Linode.com Forum Forum Index Linode.com Forum
Linode Community Forums
 


Apache returns permission denied on all requests

Click here to go to the original topic

 
       Linode.com Forum Forum Index -> Linux, Apache, Mysql and PHP (LAMP) Forum
Author Message
jti



Joined: 29 Oct 2007
Posts: 23
Posted: Mon Oct 29, 2007 9:32 am    Post subject: Apache returns permission denied on all requests  
Hi group,

I've successfully set up Apache many times before, usually on Ubuntu servers. Now trying Centos 5. Apache loads the colourful Centos default test page OK for web-root accesses, but any other file request gets the '403 forbidden' error, which is replicated in the apache error_log, eg:

Permission denied: access to /index.html denied

I changed the /paths/to/web-files in httpd.conf to my home directory. All directories up to and including the htdocs and cgi-bin are 755, and the perl scripts are also 755. Apache runs as apache/apache, and I tried making user apache a member of my uername group, but it didn't make any difference, and shouldn't be necessary anyway given the directory permissions (it's hosted on a VM behind a proper firewall so security isn't currently an issue).

I moved welcome.conf away to make sure it was not causing the problem. There is nothing apparent in httpd.conf to cause this, but I think I must be overlooking something trivial. Anyone have any ideas?
Back to top  
sweh



Joined: 13 Apr 2004
Posts: 223
Posted: Mon Oct 29, 2007 10:20 am    Post subject:  
Do you have SElinux enabled? If so that can stop you. Check /etc/sysconfig/selinux

If SElinux is enabled then the default policies expect the HTML documents to be somewhere central (/var/www I think) and apache may be denied access to files outside of that area. In this case either disable SElinux (and reboot) or learn how to reconfigure the policies.
Back to top  
jti



Joined: 29 Oct 2007
Posts: 23
Posted: Mon Oct 29, 2007 10:30 am    Post subject:  
SELINUX=enforcing, so I guess that means yes! I've disabled it and all is working now, many thanks.

I'm not too familiar with selinux, though I've heard of it. I'm shadowing my VM setup on a linode where obviously I'm much more conceerrned about securuity. Is it recommend to run a Centos production server with selinux turned off?
Back to top  
sweh



Joined: 13 Apr 2004
Posts: 223
Posted: Mon Oct 29, 2007 2:17 pm    Post subject:  
SElinux is "security enhanced". The idea is that it can enforce permissions at a greater granularity than standard Unix permissions. Root is no longer god and can be restricted. Users may be able to perform certain actions (even down to the system call level) and not others.

In theory SElinux is "double plus good". In practice it causes a lot of problems if you're not conversant with it. The result is that lots of people run it in default mode. Lots of people disable it 'cos it's caused problems. Very very few peope actually understand what it does and why it's theoretically a good thing and have the skills to configure it to their needs.

So *shrug* run with it disabled. SElinux can enhance security but with it turned off then it won't hurt you or give you less security than you're used to.
Back to top  
 
       Linode.com Forum Forum Index -> Linux, Apache, Mysql and PHP (LAMP) Forum
Page 1 of 1