Linux Apache 퍼미션 문제 : You don't have permission to access / on this server.
페이지 정보
본문
Forbidden
You don't have permission to access /index.html on this server.
1. Apache 에러 로그 메시지
[root@localhost home]# vi /var/log/httpd/username-error_log
[Fri Aug 04 06:03:21.558814 2017] [core:error] [pid 21252] (13)Permission denied: [client 내아이피:5743] AH00035: access to /index.html denied (filesystem path '/home/username/public_html/index.html') because search permissions are missing on a component of the path
2. 해당 계정의 디렉토리에 일반 사용자 실행권한을 줌
/home/username 디렉토리 권한을 chmod 711 로 변경
[root@localhost ~]# ls -al /home
total 4
drwxr-xr-x. 3 root root 19 Aug 4 03:31 .
dr-xr-xr-x. 18 root root 4096 Aug 2 13:32 ..
drwx------. 3 username username 94 Aug 4 05:17 username
[root@localhost ~]# chmod 711 /home/username
[root@localhost ~]# ls -al /home
total 4
drwxr-xr-x. 3 root root 19 Aug 4 03:31 .
dr-xr-xr-x. 18 root root 4096 Aug 2 13:32 ..
drwx--x--x. 3 username username 94 Aug 4 05:17 username
3. httpd.conf 수정
# vi /etc/httpd/conf/httpd.conf
<Directory />
AllowOverride none
Require all denied
</Directory>
를 아래와 같이 변경
<Directory />
Options FollowSymLinks
AllowOverride none
#Require all denied
Require all granted
</Directory>
> 모든 요청 허가
Apache 2.2 configuration:
Order allow,deny
Allow from all
Apache 2.4 configuration:
Require all granted
> 모든 요청 거부
Apache 2.2 configuration:
Order deny,allow
Deny from all
Apache 2.4 configuration:
Require all denied
4. SELinux가 security context 문제로 접근을 차단해서 발생한 것일 수 있다.
이 경우 chcon 명령을 사용해서 새로 변경한 DocumentRoot의 하위 디렉토리 및 파일을 Apache Httpd의 SELinux security context와 일치시켜 문제를 해결할 수 있다
/var/www/html 은 잘 접근이 되는데 /home/username/public_html 는 접근이 안됨...
두개 비교 (ls -alZ 로 비교)
4-1. Apache httpd의 기본 DocumentRoot의 SELinux security context 확인
[root@localhost ~]# ls -alZ /var/www/html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 ..
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.php
4-2. 새로 변경한 DocumentRoot의 SELinux security context 확인
[root@localhost ~]# ls -alZ /home/username/public_html/
drwxr-xr-x. username username unconfined_u:object_r:httpd_user_content_t:s0 .
drwx--x--x. username username unconfined_u:object_r:user_home_dir_t:s0 ..
-rw-r--r--. username username unconfined_u:object_r:httpd_user_content_t:s0 index.html
4-3. chcon 명령으로 SELinux security context 변경
[root@localhost ~]# chcon -Rv --type=httpd_sys_content_t /home/username/public_html
changing security context of ‘/home/u4kano/public_html/index.html’
changing security context of ‘/home/u4kano/public_html’
4-4. 변경내용 확인
[root@localhost home]# ls -alZ /home/u4kano/public_html/
drwxr-xr-x. u4kano u4kano unconfined_u:object_r:httpd_sys_content_t:s0 .
drwx--x--x. u4kano u4kano unconfined_u:object_r:user_home_dir_t:s0 ..
-rw-r--r--. u4kano u4kano unconfined_u:object_r:httpd_sys_content_t:s0 index.html
4-5. 현재 SELinux 상태 확인
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
참고자료
http://youdw.egloos.com/171450
http://develop.sunshiny.co.kr/960
http://blog.naver.com/wizardkyn/220713639482
You don't have permission to access /index.html on this server.
1. Apache 에러 로그 메시지
[root@localhost home]# vi /var/log/httpd/username-error_log
[Fri Aug 04 06:03:21.558814 2017] [core:error] [pid 21252] (13)Permission denied: [client 내아이피:5743] AH00035: access to /index.html denied (filesystem path '/home/username/public_html/index.html') because search permissions are missing on a component of the path
2. 해당 계정의 디렉토리에 일반 사용자 실행권한을 줌
/home/username 디렉토리 권한을 chmod 711 로 변경
[root@localhost ~]# ls -al /home
total 4
drwxr-xr-x. 3 root root 19 Aug 4 03:31 .
dr-xr-xr-x. 18 root root 4096 Aug 2 13:32 ..
drwx------. 3 username username 94 Aug 4 05:17 username
[root@localhost ~]# chmod 711 /home/username
[root@localhost ~]# ls -al /home
total 4
drwxr-xr-x. 3 root root 19 Aug 4 03:31 .
dr-xr-xr-x. 18 root root 4096 Aug 2 13:32 ..
drwx--x--x. 3 username username 94 Aug 4 05:17 username
3. httpd.conf 수정
# vi /etc/httpd/conf/httpd.conf
<Directory />
AllowOverride none
Require all denied
</Directory>
를 아래와 같이 변경
<Directory />
Options FollowSymLinks
AllowOverride none
#Require all denied
Require all granted
</Directory>
> 모든 요청 허가
Apache 2.2 configuration:
Order allow,deny
Allow from all
Apache 2.4 configuration:
Require all granted
> 모든 요청 거부
Apache 2.2 configuration:
Order deny,allow
Deny from all
Apache 2.4 configuration:
Require all denied
4. SELinux가 security context 문제로 접근을 차단해서 발생한 것일 수 있다.
이 경우 chcon 명령을 사용해서 새로 변경한 DocumentRoot의 하위 디렉토리 및 파일을 Apache Httpd의 SELinux security context와 일치시켜 문제를 해결할 수 있다
/var/www/html 은 잘 접근이 되는데 /home/username/public_html 는 접근이 안됨...
두개 비교 (ls -alZ 로 비교)
4-1. Apache httpd의 기본 DocumentRoot의 SELinux security context 확인
[root@localhost ~]# ls -alZ /var/www/html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 ..
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.php
4-2. 새로 변경한 DocumentRoot의 SELinux security context 확인
[root@localhost ~]# ls -alZ /home/username/public_html/
drwxr-xr-x. username username unconfined_u:object_r:httpd_user_content_t:s0 .
drwx--x--x. username username unconfined_u:object_r:user_home_dir_t:s0 ..
-rw-r--r--. username username unconfined_u:object_r:httpd_user_content_t:s0 index.html
4-3. chcon 명령으로 SELinux security context 변경
[root@localhost ~]# chcon -Rv --type=httpd_sys_content_t /home/username/public_html
changing security context of ‘/home/u4kano/public_html/index.html’
changing security context of ‘/home/u4kano/public_html’
4-4. 변경내용 확인
[root@localhost home]# ls -alZ /home/u4kano/public_html/
drwxr-xr-x. u4kano u4kano unconfined_u:object_r:httpd_sys_content_t:s0 .
drwx--x--x. u4kano u4kano unconfined_u:object_r:user_home_dir_t:s0 ..
-rw-r--r--. u4kano u4kano unconfined_u:object_r:httpd_sys_content_t:s0 index.html
4-5. 현재 SELinux 상태 확인
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
참고자료
http://youdw.egloos.com/171450
http://develop.sunshiny.co.kr/960
http://blog.naver.com/wizardkyn/220713639482
댓글목록