Apache Permission denied for /srv/www: unable to check .htaccess file but not for /var/www

家住魔仙堡 提交于 2019-12-03 21:51:17

问题


I've hit a problem on Centos 6.5:

[Mon Dec 28 12:10:52 2012] [a] [client 127.0.0.1] (13) Permission denied: /srv/www/website/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

Basically, I was building a brand new server and trying to migrate all of my websites over into /srv/www folder instead of /var/www as it appears to be the future standard (there is a whole discussion about it so just google).

What I did:

1) added a new group (groupadd developers)

2) added users a (gid 501), root, apache, nobody to the above group (usermod -G develoeprs a && usermod -G develoeprs apache && usermod -G develoeprs root && usermod -G develoeprs nobody)

3) copied all folders & files into /srv/www

4) changed ownership of entire /srv/www to apache:developers (chown -R apache:developers /srv/www)

5) changed mode so /srv/www is group readable/writable/searchable (chmod -R 2775 /srv/www)

6) added 'umask 002' to the end of /etc/sysconfig/httpd so it runs in group writable mode

7) added virtual host(s) and to /etc/httpd/conf.d/vhosts.conf (service httpd configtest throws OK)

NameVirtualHost *:80
NameVirtualHost *:443

SSLStrictSNIVHostCheck off

<VirtualHost *:443>
    ServerAdmin webmaster@domain.ext
    DocumentRoot /srv/www/test
    ServerName test.domain.com
    ServerAlias test.domain
    SSLEngine on
    SSLCertificateFile /etc/httpd/certs/domain.com/server.crt
    SSLCertificateKeyFile /etc/httpd/certs/domain.com/server.key
    <Directory /srv/www/test>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>

8) restarted the server 9) started httpd manually because it asks for SSL certificate password otherwise autostart fails (need to look into how to start it automatically after rebooting)

I am still getting the same above error message.

Then, I tried changing the home folder in /etc/passwd for apache user to /srv/www (server restart) but still no joy i.e. Permission denied. I even renamed the old /var/www folder and created a symlink in /var/www to /srv/www. Another attempt was to chown back to root:root, apache:apache and :developers group for both.

/srv/www/ [NOT WORKING]

drwxr-xr-x. 2 root root (cgi-bin, error, html,icons)

drwxrwsr-x. 5 apache developers (all other website folders)

-rwxrwsr-x. 1 apache developers (all files)

/srv/

drwxrwsr-x. 4 apache developers www

/var/www [WORKING]

drwxr-xr-x. 2 root root (cgi-bin, error, html,icons)

drwxrwxr-x. 3 apache developers (all other website folders)

-rwxrwxr-x. 1 apache developers (all website files)

Then, as soon as I copy my one of my website's folder into /var/www and point paths in /etc/httpd/conf.d/vhosts.conf it starts to work fine!

DOES ANYONE KNOW WHY IT'S NOT WORKING IN /SRV/WWW folder??


回答1:


I finally got to the bottom of the problem. It's caused by SELinux policies overriding basic traditional discretionary access control (DAC) methods such as file permissions or access control lists (ACLs) normally used to control the file access of users!

$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

$ setenforce
usage:  setenforce [ Enforcing | Permissive | 1 | 0 ]

$ setenforce Permissive

$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

More info on SELinux at Centos. As soon as I switched to Permissive mode my /srv/ started working.

If you know what and why you are doing this then you can permanently disable SELinux in /etc/selinux/config by changing the following line:

SELINUX=enforcing

to

SELINUX=disabled

Restart your server and you should have it disabled permanently.

Note: When switching from Disabled to either Permissive or Enforcing mode, it is highly recommended that the system be rebooted and the filesystem relabeled.




回答2:


Are you sure that the user "apache" can cross the folder "/src" ? What's the owner and the permission of the folder "/src" ?



来源:https://stackoverflow.com/questions/21233552/apache-permission-denied-for-srv-www-unable-to-check-htaccess-file-but-not-fo

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!