Apache: access denied because search permissions are missing

I know this question is asked a lot, but the solutions I saw didn't work for me.

I only have one virtual host enabled, and I'm trying to enable access to a folder that's not under the document root

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
Alias /movies /home/username/Videos/Movies
<Directory /home/username/Videos/Movies/> Options Indexes FollowSymLinks AllowOverride None Require all granted
</Directory>

I set /etc/apache2/envvars as follows

export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=public

I made sure that /home/username/Videos/ and its sub folders are owned by username:public, set the permissions to 777 (after 775 didn't work) and made sure that user www-data belongs to group public.

Now, when I browse to I get

[Mon Apr 21 11:28:14.971844 2014] [core:error] [pid 1385:tid 140067725104896] (13)Permission denied: [client 127.0.0.1:46603] AH00035: access to /movies/ denied (filesystem path '/home/username/Videos') because search permissions are missing on a component of the path

But when I set /etc/apache2/envvars to run Apache under username (my own username) everything works fine. The problem is permission related, but I don't see how in my case; especially when I set the permissions to 777. Any ideas?

P.S. Ubuntu version is 14.04, Apache is 2.4.7 and I didn't edit other configuration files.

5

6 Answers

Do a chmod +x on your user dir, and restart apache. 755 permissions should work. I've had problems with 644.

7

If in the case of selinux being the issue, rather than just disable it, this page and this page give the command to grant access:

chcon -R -t httpd_sys_content_t ~/public_html/
6

I encountered the same problem, after hours of trying, I found a solution exactly solves the problem:

Basically, the Apache server does not only require read permissions of all files it serves, but the execution permission of all directories in the path of your virtual host.

The utility namei can be used to help find permissions problems by listing the permissions along each component of the path:

namei --modes /usr/local/apache2/htdocs/foo/bar.html

In my case, a directory in my path has the permission 700, it causes the problem. After changing it to 701, the problem was solved.

3

You might have selinux enabled. Try

getenforce

If it shows "Enforcing", try

setenforce 0

and try if this fixes your issue.

2

Instead of granting access of the home directories ~ and ~/public_html (e.g. by chmod 755 ...) to all users, an alternative is to add the apache2 user (usually www-data for Ubuntu) to the personal group of the current user (the group with the same name as the user name):

sudo adduser www-data $(whoami)
sudo service apache2 reload

(assuming ~/public_html belongs to the default user group.)

This matters when there are multiple users and it's important that the users are not allowed to access each others home folders.

1

I was experiencing this issue when I was trying to run apache in a docker container on an Ubuntu 16.04 host that was using the 4.4 kernel instead of 4.10.

Once I ran this command on the host and re-deployed, I was fine:

sudo apt-get install --install-recommends linux-generic-hwe-16.04 
1

You Might Also Like