/srv/www的Apache权限被拒绝:无法检查.htaccess文件，但/var/www则没有 [英] Apache Permission denied for /srv/www: unable to check .htaccess file but not for /var/www

问题描述

我在Centos 6.5上遇到问题:

I've hit a problem on Centos 6.5:

[2012年12月28日星期一12:10:52] [a] [客户端127.0.0.1](13)权限被拒绝:/srv/www/website/.htaccess pcfg_openfile:无法检查htaccess文件，请确保该文件可读

[Mon Dec 28 12:10:52 2012] [a] [client 127.0.0.1] (13) Permission denied: /srv/www/website/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

基本上，我正在构建一个全新的服务器，并尝试将我的所有网站迁移到/srv/www文件夹而不是/var/www，因为这似乎是未来的标准(对此进行了全面的讨论，因此只是谷歌).

Basically, I was building a brand new server and trying to migrate all of my websites over into /srv/www folder instead of /var/www as it appears to be the future standard (there is a whole discussion about it so just google).

我做了什么:

1)添加了一个新组(groupadd开发人员)

1) added a new group (groupadd developers)

2)向上述组添加了用户a(gid 501)，root，apache，nobody (usermod -G develoeprs一个&& usermod -G develoeprs apache& usermod -G develoeprs根&&usermod -G develoeprs没有人)

2) added users a (gid 501), root, apache, nobody to the above group (usermod -G develoeprs a && usermod -G develoeprs apache && usermod -G develoeprs root && usermod -G develoeprs nobody)

3)复制了所有文件夹&文件到/srv/www

3) copied all folders & files into /srv/www

4)将整个/srv/www的所有权更改为apache:developers(拥有-R apache:developers/srv/www的所有权)

4) changed ownership of entire /srv/www to apache:developers (chown -R apache:developers /srv/www)

5)更改了模式，因此/srv/www是组可读/可写/可搜索的(chmod -R 2775/srv/www)

5) changed mode so /srv/www is group readable/writable/searchable (chmod -R 2775 /srv/www)

6)在/etc/sysconfig/httpd的末尾添加了'umask 002'，使其以组可写模式运行

6) added 'umask 002' to the end of /etc/sysconfig/httpd so it runs in group writable mode

7)向/etc/httpd/conf.d/vhosts.conf中添加了虚拟主机(服务httpd configtest抛出OK)

7) added virtual host(s) and to /etc/httpd/conf.d/vhosts.conf (service httpd configtest throws OK)

NameVirtualHost *:80
NameVirtualHost *:443

SSLStrictSNIVHostCheck off

<VirtualHost *:443>
    ServerAdmin webmaster@domain.ext
    DocumentRoot /srv/www/test
    ServerName test.domain.com
    ServerAlias test.domain
    SSLEngine on
    SSLCertificateFile /etc/httpd/certs/domain.com/server.crt
    SSLCertificateKeyFile /etc/httpd/certs/domain.com/server.key
    <Directory /srv/www/test>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>

8)重新启动服务器 9)手动启动httpd，因为它要求提供SSL证书密码，否则自动启动会失败(需要研究重启后如何自动启动)

8) restarted the server 9) started httpd manually because it asks for SSL certificate password otherwise autostart fails (need to look into how to start it automatically after rebooting)

我仍然收到与上面相同的错误消息.

I am still getting the same above error message.

然后，我尝试将apache用户的/etc/passwd中的主文件夹更改为/srv/www(服务器重新启动)，但仍然没有任何乐趣，即权限被拒绝.我什至重命名了旧的/var/www文件夹，并在/var/www中创建了/srv/www的符号链接.另一种尝试是将两者的root:root，apache:apache和:developers组重新锁定.

Then, I tried changing the home folder in /etc/passwd for apache user to /srv/www (server restart) but still no joy i.e. Permission denied. I even renamed the old /var/www folder and created a symlink in /var/www to /srv/www. Another attempt was to chown back to root:root, apache:apache and :developers group for both.

/srv/www/[不工作]

/srv/www/ [NOT WORKING]

drwxr-xr-x. 2 root root(cgi-bin，错误，html，图标)

drwxr-xr-x. 2 root root (cgi-bin, error, html,icons)

drwxrwsr-x. 5个apache开发人员(所有其他网站文件夹)

drwxrwsr-x. 5 apache developers (all other website folders)

-rwxrwsr-x. 1个Apache开发人员(所有文件)

-rwxrwsr-x. 1 apache developers (all files)

/srv/

drwxrwsr-x. 4个Apache开发人员www

drwxrwsr-x. 4 apache developers www

/var/www [工作]

/var/www [WORKING]

drwxr-xr-x. 2 root root(cgi-bin，错误，html，图标)

drwxr-xr-x. 2 root root (cgi-bin, error, html,icons)

drwxrwxr-x. 3个apache开发人员(所有其他网站文件夹)

drwxrwxr-x. 3 apache developers (all other website folders)

-rwxrwxr-x. 1个Apache开发人员(所有网站文件)

-rwxrwxr-x. 1 apache developers (all website files)

然后，只要将我的网站文件夹之一复制到/var/www并在/etc/httpd/conf.d/vhosts.conf中指向路径，它就会开始正常工作！

Then, as soon as I copy my one of my website's folder into /var/www and point paths in /etc/httpd/conf.d/vhosts.conf it starts to work fine!

有人知道为什么无法在/SRV/WWW文件夹中工作吗?

DOES ANYONE KNOW WHY IT'S NOT WORKING IN /SRV/WWW folder??

推荐答案

我终于找到问题的根源.这是由于SELinux策略取代了通常用于控制用户文件访问的基本传统的自由访问控制(DAC)方法(例如文件权限或访问控制列表(ACL))造成的！

I finally got to the bottom of the problem. It's caused by SELinux policies overriding basic traditional discretionary access control (DAC) methods such as file permissions or access control lists (ACLs) normally used to control the file access of users!

$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

$ setenforce
usage:  setenforce [ Enforcing | Permissive | 1 | 0 ]

$ setenforce Permissive

$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

有关SELinux的更多信息，请访问 Centos .切换到允许"模式后，我的/srv/开始工作.

More info on SELinux at Centos. As soon as I switched to Permissive mode my /srv/ started working.

如果知道执行此操作的原因和原因，则可以通过更改以下行来永久禁用/etc/selinux/config中的SELinux:

If you know what and why you are doing this then you can permanently disable SELinux in /etc/selinux/config by changing the following line:

SELINUX=enforcing

到

SELINUX=disabled

重新启动服务器，应该将其永久禁用.

Restart your server and you should have it disabled permanently.

注意:从禁用"切换为允许"或强制"时 模式下，强烈建议重新启动系统并 重新标记文件系统.

Note: When switching from Disabled to either Permissive or Enforcing mode, it is highly recommended that the system be rebooted and the filesystem relabeled.

这篇关于/srv/www的Apache权限被拒绝:无法检查.htaccess文件，但/var/www则没有的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！