Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by slive: http://wiki.apache.org/httpd/13PermissionDenied The comment on the change is: Make this a unified document rather than a series of semi-related points. ------------------------------------------------------------------------------ ## page was renamed from Errors/13PermissionDenied = (13) Permission Denied = - '''Error 13 indicates a filesystem permissions problem. That is, Apache was denied access to a file or directory due to incorrect permissions. ''' + '''Error 13 indicates a filesystem permissions problem. That is, Apache was denied access to a file or directory due to incorrect permissions. It does not, in general, imply a problem in the Apache configuration files.''' - On *nix systems, use {{{ls -l}}} to see the current permissions, and see {{{man chmod}}} for details on fixing these. + In order to serve files, Apache must have the proper permission granted by the operating system to access those files. In particular, the {{{User}}} or {{{Group}}} specified in {{{httpd.conf}}} must be able to read all files that will be served and search the directory containing those files, along with all parent directories up to the root of the filesystem. - GNU based systems often have a {{{namei}}} program that helps in viewing the permissions of a complete path. + Typical permissions on a unix-like system for resources not owned by the {{{User}}} or {{{Group}}} specified in {{{httpd.conf}}} would be 644 {{{-rw-r--r--}}} for ordinary files and 755 {{{drwxr-x-r-x}}} for directories or CGI scripts. You may also need to check extended permissions (such as SELinux permissions) on operating systems that support them. + === An Example === - Note that the permissions used below for examples assumes that the Apache user is not - the owner or group owner of any of the resources. It is also assumed that you, the user/admin, knows and understands the unix permissions/ownership scheme. - Make sure that the file to which permission was denied is at least readable by the Apache user (eg {{{-r--r--r--}}} or 444 as a minimum. {{{-rw-r--r--}}} or 644 is more usual). + Lets say that you received the {{{Permission Denied}}} error when accessing the file {{{/usr/local/apache2/htdocs/foo/bar.html}}} on a unix-like system. - The '''!DocumentRoot''' directory and its subdirectories need to have the 'read' and 'executable' bits set ({{{drwxr-x-r-x}}} or 755 is most common). + First check the existing permissions on the file: + {{{ cd /usr/local/apache2/htdocs/foo + ls -l bar.html + }}} - Parent directories up to the '''!DocumentRoot''' directory need at least the 'executable' bit set ({{{drwx--x--x}}} or 711 for example). + Fix them if necessary: + {{{ + chmod 644 bar.html }}} - These above also pertain to '''Userdir''' (a.k.a. '''public_html''') where you can think of a user's '''public_html''' directory as the '''!DocumentRoot''' for that user. + Then do the same for the directory and each parent directory ({{{/usr/local/apache2/htdocs/foo}}}, {{{/usr/local/apache2/htdocs}}}, {{{/usr/local/apache2}}}, {{{/usr/local}}}, {{{/usr}}}): + {{{ + ls -la + chmod +x . + cd .. + # repeat up to the root + }}} - Scripts to be executed need to be 'readable' and 'executable' ({{{drwxr-xr-x}}} or 755 being most common). + On some systems, the utility {{{namei}}} can be used to help find permissions problems by listing the permissions along each component of the path: + {{{ + namei -m /usr/local/apache2/htdocs/foo/bar.html + }}} + If all the standard permissions are correct and you still get a {{{Permission Denied}}} error, you should check for extended-permissions. For example you can use the command {{{setenforce 0}}} to turn off SELinux and check to see if the problem goes away. If so, {{{ls -alZ}}} can be used to view SELinux permission and {{{chcon}}} to fix them. - - On Linux, you can use the {{{namei}}} command to return permissions of everything in the path to the target file or directory. - - {{{ - namei -m /usr/local/apache/httpd/dir1/dir2/index.html - }}} '''DO NOT''' set files or directories to mode 777, even "just to test", even if "it's just a test server". The purpose of a test server is to get things right in a safe environment, not to get away with doing it wrong. - {{{setenforce 0}}} can be used to test if this is caused by a SELinux issue - in that case, use {{{chcon}}} to fix permissions. Use {{{ls -alZ}}} to view current permissions on such systems. -
