, and are owned by root:root.

Any assistance would be greatly appreciated.
httpd.conf.txt
0
Comment
Question by:tcloud
  • 6
  • 5
  • 5
  • +1
18 Comments
 
LVL 12

Expert Comment

by:Kent W
ID: 40231987
Set the owner.group under your web root to root.apache recursively.
Also, check your httpd log, especially the error_log (however you have it named).
0
 

Author Comment

by:tcloud
ID: 40232011
[Thu Jul 31 10:40:55 2014] [client 10.1.80.21] (13)Permission denied: access to /setup/ denied
0
 
LVL 13

Expert Comment

by:duncanb7
ID: 40232019
change group at the sub-folder under root access and myloginname is next time you want
to login as user  with username

cd your sub-folder
chgrp -R -v myloginname *

if not okay, also change group for the sub-folder itself

Duncan
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40232030
That's a clue.  /setup to what?  In your webroot, try inserting a plain vanilla "index.htm" or whatever you have your indexes set to, with a simple "Hello World" or some text in it.  
Are you trying to install a php web app?  If so, that would be good information.  Many setups for php / web apps need at least temporary rwx.  You can see if this is really a permissions problem or an IP allowed problem by temporarily chmoding the directory to 777.  If it works, you know permissions are the right tree.  If not, then something else is amiss.

Also, is SELinux enforcing?  You may set that off too -
setenforce 0
But don't do both at once, try one at a time so you know what "fixed" the issue.

Also, your .htaccess may be redirecting to /setup (not sure if you are hitting that directory by naming in the URL, or you are being redirected to it)
0
 

Author Comment

by:tcloud
ID: 40232053
Duncan,

that changed permissions back to root:root, and did not resolve the issue.  Note that the /var/www/html folder (wwwroot) also has root:root permissions, and I am able to access the files in that folder via web page.

Thanks!
0
 

Author Comment

by:tcloud
ID: 40232057
mugojava,

I have a phpinfo.php in /var/www/html/ and one in /var/www/html/setup/ -- I cannot access the one in the setup.
0
 
LVL 13

Expert Comment

by:duncanb7
ID: 40232062
pls, "ls -la" on the sub-folder and sub-folder directory itself , send it to us
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40232074
Also, if you have selinux running, verify the security permissions:

ls -lZd /var/www/html/setup
and
ls -lZ /var/www/html/setup
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40232076
Which app are you trying to setup? Have you checked your .htaccess in that directory, so see if one exists and can possibly be blocking?  
You may have an /alias for that directory that's blocking somehow.  
Many times, depending on what app you are trying to install, you have to change something in htaccess to allow setup, then change it back to secure...it's a "security" feature many installs use.

Rule out selinux and htaccess first.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 

Author Comment

by:tcloud
ID: 40232081
[root@kayako setup]# ls -lZd /var/www/html/setup
drwxrwxr-x. root apache unconfined_u:object_r:user_tmp_t:s0 /var/www/html/setup
[root@kayako setup]#

[root@kayako html]# ls -la setup
total 32
drwxrwxr-x.  2 root root 4096 Jul 27 23:17 .
drwxr-xr-x. 16 root root 4096 Jul 27 23:17 ..
-rwxrwxr-x.  1 root root  694 Jul 21 05:20 console.setup.php
-rwxrwxr-x.  1 root root  696 Jul 21 05:20 console.upgrade.php
-rwxrwxr-x.  1 root root 1086 Jul 21 05:20 favicon.ico
-rwxrwxr-x.  1 root root  141 Jul 27 23:17 index.html
-rwxrwxr-x.  1 root root  626 Jul 21 05:20 index.php
-rwxrwxr-x.  1 root root   68 Jul 27 23:05 phpinfo.php
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40232088
chcon -Rv --type=httpd_sys_content_t  /html
0
 
LVL 12

Accepted Solution

by:
Kent W earned 500 total points
ID: 40232093
that "." at the end of your permissions means you have selinux ACLs in place, probably denying access.
Try
setenforce 0
then try to hit it again and see what happens.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40232106
ugh.  don't turn off selinux except to verify that selinux is the issue.  just fix the labels.

here is a good set of commands:

http://wiki.centos.org/HowTos/SELinux#head-0f6390ddacfab39ee973ed8018a32212c2a02199
0
 

Author Closing Comment

by:tcloud
ID: 40232107
SELINUX was it -- Thanks everyone!
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40232110
It's a test.  It can be turned back on ;) (setenforce 1)
Why change context when you are not sure it's the issue in the first place?
Really.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40232113
you just removed a layer of security.  definitely not the route to go.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40232118
because mugojava, i was *positive* that selinux was at least one of the issues having worked with it for several years.
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40232148
Having 20 years experience, I'm never positive until the end.  If dropping the shields for a minute to test is an issue for him, he has much bigger issues.

Take care now.

Glad you got it going rcloud!!
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now