114

I know this question is asked a lot, but the solutions I saw didn't work for me.

I only have one virtual host enabled, and I'm trying to enable access to a folder that's not under the document root

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

Alias /movies /home/username/Videos/Movies

<Directory /home/username/Videos/Movies/>
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

I set /etc/apache2/envvars as follows

export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=public

I made sure that /home/username/Videos/ and its sub folders are owned by username:public, set the permissions to 777 (after 775 didn't work) and made sure that user www-data belongs to group public.

Now, when I browse to http://localhost/movies I get

[Mon Apr 21 11:28:14.971844 2014] [core:error] [pid 1385:tid 140067725104896] (13)Permission denied: [client 127.0.0.1:46603] AH00035: access to /movies/ denied (filesystem path '/home/username/Videos') because search permissions are missing on a component of the path

But when I set /etc/apache2/envvars to run Apache under username (my own username) everything works fine. The problem is permission related, but I don't see how in my case; especially when I set the permissions to 777. Any ideas?

P.S. Ubuntu version is 14.04, Apache is 2.4.7 and I didn't edit other configuration files.

user2066657
  • 103
Yotam
  • 1,419

6 Answers6

150

Do a chmod +x on your user dir, and restart apache. 755 permissions should work. I've had problems with 644.

* Note that as of Ubuntu 22.04 the user dir has 750 permissions by default rather than 755.

Cyrille
  • 121
Peter
  • 1,688
45

If in the case of SELinux being the issue, rather than just disable it, this page, this page, and this page give the command to grant access:

Allows httpd read access chcon -R -t httpd_sys_content_t ~/public_html/

Allows httpd write access chcon -R -t httpd_sys_rw_content_t ~/public_html/

Allows httpd remote calls sudo setsebool -P httpd_can_network_connect 1

The 3rd one allows file_get_contents/curl outbound calls that are disabled by SElinux by edfault.

Abdul Rehman
  • 515
  • 1
  • 6
  • 20
jozxyqk
  • 1,181
  • 1
  • 15
  • 28
28

I encountered the same problem, after hours of trying, I found a solution exactly solves the problem:

https://wiki.apache.org/httpd/13PermissionDenied

Basically, the Apache server does not only require read permissions of all files it serves, but the execution permission of all directories in the path of your virtual host.

The utility namei can be used to help find permissions problems by listing the permissions along each component of the path:

namei --modes /usr/local/apache2/htdocs/foo/bar.html

In my case, a directory in my path has the permission 700, it causes the problem. After changing it to 701, the problem was solved.

Elijah Lynn
  • 3,928
Lu Sun
  • 381
20

You might have selinux enabled. Try

getenforce

If it shows "Enforcing", try

setenforce 0

and try if this fixes your issue.

Jens Erat
  • 5,131
  • 7
  • 33
  • 37
Soprano
  • 225
14

Instead of granting access of the home directories ~ and ~/public_html (e.g. by chmod 755 ...) to all users, an alternative is to add the apache2 user (usually www-data for Ubuntu) to the personal group of the current user (the group with the same name as the user name):

sudo adduser www-data $(whoami)
sudo service apache2 reload

(assuming ~/public_html belongs to the default user group.)

This matters when there are multiple users and it's important that the users are not allowed to access each others home folders.

tinlyx
  • 3,328
1

I was experiencing this issue when I was trying to run apache in a docker container on an Ubuntu 16.04 host that was using the 4.4 kernel instead of 4.10.

Once I ran this command on the host and re-deployed, I was fine:

sudo apt-get install --install-recommends linux-generic-hwe-16.04
Programster
  • 6,039