Alexander Farber
2010-Sep-29 14:43 UTC
[CentOS] Forbidden: can't access *.html files in /var/www/html
Hello, I'm using the latest CentOS with phpBB 3.0.x + postgreSQL + sendmail (relayed through gmail.com) - all those programs working fine, with no big modifications of the CentOS defaults (i.e. SELinux is on). Now I'm struggling with the seemingly simple problem, that when I put an .html file into /var/www/html/ then Apache won't serve it. In the browser I see: "Forbidden You don't have permission to access /Alex.html on this server. Apache/2.2.3 (CentOS) Server at XXXX Port 80" In the /var/log/httpd/error_log (I've set "LogLevel debug") I only see: "[error] [client 10.216.40.68] (13)Permission denied: access to /Alex.html denied [error] [client 10.216.40.68] (13)Permission denied: access to /Alex.html denied" The other filetypes like crossdomain.xml and index.php or hello-world.php are served just fine. Also, if I move my *.html files under /var/www/html/test/ - then they are served ok. The permissions are ok in my book: # ls -al Alex.html index.php hello-world.php -r--r--r-- 1 root root 599 Sep 29 15:49 Alex.html -rw-r--r-- 1 afarber afarber 33 Jul 29 11:32 hello-world.php -rw-r--r-- 1 root root 5631 Jun 27 09:38 index.php # ls -ald / /var /var/www /var/www/html drwxr-xr-x 23 root root 4096 Sep 29 15:54 / drwxr-xr-x 22 root root 4096 Jun 22 15:25 /var drwxr-xr-x 8 root root 4096 Sep 29 11:45 /var/www drwxr-xr-x 16 root root 4096 Sep 29 15:59 /var/www/html # cat /var/www/html/.htaccess (installed by phpBB) <Files "config.php"> Order Allow,Deny Deny from All </Files> <Files "common.php"> Order Allow,Deny Deny from All </Files> # /usr/sbin/getsebool -a | grep http allow_httpd_anon_write --> off allow_httpd_bugzilla_script_anon_write --> off allow_httpd_cvs_script_anon_write --> off allow_httpd_mod_auth_pam --> off allow_httpd_nagios_script_anon_write --> off allow_httpd_prewikka_script_anon_write --> off allow_httpd_squid_script_anon_write --> off allow_httpd_sys_script_anon_write --> off httpd_builtin_scripting --> on httpd_can_network_connect --> off httpd_can_network_connect_db --> off httpd_can_network_relay --> off httpd_can_sendmail --> on httpd_disable_trans --> off httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> on httpd_read_user_content --> off httpd_rotatelogs_disable_trans --> off httpd_ssi_exec --> off httpd_suexec_disable_trans --> off httpd_tty_comm --> on httpd_unified --> on httpd_use_cifs --> off httpd_use_nfs --> off I've looked into /etc/httpd/conf/httpd.conf and conf.d/ files... Does anybody know what is wrong, how to find out? Regards Alex
Rob Del Vecchio
2010-Sep-29 14:52 UTC
[CentOS] Forbidden: can't access *.html files in /var/www/html
> Now I'm struggling with the seemingly simple problemSometimes simple problems have simple solutions! For example:> # ls -al Alex.html index.php hello-world.php > -r--r--r-- 1 root root 599 Sep 29 15:49 Alex.html > -rw-r--r-- 1 afarber afarber 33 Jul 29 11:32 hello-world.php > -rw-r--r-- 1 root root 5631 Jun 27 09:38 index.phpWhy is Alex.html only readable and the php files readable *and* writable? Did you try making the php files *only readable* and see what happens? This may not be relevant to the problem, but I have observed in Ubuntu that the apache server by default likes to make files it serves executable. Not sure why, just a simple observation. Hope this helps, Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20100929/5efc3ce6/attachment.html>
Jay Leafey
2010-Sep-29 15:13 UTC
[CentOS] Forbidden: can't access *.html files in /var/www/html
Alexander Farber wrote:> Hello, > > I'm using the latest CentOS with phpBB 3.0.x + postgreSQL + sendmail > (relayed through gmail.com) - all those programs working fine, > with no big modifications of the CentOS defaults (i.e. SELinux is on). > > Now I'm struggling with the seemingly simple problem, that when > I put an .html file into /var/www/html/ then Apache won't serve it. > > <SNIP> > > I've looked into /etc/httpd/conf/httpd.conf and conf.d/ files... > > Does anybody know what is wrong, how to find out? > > Regards > AlexDid you possibly use mv to put the file in that directory? If so, it will not always set the file context properly. You can tell if you will check to see if SELinux is active (run getenforce and see if it returns "Enforcing") and use the -Z switch to ls to see the file context of the problem files. If the context is not "httpd_sys_content_t" or something similar you need to fix the context. Fixing it is easy, just run restorecon: restorecon -rv /var/www/html This will walk down the directory tree and fix up the file contexts, giving you a message about the files it changes. Of course, if it isn't an SELinux problem, this won't help. -- Jay Leafey - jay.leafey at mindless.com Memphis, TN -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5529 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.centos.org/pipermail/centos/attachments/20100929/837e31b9/attachment.bin>
Alexander Farber
2010-Sep-29 15:13 UTC
[CentOS] Forbidden: can't access *.html files in /var/www/html
Nope this doesn't help. I've tried both 444 and 644 for Alex.html and vice versa: 444 and 644 for the .php and .xml files. On Wed, Sep 29, 2010 at 4:52 PM, Rob Del Vecchio <rob.delvecchio at gmail.com> wrote:>>?# ls -al Alex.html index.php hello-world.php >> -r--r--r-- 1 root ? ?root ? ? 599 Sep 29 15:49 Alex.html >> -rw-r--r-- 1 afarber afarber ? 33 Jul 29 11:32 hello-world.php >> -rw-r--r-- 1 root ? ?root ? ?5631 Jun 27 09:38 index.php > Why is Alex.html only readable and the php files readable *and* writable? > ?Did you try making the php files *only readable* and see what happens?
Ben McGinnes
2010-Sep-29 15:13 UTC
[CentOS] Forbidden: can't access *.html files in /var/www/html
On 30/09/10 12:43 AM, Alexander Farber wrote:> Hello, > > I'm using the latest CentOS with phpBB 3.0.x + postgreSQL + sendmail > (relayed through gmail.com) - all those programs working fine, > with no big modifications of the CentOS defaults (i.e. SELinux is on).[SNIP> Does anybody know what is wrong, how to find out?Yep, it's SELinux picking up that the files have been moved or copied to that directory. Run this command: restorecon -R /var/www/html The pages should load after that. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20100930/19e4b3b1/attachment.sig>
Paul Heinlein
2010-Sep-29 15:40 UTC
[CentOS] Forbidden: can't access *.html files in /var/www/html
On Wed, 29 Sep 2010, Jay Leafey wrote:> Fixing it is easy, just run restorecon: > > restorecon -rv /var/www/htmlIs there any received wisdom about when it is more appropriate to use restorecon directly instead of the fixfiles wrapper? I tend to use fixfiles, but I haven't really thought it through. -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
Seemingly Similar Threads
- Samba can't access dir - SELinux problem?
- Passing LD_LIBRARY_PATH through sudo
- Setting From address for cronjob mails (because Gmail rejects)
- haproxy + Apache + virtual hosts -> wrong host is displayed
- Oracle Instant Client 11g on CentOS 5 (32-bit) workaround