0

I have a site that needs to be protected with .htaccess file.

But I get permission denied error while accessing my site ignoring the correct login. Apache Server version: Apache/2.2.3

.htaccess file : 

[root@server conf]# cat /home/molly/www/.htaccess   
AuthName "Directory Auth for User Molly"  
AuthType Basic  
AuthUserFile /home/molly/.htpasswd  
require user molly

Permissions : 

[root@server conf]# ls -al /home/molly/www/.htaccess   
-rwxr-xr-x 1 molly apache 116 Jan 13 18:12 /home/molly/www/.htaccess  
[root@server conf]#

Earlier the permissions were 644 to htaccess file, but I changed it to 755 after checking some solutions, but of no use

Similarly, permissions on .htpasswd file : 

[root@server conf]# ls -al /home/molly/.htpasswd   
-rwxr-xr-x 1 molly apache 46 Jan 13 18:58 /home/molly/.htpasswd  
[root@server conf]#

Error log file : 

[Wed Jan 14 11:59:29 2015] [error] [client 10.0.0.7] (13)Permission denied:   Could not open password file: /home/molly/.htpasswd  
[Wed Jan 14 11:59:29 2015] [error] [client 10.0.0.7] access to /~molly failed,  reason: verification of user id 'molly' not configured

Also I changed the user directory permission to 755 as such, but of no use. 

[root@server conf]# ls -ld /home/molly/  
drwxr-xr-x 4 molly molly 4096 Jan 13 18:23 /home/molly/  
[root@server conf]#

I am unable to move forward because of this weird htpasswd problem.

Any Ideas
I hope many guys might have gone through this problem.

Improve this question
4
  • It may be an SELinux issue. Commented Jan 14, 2015 at 7:54
  • does it mean if selinux is enabled, it is never possible to login with correct permissions and settings. Is it possible to make changes in selinux policy so that changes will work with selinux enabled. Commented Jan 14, 2015 at 13:26
  • selinux can prevent e.g. apache from reading files in your home directory, even though the permissions say it can. Modifying this is possible, but I don't know how as I've not had any experience with selinux. Commented Jan 14, 2015 at 13:41
  • It could also be simple permissions on /home/molly. Try ls -ld /home /home/molly and ensure that your Apache user (or group) has got at least x access into both these directories. The .htaccess file itself does not need x permission so you can reset that back to 0644. Commented Jun 14, 2016 at 21:07

2 Answers 2

Reset to default
1

(I see this is an old question, but this might be useful to others, so...)

If you suspect a SELinux issue, there is often an easy way to fix it without completely disabling SELinux.

First, make sure that the package that contains the SELinux policy documentation is installed. In RedHat/CentOS/OEL it is named selinux-policy-doc.

Then, each system service that is included in the standard distribution has a man page that describes the SELinux context labels and other necessary details for that specific service. They are all named <service name>_selinux.

In this case, the command would be man httpd_selinux.

In the BOOLEANS section of the man page, there will usually be a number of SELinux restrictions that can be easily switched on and off as necessary. Most common needs can be satisfied by adjusting the appropriate booleans as needed. Here's some examples on httpd:

If you want to allow httpd to use built in scripting (usually php), you must turn on the httpd_builtin_scripting boolean. Enabled by default.

setsebool -P httpd_builtin_scripting 1

If you want to allow httpd cgi support, you must turn on the httpd_enable_cgi boolean. Enabled by default.

setsebool -P httpd_enable_cgi 1

If you want to allow httpd to read user content, you must turn on the httpd_read_user_content boolean. Disabled by default.

setsebool -P httpd_read_user_content 1

If you want to allow httpd to read home directories, you must turn on the httpd_enable_homedirs boolean. Disabled by default.

setsebool -P httpd_enable_homedirs 1

If you want to allow httpd to access cifs file systems, you must turn on the httpd_use_cifs boolean. Disabled by default.

setsebool -P httpd_use_cifs 1

If you want to allow httpd to access nfs file systems, you must turn on the httpd_use_nfs boolean. Disabled by default.

setsebool -P httpd_use_nfs 1

There are many more SELinux booleans for httpd.

To allow httpd to access the users' home directories, you'd need at least httpd_read_user_content. And since your error log indicates you're probably using Apache's UserDir feature, so you'll need httpd_enable_homedirs too. See also this question on Server Fault.

Both are disabled by default, so you'll need two commands:

# setsebool -P httpd_read_user_content 1
# setsebool -P httpd_enable_homedirs 1

The -P option to setsebool tells it to make the settings persistent, so there will be no need to edit any further SELinux configuration files.

Improve this answer
0

To see from what exactly is your problem try with 777 permissions, then change back to 644 or 444. If with 777 permissions you get the same error, try to disable SELinux

/etc/selinux/config

SELINUX=disabled

If again not working try to remove .htpasswd, if now work correctly, it means the problem is in .htpasswd, for example rules or some grammatical error.

Improve this answer
1
  • 5
    Ouch! Never "disable" SELinux, unless you definitely want to disable. Use setenforce 0 to switch to permissive mode. Or better, check /var/log/audit/audit.log! Commented Apr 10, 2016 at 19:21

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.