CentOS 6.5 Apache ACCESS DENIED

I am able to get to the root of a web server, but all the sub-folders are getting access denied.  chmod permissions are set to 755 for all files and folders, and are owned by root:root.

Any assistance would be greatly appreciated.
httpd.conf.txt
tcloudAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kent WSr. Network / Systems AdminCommented:
Set the owner.group under your web root to root.apache recursively.
Also, check your httpd log, especially the error_log (however you have it named).
0
tcloudAuthor Commented:
[Thu Jul 31 10:40:55 2014] [client 10.1.80.21] (13)Permission denied: access to /setup/ denied
0
duncanb7Commented:
change group at the sub-folder under root access and myloginname is next time you want
to login as user  with username

cd your sub-folder
chgrp -R -v myloginname *

if not okay, also change group for the sub-folder itself

Duncan
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Kent WSr. Network / Systems AdminCommented:
That's a clue.  /setup to what?  In your webroot, try inserting a plain vanilla "index.htm" or whatever you have your indexes set to, with a simple "Hello World" or some text in it.  
Are you trying to install a php web app?  If so, that would be good information.  Many setups for php / web apps need at least temporary rwx.  You can see if this is really a permissions problem or an IP allowed problem by temporarily chmoding the directory to 777.  If it works, you know permissions are the right tree.  If not, then something else is amiss.

Also, is SELinux enforcing?  You may set that off too -
setenforce 0
But don't do both at once, try one at a time so you know what "fixed" the issue.

Also, your .htaccess may be redirecting to /setup (not sure if you are hitting that directory by naming in the URL, or you are being redirected to it)
0
tcloudAuthor Commented:
Duncan,

that changed permissions back to root:root, and did not resolve the issue.  Note that the /var/www/html folder (wwwroot) also has root:root permissions, and I am able to access the files in that folder via web page.

Thanks!
0
tcloudAuthor Commented:
mugojava,

I have a phpinfo.php in /var/www/html/ and one in /var/www/html/setup/ -- I cannot access the one in the setup.
0
duncanb7Commented:
pls, "ls -la" on the sub-folder and sub-folder directory itself , send it to us
0
Jan SpringerCommented:
Also, if you have selinux running, verify the security permissions:

ls -lZd /var/www/html/setup
and
ls -lZ /var/www/html/setup
0
Kent WSr. Network / Systems AdminCommented:
Which app are you trying to setup? Have you checked your .htaccess in that directory, so see if one exists and can possibly be blocking?  
You may have an /alias for that directory that's blocking somehow.  
Many times, depending on what app you are trying to install, you have to change something in htaccess to allow setup, then change it back to secure...it's a "security" feature many installs use.

Rule out selinux and htaccess first.
0
tcloudAuthor Commented:
[root@kayako setup]# ls -lZd /var/www/html/setup
drwxrwxr-x. root apache unconfined_u:object_r:user_tmp_t:s0 /var/www/html/setup
[root@kayako setup]#

[root@kayako html]# ls -la setup
total 32
drwxrwxr-x.  2 root root 4096 Jul 27 23:17 .
drwxr-xr-x. 16 root root 4096 Jul 27 23:17 ..
-rwxrwxr-x.  1 root root  694 Jul 21 05:20 console.setup.php
-rwxrwxr-x.  1 root root  696 Jul 21 05:20 console.upgrade.php
-rwxrwxr-x.  1 root root 1086 Jul 21 05:20 favicon.ico
-rwxrwxr-x.  1 root root  141 Jul 27 23:17 index.html
-rwxrwxr-x.  1 root root  626 Jul 21 05:20 index.php
-rwxrwxr-x.  1 root root   68 Jul 27 23:05 phpinfo.php
0
Jan SpringerCommented:
chcon -Rv --type=httpd_sys_content_t  /html
0
Kent WSr. Network / Systems AdminCommented:
that "." at the end of your permissions means you have selinux ACLs in place, probably denying access.
Try
setenforce 0
then try to hit it again and see what happens.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jan SpringerCommented:
ugh.  don't turn off selinux except to verify that selinux is the issue.  just fix the labels.

here is a good set of commands:

http://wiki.centos.org/HowTos/SELinux#head-0f6390ddacfab39ee973ed8018a32212c2a02199
0
tcloudAuthor Commented:
SELINUX was it -- Thanks everyone!
0
Kent WSr. Network / Systems AdminCommented:
It's a test.  It can be turned back on ;) (setenforce 1)
Why change context when you are not sure it's the issue in the first place?
Really.
0
Jan SpringerCommented:
you just removed a layer of security.  definitely not the route to go.
0
Jan SpringerCommented:
because mugojava, i was *positive* that selinux was at least one of the issues having worked with it for several years.
0
Kent WSr. Network / Systems AdminCommented:
Having 20 years experience, I'm never positive until the end.  If dropping the shields for a minute to test is an issue for him, he has much bigger issues.

Take care now.

Glad you got it going rcloud!!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.