Stumped by (13)Permission denied: file permissions deny server access ?

I was just pretty stumped by the following Apache error, in /var/log/httpd/error_log:

[Thu Dec 08 21:53:28 2011] [error] [client] (13)Permission denied: file permissions deny server access: /var/www/html/aml/i

The error implies it’s a filesystem permissions issue, and the Apache site explains that it’s almost always related to filesystem permissions, not Apache configuration. But this was exasperating, because the file ownership was apache.apache, and index.html was chmod 755. Apache could absolutely access it. But then the Apache docs made a passing mention that sometimes it was related to SELinux errors.

Sure enough, that’s exactly my problem:

[matt@bos aml]$ ls -alZ 
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 .
drwxr-xr-x. root   root   system_u:object_r:httpd_sys_content_t:s0 ..
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 .htaccess
drwxr-xr-x. apache apache unconfined_u:object_r:user_home_t:s0 images
-rw-r--r--. apache apache unconfined_u:object_r:user_home_t:s0 index.html
drwxr-xr-x. apache apache unconfined_u:object_r:user_home_t:s0 stylesheets

Note that the directory, and the .htaccess file I touched, have the httpd_sys_content label, which is appropriate here. But the other files show user_home_t. This apparently precludes Apache from being able to see them.

Where this went wrong is that, to get them onto the server, I scp’ed them from my desktop to my home directory on the webserver, and then cp’ed them to /var/www/html. In doing so, they picked up the user_home_t label since they were in my home directory.

A quick sudo restorecon -r . got everything sorted out. There may be a more elegant way, but this worked for me.

33 thoughts on “Stumped by (13)Permission denied: file permissions deny server access ?

  1. Had the same problem, yours didnt work exactly. I did sudo restorecon *

    and restarted apache and it worked.

  2. Pingback: Security Context Redhat | Abunajiyah's Weblog

  3. Thank you so much for this! I had the same issue, and was bemused. For the same reason… I put it on my desktop then SCPed which I rarey do.

    I found just -r didn’t work. I had to do -r *.


  4. If you were here I’d kiss you, I have just spent hours trying to solve this and your blog post fixed it in a moment. Thank You!

Leave a Reply

Your email address will not be published. Required fields are marked *