Apache returns permission denied on all requests

Hi group,

I've successfully set up Apache many times before, usually on Ubuntu servers. Now trying Centos 5. Apache loads the colourful Centos default test page OK for web-root accesses, but any other file request gets the '403 forbidden' error, which is replicated in the apache error_log, eg:

Permission denied: access to /index.html denied

I changed the /paths/to/web-files in httpd.conf to my home directory. All directories up to and including the htdocs and cgi-bin are 755, and the perl scripts are also 755. Apache runs as apache/apache, and I tried making user apache a member of my uername group, but it didn't make any difference, and shouldn't be necessary anyway given the directory permissions (it's hosted on a VM behind a proper firewall so security isn't currently an issue).

I moved welcome.conf away to make sure it was not causing the problem. There is nothing apparent in httpd.conf to cause this, but I think I must be overlooking something trivial. Anyone have any ideas?

3 Replies

Do you have SElinux enabled? If so that can stop you. Check /etc/sysconfig/selinux

If SElinux is enabled then the default policies expect the HTML documents to be somewhere central (/var/www I think) and apache may be denied access to files outside of that area. In this case either disable SElinux (and reboot) or learn how to reconfigure the policies.

SELINUX=enforcing, so I guess that means yes! I've disabled it and all is working now, many thanks.

I'm not too familiar with selinux, though I've heard of it. I'm shadowing my VM setup on a linode where obviously I'm much more conceerrned about securuity. Is it recommend to run a Centos production server with selinux turned off?

SElinux is "security enhanced". The idea is that it can enforce permissions at a greater granularity than standard Unix permissions. Root is no longer god and can be restricted. Users may be able to perform certain actions (even down to the system call level) and not others.

In theory SElinux is "double plus good". In practice it causes a lot of problems if you're not conversant with it. The result is that lots of people run it in default mode. Lots of people disable it 'cos it's caused problems. Very very few peope actually understand what it does and why it's theoretically a good thing and have the skills to configure it to their needs.

So shrug run with it disabled. SElinux can enhance security but with it turned off then it won't hurt you or give you less security than you're used to.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct