[CentOS 5.8] 403 Error when accessing vhost directive (permission problems)
Hey guys,
I'm having some troubles with setting up my webserver. It's a brand new server and I'm trying to set a vhost to the following dir: /home/exo/public_html However whenever I restart httpd I get the following warning: Code:
Starting httpd: Warning: DocumentRoot [/home/exo/public_html] does not exist This is my config file (inside httpd.conf because the vhost conf is not being included, that issues will be discussed in another thread once i get this working since it has uber priority) Code:
<VirtualHost *:80> httpd is being run as apache:apache i tried chowning the public_html directory (also recursively) to exo:apache, apache:apache, root:root with no success. chmod 777 doesn't do anything either. a tail from the log: Code:
[Sat Oct 13 15:09:47 2012] [error] [client 82.***.***.61] (13)Permission denied: access to / denied |
Hi,
Make sure that you have the execute permissions set on that directory, so apache can descend into it Code:
chmod 755 /home/exo/public_html |
that was the very first thing i checked.. and like i said in my post i tried 777 (which has read enabled as well)
In other words, that doesn't work |
If it doesn't work, then it's SELinux. Use:
Code:
chcon -R -t httpd_sys_content_t /home/exo/public_html |
Well goddamit that was it 0.o
just one simple trick and that did it! What was exactly the problem? Why does this happen? Will this also work with phpmyadmin (that is also not accessible due to 403) |
Glad to see it worked.
This happens if you change things (like the DocumentRoot) from their default values. In centos the default docroot is /var/www/html and it's already labeled with the correct SELinux context. If you decide to use a different docroot, you need to label it accordingly. Cheers |
FYI, chcon does not survive a reboot; you need to add it to SELinux permanently
Code:
semanage -a -t httpd_sys_content_t /home/exo/public_html |
Quote:
Changing a label WILL survive a reboot, but it may not survive a full filesystem relabel. However, there is aleady an entry for public_html in the targeted policy. Its not viewable when you do semanage fcontext -l , but it is in the policy. Try it. Create a directory called ~/public_html and run a restorecon -RF on the directory. It will change to httpd_user_content_t. To be honest, it should automatically type transition to this context on creation. That is the job of the restorecond daemon via inotify. But it sometimes fails to do so, hence the manual running of the restorecon command. Mike. |
ah yes, sorry 'relabel' .... often happens at reboot
|
All times are GMT -5. The time now is 07:13 PM. |