Forbidden directories after fresh install

[mrtopher]

I just installed Apache 2.2.3 on CentOS5 and things appear to have worked properly. I was able to put an index.html file in the web root and view it appropriately.

The problem I can't seem to figure out is that I can't put any folders inside the web root because when I try to bring them up in a browser I am getting a Forbidden error. I can't seem to gain access into any subdirectories I place inside the web root.

I have noticed a number of posts here regarding similar problems or even my same problem but I can't seem to find a solution. Anyone know how I can gain access to subdirectories within my web root?

 

[feherke]

Hi

The problem I can't seem to figure out is that I can't put any folders inside the web root because when I try to bring them up in a browser I am getting a Forbidden error.

I do not know CentOS, but if it supports permissions, then check them.

Feherke.

http://rootshell.be/~feherke/

 

[smah]

Are there any files in those directories? Often, directory listing is disabled by default. So if there is no index.html (or if you're not accessing a file by name), you might see this condition. What is the actual error that is written to the error log?

 

[mrtopher]

Yes, there are files in the directories.

The error log is saying:

[Wed Jul 18 14:16:44 2007] [error] [client 10.5.128.250] (13)Permission denied: access to /test/index.html denied

But the directories have the same permissions as the files sitting in the web root that I can access. Same owner and group as well. This is why I'm perplexed.

 

[smah]

Although I wouldn't expect a problem when inside the normal apache document root, Is SELinux enabled?

 

[mrtopher]

Yes it is... and it's funny you should mention that because I happened to be next to the server on another machine while making a request and some message popped up saying something about httpd being denied access to the file that I was trying to access.

Do I want to disable SELinux?

 

[smah]

Well wether or not to disable it entirely might be worthy of future debate. For now, it might be a worthwile test. A reboot will be required though.

 

[feherke]

Hi

But the directories have the same permissions as the files sitting in the web root that I can access.

Probably it is not enough. On Unix and Unix-like systems the directories content can be listed/searched only if the directory has execute permission. If Apache checks for the existence of the file, it can fail because the lack of permission. Like in this example :

[blue]master #[/blue] mkdir t

[blue]master #[/blue] touch t/hmm

[blue]master #[/blue] ls -d t
drwxr-xr-x  2 master master 72 Jul 19 10:41 t

[blue]master #[/blue] ls t/hmm
-rw-r--r--  1 master master 0 Jul 19 10:41 t/hmm

[blue]master #[/blue] chmod -x t

[blue]master #[/blue] ls -d t
drw-r--r--  2 master master 72 Jul 19 10:41 t

[blue]master #[/blue] ls t/hmm
ls: t/hmm: Permission denied

Feherke.

http://rootshell.be/~feherke/

 

[mrtopher]

I think that it's an SELinux issue.

Is there a way I can disable SELinux temporarily to see if thats my problem or reconfigure it?

 

[feherke]

Hi

To this latest question you would probably get better answers in forum54.

Feherke.

http://rootshell.be/~feherke/

 

[mrtopher]

I followed some instructions in the SELinux error message that it was displaying when trying to access those files and it looks like everything is working properly now.

Thanks for the help!

 

[RhythmAce]

When all else fails, follow directions. ;-)