Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 02-19-2007, 04:02 PM   #1
LQ Newbie
Registered: Feb 2007
Posts: 6

Rep: Reputation: 0
Apache - 403 Forbidden Warning

I can access the default page at http://localhost, but when I try to browse to something under /var/www/html, I get the 403 forbidden error. Now I've seen posts about changing permissions of the folder and files under /var/www/html, but do I set them to the user that the webserver has defined it is settings (apache:apache)? Whatever I try does not seem to work.

[root@linuxmcarey /]# chown -R apache:apache /var/www/html
[root@linuxmcarey /]# chmod 755 /var/www/html

Also, I've seen posts about checking the httpd file, but when I do a search, a couple come up. How do I tell which httpd file it is using?
Old 02-19-2007, 05:30 PM   #2
LQ Newbie
Registered: Sep 2005
Location: brentwood, ca
Distribution: kubuntu desktop, ubuntu server, debian desktop
Posts: 21

Rep: Reputation: 15
check in your apache configuration that it is infact apache:apache and make sure its uncommented, different distros change this to different things sometimes.
Old 02-20-2007, 07:39 AM   #3
LQ Newbie
Registered: Feb 2007
Posts: 6

Original Poster
Rep: Reputation: 0
Sorry, this is RedHat 4. Not sure what version of apache.

Yes, when I open up the Web Server applet, the user and group both have apache. The folder I'm trying to access is cacti:

[root@linuxmcarey html]# ls -al
total 1132
drwxr-xr-x 3 apache apache 4096 Feb 19 16:35 .
drwxr-xr-x 9 root root 4096 Feb 19 15:35 ..
drwxr-xr-x 11 apache apache 4096 Feb 19 16:32 cacti
-rwxr-xr-x 1 apache apache 1126337 Feb 19 15:17 cacti-0.8.6j.tar.gz
[root@linuxmcarey html]#
Old 02-20-2007, 07:50 AM   #4
Registered: Oct 2005
Distribution: FC5
Posts: 338

Rep: Reputation: 30
Has to do with SElinux policy, if you disable then there will be no errors, however to work with SElinux polix do
>chcon -R -h -t httpd_sys_content_t /home/www/html/*


Accessing the index.html file via a Web browser gets a "Forbidden 403" error on your screen, even though the permissions are correct. Viewing the /var/log/httpd/error_log gives a "Permission Denied" message and the /var/log/messages file shows kernel audit errors.

[root@bigboy tmp]# tail /var/log/httpd/error_log
[Fri Dec 24 17:59:24 2004] [error] [client] (13)Permission denied: access to / denied
[root@bigboy tmp]# tail /var/log/messages
Dec 24 17:59:24 bigboy kernel: audit(1103939964.444:0): avc: denied { getattr } for pid=2188 exe=/usr/sbin/httpd path=/home/www/site1 dev=hda5 ino=73659 scontext=system_u:system_r:httpd_t tcontext=rootbject_r:user_home_t tclass=dir
[root@bigboy tmp]#

SELinux security context labels can be modified using the chcon command. Recognizing the error, user root uses chcon with the -R (recursive) and -h (modify symbolic links) qualifiers to modify the label of the directory to httpd_sys_content_t with the -t qualifier.

[root@bigboy tmp]# chcon -R -h -t httpd_sys_content_t /home/www/site1
[root@bigboy tmp]# ls -Z /home/www/site1/
-rw-r--r-- root root rootbject_r:httpd_sys_content_t index.html
[root@bigboy tmp]#

Browsing now works without errors. User root won't have to run the chcon command again for the directory, because new files created in the directory will inherit the SELinux security label of the parent directory. You can see this when the file /home/www/site1/test.txt is created.

[root@bigboy tmp]# touch /home/www/site1/test.txt
[root@bigboy tmp]# ls -Z /home/www/site1/
-rw-r--r-- root root rootbject_r:httpd_sys_content_t index.html
-rw-r--r-- root root rootbject_r:httpd_sys_content_t test.txt
[root@bigboy tmp]#

Last edited by sn68; 02-20-2007 at 07:58 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
apache: 403 forbidden johnty01 Linux - Networking 5 04-05-2008 02:20 PM
Apache 403 Forbidden HelplessNewbie Linux - Software 3 05-19-2006 11:12 PM
apache 403 forbidden munchkins Linux - Software 1 12-25-2005 07:10 AM
apache 403 forbidden? wezhousheng Linux - Networking 5 05-13-2005 12:15 AM
Apache 403 Forbidden quozt Linux - Networking 10 02-24-2004 04:59 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:52 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration