i'm running into a problem where a program written to be accessed as a web service can't access anything in the local file system. running the program from the command line works correctly, but fails when called via apache as a subprocess exec'd via system() from a php script ; it simply can't find the files it's supposed to work on. i'm convinced this is an apache configuration issue, as the program has no problem reading /var/www/html [the webserver document root] and any/all files/directories under it.
here are some details :
virtual centos 7 server running apache 2.4.6.
the program runs as user apache
it can read / [root dir] and interprets it correctly [i.e. it really is / the system root, not /var/www/html]
it doesn't have access to /tmp at all, nor to /var/tmp
some external files are network mounted on /mnt. the program can access /mnt, but attempts to read /mnt/{anything} fail -- even though remote shares are mounted w/effective uid/gid as apache and all files/directories are readable by world.
selinux is currently disabled
for kicks, i tried setting Require all granted inside <Directory / > and <Directory /tmp > in httpd.conf, but that didn't change anything.
does anyone have any idea what could be causing this and how i could fix it ?
thanks.
Have you checked to see if selinux is restricting access?
You can see if Selinux is causing issues by install selinux troubleshooting
yum install -y setroubleshoot
sealert -a /var/log/audit/audit.log
Related
Running wordpress locally on a centOS 7 server running the latest apache, PHPmyadmin and mariadb-server.
IP/wordpress and IP/phpmyadmin on systems within the local network yields "403 forbidden" "you dont have permission to access (directory) on this server."
How can I fix this to allow the website to be seen on the public internet?
Could be a lot of things.
In your main Apache configuration file (e.g. /etc/httpd/conf/httpd.conf on Arch Linux), confirm your DocumentRoot path. The files you want to serve must reside there, or in sub-directories from there (If not, you might want to use an Alias to specify another path). Since you call IP/wordpress and IP/phpmyadmin, then you probably have directories called wordpress and phpmyadmin under your DocumentRoot path.
You also want to check the Directory groups in your Apache configuration file. Under those, the main culprit would be the Require directive set to all denied or something else too much restrictive like ip your_ip.
Finally, PHP can restrict path access with the open_basedir directive. Look for it in your php configuration file (e.g. /etc/php/php.ini on Arch Linux). If the line is commented, you're fine. But if a path is specified, your wordpress and phpmyadmin files must reside there.
Depending on your setup, any directive mentioned above could be in another Apache configuration file (e.g. /etc/httpd/conf/extra/* on Arch Linux).
Take a look at Apache and PHP online documentation for information about those directives.
Probably there is an issue with your directory privileges.
Use the follwing command to check it:
cd your_site_directory
ls -l
You can have a look to have a better understanding on directory privileges here.
As mentioned here apache runs under "apache" user.
Have a look at this post here to fix the issue.
All files should belong at least to apache group. To do it you can use
cd your_site_directory
chgrp -R apache ./*
I am trying to migrate a web application from a Slackware config of Apache to a CentOS 7 one. DocumentRoot set to /home/STORAGE and there is a simple index.html file in it for testing. Both /home/STORAGE and index.html have 777 permissions set, yet Apache reports :
access to /index.html denied ... because search permissions are missing on a component of the path.
On the other hand, phpMyAdmin works fine, configured with a separate .conf file in /etc/httpd/conf.d . I tried using their example to make a .conf file for my app, but it still reports the same error. I don't even know where to start looking here.
EDIT:
I think this has something to do with the user of Apache. It is set to a local user in httpd.conf not to root, but the only pages the server serves are those in directories owned by root.
It was not a permission error but a Selinux issue. I decided to use the default /var/www/html for the application but still, had to allow write access to some dirs. Here is what I typed:
sudo chcon -t httpd_sys_rw_content_t /some/dir/in/var/www/html -R
The first time I typed it without -R and the permissions didn't change (check with ls -Z /dir/path). Now it is fine.
I have a vps with godaddy with the following:
centos 6
latest apache
whm/cpanel
I am running with suphp enabled.
files and folders are all 755,644
i have a program located at:
/home/programname/public_html
this program edits files located on the same server in different user accounts. in order for this to happen i have to:
chown programname:programname /home/username/public_html
this allows the files to be edited by the program running at /home/programname/public_html
when i try to view the files at
/home/username/public_html
at its domain name
username.com
I get an "The server encountered an internal error or misconfiguration and was unable to complete your request."
in order to fix this i have to
chown username:username /home/username/public_html
how do i fix this so i can view the website files without having to chown the files?
You can use ACLs:
Enable ACLs on a filesystem:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-acls.html
Set ACLs on a filesystem:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/acls-setting.html
There is also an apache module that I haven't had much luck with:
apache2-mpm-itk - http://www.webtatic.com/packages/httpd-itk/
It has some issues because it doesn't support prefork properly.
I have clean CentOS 6. I just install via yum install httpd mysql-server, python, mysql-python.
First Step
$ trac-admin /home/tracprojects/main2 initenv
Project name: Main
SQL Connect string: mysql://trac#localhost:3306/trac (base exists, utf8, innoDB)
OK.
$ trac-admin /home/tracprojects/main2 deploy /var/www/html/
OK.
Second Step
Then I move cgi-bin/trac.wsgi to my /cgi-bin/ server's alias folder. (mod_wsgi working well. NOT as a daemon. tested on wsgi scripts).
Then I've grant permissions to Apache user for whole directories I've create earlier. And add access from apache config. (order-allow-deny).
But when I open my browser and go to url, I've got this error message:
Internal Server Error
TracError: IOError: [Errno 13] Permission denied: '/home/tracprojects/main2/VERSION'
What I do wrong?
Do you use SElinux (enabled by default)? With default SElinux I believe Apache can not access /home. You can check this by disabling SElinux temporarily ("setenforce 0" as root) and maybe restarting Apache. Also check /var/log/audit.log.
Check permissions of '/home/tracprojects' etc. Apache runs as special user and simply may not be able to read into directories, read files, or even write files.
You may be better off using mod_wsgi daemon mode and telling mod_wsgi to run the process as a different user who can access that location. Even if do this, the WSGI script file directory still at least needs to be readable to Apache user.
I am attempting to edit the "default" file located at ..
"/etc/apache2/sites-available/default"
on my Ubuntu machine running Apache 2.2.8.
I want to do this in order to enable the use of .htaccess files. I have downloaded the "default" file and edited it and now I am trying to upload it back to the server via SFTP. I keep getting permission denied errors.
Could it be because Apache is running and making use of the file? I am an admin on the machine so I would expect to be able to overwrite the file. Thanks for any assistance.
No it does not need to be stopped.
Try accessing the file through ssh, and make sure you access it with root privileges:
sudo nano /etc/apache2/sites-available/default
You would still need to force-reload Apache after changing the config files, as tux21b suggested in a comment below:
sudo /etc/init.d/apache2 force-reload
For Apache/2.4.7 , the file that you want to edit is:
/etc/apache2/apache2.conf