Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 444
  • Last Modified:

CentOS 6.5 Apache ACCESS DENIED

I am able to get to the root of a web server, but all the sub-folders are getting access denied.  chmod permissions are set to 755 for all files and folders, and are owned by root:root.

Any assistance would be greatly appreciated.
httpd.conf.txt
0
tcloud
Asked:
tcloud
  • 6
  • 5
  • 5
  • +1
1 Solution
 
Kent WSr. Network / Systems AdminCommented:
Set the owner.group under your web root to root.apache recursively.
Also, check your httpd log, especially the error_log (however you have it named).
0
 
tcloudAuthor Commented:
[Thu Jul 31 10:40:55 2014] [client 10.1.80.21] (13)Permission denied: access to /setup/ denied
0
 
duncanb7Commented:
change group at the sub-folder under root access and myloginname is next time you want
to login as user  with username

cd your sub-folder
chgrp -R -v myloginname *

if not okay, also change group for the sub-folder itself

Duncan
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Kent WSr. Network / Systems AdminCommented:
That's a clue.  /setup to what?  In your webroot, try inserting a plain vanilla "index.htm" or whatever you have your indexes set to, with a simple "Hello World" or some text in it.  
Are you trying to install a php web app?  If so, that would be good information.  Many setups for php / web apps need at least temporary rwx.  You can see if this is really a permissions problem or an IP allowed problem by temporarily chmoding the directory to 777.  If it works, you know permissions are the right tree.  If not, then something else is amiss.

Also, is SELinux enforcing?  You may set that off too -
setenforce 0
But don't do both at once, try one at a time so you know what "fixed" the issue.

Also, your .htaccess may be redirecting to /setup (not sure if you are hitting that directory by naming in the URL, or you are being redirected to it)
0
 
tcloudAuthor Commented:
Duncan,

that changed permissions back to root:root, and did not resolve the issue.  Note that the /var/www/html folder (wwwroot) also has root:root permissions, and I am able to access the files in that folder via web page.

Thanks!
0
 
tcloudAuthor Commented:
mugojava,

I have a phpinfo.php in /var/www/html/ and one in /var/www/html/setup/ -- I cannot access the one in the setup.
0
 
duncanb7Commented:
pls, "ls -la" on the sub-folder and sub-folder directory itself , send it to us
0
 
Jan SpringerCommented:
Also, if you have selinux running, verify the security permissions:

ls -lZd /var/www/html/setup
and
ls -lZ /var/www/html/setup
0
 
Kent WSr. Network / Systems AdminCommented:
Which app are you trying to setup? Have you checked your .htaccess in that directory, so see if one exists and can possibly be blocking?  
You may have an /alias for that directory that's blocking somehow.  
Many times, depending on what app you are trying to install, you have to change something in htaccess to allow setup, then change it back to secure...it's a "security" feature many installs use.

Rule out selinux and htaccess first.
0
 
tcloudAuthor Commented:
[root@kayako setup]# ls -lZd /var/www/html/setup
drwxrwxr-x. root apache unconfined_u:object_r:user_tmp_t:s0 /var/www/html/setup
[root@kayako setup]#

[root@kayako html]# ls -la setup
total 32
drwxrwxr-x.  2 root root 4096 Jul 27 23:17 .
drwxr-xr-x. 16 root root 4096 Jul 27 23:17 ..
-rwxrwxr-x.  1 root root  694 Jul 21 05:20 console.setup.php
-rwxrwxr-x.  1 root root  696 Jul 21 05:20 console.upgrade.php
-rwxrwxr-x.  1 root root 1086 Jul 21 05:20 favicon.ico
-rwxrwxr-x.  1 root root  141 Jul 27 23:17 index.html
-rwxrwxr-x.  1 root root  626 Jul 21 05:20 index.php
-rwxrwxr-x.  1 root root   68 Jul 27 23:05 phpinfo.php
0
 
Jan SpringerCommented:
chcon -Rv --type=httpd_sys_content_t  /html
0
 
Kent WSr. Network / Systems AdminCommented:
that "." at the end of your permissions means you have selinux ACLs in place, probably denying access.
Try
setenforce 0
then try to hit it again and see what happens.
0
 
Jan SpringerCommented:
ugh.  don't turn off selinux except to verify that selinux is the issue.  just fix the labels.

here is a good set of commands:

http://wiki.centos.org/HowTos/SELinux#head-0f6390ddacfab39ee973ed8018a32212c2a02199
0
 
tcloudAuthor Commented:
SELINUX was it -- Thanks everyone!
0
 
Kent WSr. Network / Systems AdminCommented:
It's a test.  It can be turned back on ;) (setenforce 1)
Why change context when you are not sure it's the issue in the first place?
Really.
0
 
Jan SpringerCommented:
you just removed a layer of security.  definitely not the route to go.
0
 
Jan SpringerCommented:
because mugojava, i was *positive* that selinux was at least one of the issues having worked with it for several years.
0
 
Kent WSr. Network / Systems AdminCommented:
Having 20 years experience, I'm never positive until the end.  If dropping the shields for a minute to test is an issue for him, he has much bigger issues.

Take care now.

Glad you got it going rcloud!!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 6
  • 5
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now