5

I am trying to setup a situation where I can FTP to my Linux CentOS 7 server and update the web site files from my Windows 7 system. At this point I can FTP to my user's folder using vsftp (/home/robert) and Apache seems to work for the default web site (/var/www/html). I created a virtual host for port 8080 and if I point it to /var/www/8080/public_html it works fine but as soon as I point it to /home/robert/public_html it comes back with 403 Forbidden. You don't have permission to access / on this server. The apache error log shows

[Wed Mar 18 16:12:27.546621 2015] [core:error]
[pid 21204] (13)Permission denied: [client 192.168.1.66:57090]
AH00035: access to / denied (filesystem path '/home/robert')
because search permissions are missing on a component of the path

The apache conf file (/etc/httpd/conf/httpd.conf) has this entry for Virtual Host

Listen 80
Listen 8080

# Virtual Hosts
<VirtualHost *:8080>
    ServerName 192.168.1.10:8080
#   DocumentRoot /var/www/8080/public_html
    DocumentRoot /home/robert/public_html
</VirtualHost>

The permissions for /home/robert/public_html/index.html are below

drwxr-xr-x.   7 root root   66 Mar  9 17:16 home
dr-x---r-x. 15 robert robert 4096 Mar 16 22:51 robert
drwxr-xr-x. 2 robert robert   23 Mar 17 23:28 public_html
-rwxr-xr-x. 1 robert robert 332 Mar 17 23:28 index.html

This seems like a permissions issue but I am unclear how to proceed. Do I need to add apache user to my robert individual group? Is selinux doing something here? Any help would be appreciated. Thank you.

UPDATED: ok it appears to me that all web sites are supposed to be located under the /var/www/ folder. It seems selinux wants it that way. So how do I remotely FTP and access (read/write) the web site files??? Let's say I want user robert to FTP to /var/www/testweb and be able to read/write the files there. How is that accomplished???

UPDATED: I looked at the answer posted and ran the three commands below

setsebool -P httpd_enable_homedirs on
setsebool -P ftp_home_dir on
restorecon -r -v /home

Looks like it did something but the result is the same. I can FTP to user folder still but web site does not show up...403 error.

UPDATED: I also tried to run the following command however it errored out on all files

Command I ran

chcon -Rv --type=httpd_t /home/robert/public_html

Error I received

chcon: failed to change context of ‘index.html’ to ‘unconfined_u:object_r:httpd_t:s0’: Permission denied

I also turned selinux off using setenforce 0 but I still got 403. Advice appreciated...thank you.

1Raptor007
  • 349
  • 1
  • 3
  • 6
  • Is this a common issue? Anyone out there?? – 1Raptor007 Mar 19 '15 at 22:27
  • I was almost sure it was a SELinux problem, but as you even tried disabling it I guess we have to look elsewhere... did you check `/var/log/audit/audit.log` for messages after doing `setenforce 0`? try also to `su` to the account apache runs on to see if you can access the file (e.g. `su apache -s /bin/sh -c 'cat /home/robert/public_html/index.html'`) – Ale Mar 19 '15 at 23:12
  • Thank you for trying to help me. I appreciate it. audit log doesn't show anything wrong in my opinion. When I su apache -s /bin/bash and then cat /home/robert/public_html/index.html it says Permission denied. The permissions are listed above. What should they be??? – 1Raptor007 Mar 19 '15 at 23:41
  • Oh my word I'm so excited!!!! I set permissions on /home/robert to 777 and it worked!!!! I then stepped it back to 577 and it worked! I then put it to 505 and it still worked!!! I changed it to 500 and I received 403 error. So it looks like /home/robert needs to be 505 for Apache. However now I cannot connect to FTP. I guess my overall question remains....how can I host multiple web sites and FTP to them to update them? – 1Raptor007 Mar 19 '15 at 23:56
  • If I setenforce 0 then FTP does work, but I would like to use selinux. Also I did setsebool -P ftp_home_dir=1 but FTP still doesn't work. Still so confused but hopeful. =) – 1Raptor007 Mar 20 '15 at 00:24
  • check the user and group name /etc/httpd/http.conf. It should be your working user. – Shantanu Shamraj Nov 13 '17 at 11:29

1 Answers1

1

I think I figured it out. Apache was working but the last command that made ftp work while still having selinux running was 

setsebool -P ftpd_full_access on

Once I set that then FTP worked as it should. So now I can FTP from my Windows 7 machine, update, publish change my web site files and Apache happily delivers the content. Wow...that took days to solve. Crazy. I setup another user just to test and it all works just fine.

1Raptor007
  • 349
  • 1
  • 3
  • 6