Apache 403 Forbidden on sub folders?
Multi tool use
I can view all files in the root directory (/var/www) but as soon as i enter a sub directory (eg /var/www/test) i get a 403 Forbidden error. I'm running Ubuntu 12.04.01.
Have tried searching for similar problems but found no solution.
Any suggestions?
Update:
Checked error log in /var/log/apache2/error.log and it contains:
client denied by server configuration: /var/www/test/
Update:
If i su into www-data and try to cd into any of the sub-directories it gives me the error:
cd test
sh: 4: cd: can't cd to test
Update:
By doing ls -l in /var/www i get:
drwx------ 3 nicklas nicklas 4096 Sep 13 18:35 test
Could that be the issue?
Update: I fixed it!
I ran the following command, and it seems to be working fine now.
cd /var/www
chown -R www-data:www-data *
linux ubuntu permissions apache-httpd
edited Mar 6 at 16:28
Rui F Ribeiro
41.8k1483142
asked Sep 13 '12 at 16:51
qwertyqwerty
1,31141113
add a comment |
I can view all files in the root directory (/var/www) but as soon as i enter a sub directory (eg /var/www/test) i get a 403 Forbidden error. I'm running Ubuntu 12.04.01.
Have tried searching for similar problems but found no solution.
Any suggestions?
Update:
Checked error log in /var/log/apache2/error.log and it contains:
client denied by server configuration: /var/www/test/
Update:
If i su into www-data and try to cd into any of the sub-directories it gives me the error:
cd test
sh: 4: cd: can't cd to test
Update:
By doing ls -l in /var/www i get:
drwx------ 3 nicklas nicklas 4096 Sep 13 18:35 test
Could that be the issue?
Update: I fixed it!
I ran the following command, and it seems to be working fine now.
cd /var/www
chown -R www-data:www-data *
linux ubuntu permissions apache-httpd
edited Mar 6 at 16:28
Rui F Ribeiro
41.8k1483142
asked Sep 13 '12 at 16:51
qwertyqwerty
1,31141113
1
Just a note, by doing that, you're giving www-data all the rights on those folders. Generally it's a good idea to give as few rights as possible to that user to limit the impact of any vulnerability in the web server or the web application it serves. So chown root:root and chmod 644 (then, www-data has read access, and only root has write access).
– Stéphane Chazelas
Sep 13 '12 at 19:48
Have you properly set up yoursites-enabledandsites-availablefiles?
– terdon♦
Sep 15 '12 at 11:34
@qwerty You are amazing. It took me hours to find this post. Why not add your own answer and accept it?
– Benjamin
Aug 21 '15 at 14:55
add a comment |
I can view all files in the root directory (/var/www) but as soon as i enter a sub directory (eg /var/www/test) i get a 403 Forbidden error. I'm running Ubuntu 12.04.01.
Have tried searching for similar problems but found no solution.
Any suggestions?
Update:
Checked error log in /var/log/apache2/error.log and it contains:
client denied by server configuration: /var/www/test/
Update:
If i su into www-data and try to cd into any of the sub-directories it gives me the error:
cd test
sh: 4: cd: can't cd to test
Update:
By doing ls -l in /var/www i get:
drwx------ 3 nicklas nicklas 4096 Sep 13 18:35 test
Could that be the issue?
Update: I fixed it!
I ran the following command, and it seems to be working fine now.
cd /var/www
chown -R www-data:www-data *
linux ubuntu permissions apache-httpd
edited Mar 6 at 16:28
Rui F Ribeiro
41.8k1483142
asked Sep 13 '12 at 16:51
qwertyqwerty
1,31141113
I can view all files in the root directory (/var/www) but as soon as i enter a sub directory (eg /var/www/test) i get a 403 Forbidden error. I'm running Ubuntu 12.04.01.
Have tried searching for similar problems but found no solution.
Any suggestions?
Update:
Checked error log in /var/log/apache2/error.log and it contains:
client denied by server configuration: /var/www/test/
Update:
If i su into www-data and try to cd into any of the sub-directories it gives me the error:
cd test
sh: 4: cd: can't cd to test
Update:
By doing ls -l in /var/www i get:
drwx------ 3 nicklas nicklas 4096 Sep 13 18:35 test
Could that be the issue?
Update: I fixed it!
I ran the following command, and it seems to be working fine now.
cd /var/www
chown -R www-data:www-data *
linux ubuntu permissions apache-httpd
linux ubuntu permissions apache-httpd
edited Mar 6 at 16:28
Rui F Ribeiro
41.8k1483142
asked Sep 13 '12 at 16:51
qwertyqwerty
1,31141113
edited Mar 6 at 16:28
Rui F Ribeiro
41.8k1483142
asked Sep 13 '12 at 16:51
qwertyqwerty
1,31141113
edited Mar 6 at 16:28
Rui F Ribeiro
41.8k1483142
edited Mar 6 at 16:28
Rui F Ribeiro
41.8k1483142
edited Mar 6 at 16:28
Rui F Ribeiro
41.8k1483142
41.8k1483142
asked Sep 13 '12 at 16:51
qwertyqwerty
1,31141113
asked Sep 13 '12 at 16:51
qwertyqwerty
1,31141113
asked Sep 13 '12 at 16:51
qwertyqwerty
1,31141113
1,31141113
1
Just a note, by doing that, you're giving www-data all the rights on those folders. Generally it's a good idea to give as few rights as possible to that user to limit the impact of any vulnerability in the web server or the web application it serves. So chown root:root and chmod 644 (then, www-data has read access, and only root has write access).
– Stéphane Chazelas
Sep 13 '12 at 19:48
Have you properly set up yoursites-enabledandsites-availablefiles?
– terdon♦
Sep 15 '12 at 11:34
@qwerty You are amazing. It took me hours to find this post. Why not add your own answer and accept it?
– Benjamin
Aug 21 '15 at 14:55
add a comment |
1
Just a note, by doing that, you're giving www-data all the rights on those folders. Generally it's a good idea to give as few rights as possible to that user to limit the impact of any vulnerability in the web server or the web application it serves. So chown root:root and chmod 644 (then, www-data has read access, and only root has write access).
– Stéphane Chazelas
Sep 13 '12 at 19:48
Have you properly set up yoursites-enabledandsites-availablefiles?
– terdon♦
Sep 15 '12 at 11:34
@qwerty You are amazing. It took me hours to find this post. Why not add your own answer and accept it?
– Benjamin
Aug 21 '15 at 14:55
1
1
Just a note, by doing that, you're giving www-data all the rights on those folders. Generally it's a good idea to give as few rights as possible to that user to limit the impact of any vulnerability in the web server or the web application it serves. So chown root:root and chmod 644 (then, www-data has read access, and only root has write access).
– Stéphane Chazelas
Sep 13 '12 at 19:48
Just a note, by doing that, you're giving www-data all the rights on those folders. Generally it's a good idea to give as few rights as possible to that user to limit the impact of any vulnerability in the web server or the web application it serves. So chown root:root and chmod 644 (then, www-data has read access, and only root has write access).
– Stéphane Chazelas
Sep 13 '12 at 19:48
Have you properly set up your
sites-enabled and sites-available files?– terdon♦
Sep 15 '12 at 11:34
Have you properly set up your
sites-enabled and sites-available files?– terdon♦
Sep 15 '12 at 11:34
@qwerty You are amazing. It took me hours to find this post. Why not add your own answer and accept it?
– Benjamin
Aug 21 '15 at 14:55
@qwerty You are amazing. It took me hours to find this post. Why not add your own answer and accept it?
– Benjamin
Aug 21 '15 at 14:55
add a comment |
3 Answers
3
active
oldest
votes
Check the file permissions on the sub-directories. If you have selinux enabled run the following:
restorecon -Rv /var/www
answered Sep 13 '12 at 16:58
utopiaboundutopiabound
2,6891618
I keep hearing about selinux, but i don't think i have it enabled because i keep getting "command not found" when i run selinux commands. Can't i just run a script and set the correct permissions for all subfolders automatically?
– qwerty
Sep 13 '12 at 17:01
@qwerty The command given, will fix all the sub-directories correctly if you have selinux. if you don't have restorecon, I think you can safely ignore that step.
– utopiabound
Sep 13 '12 at 17:02
Oh okay. What do you mean by "ignore that step"? Could i install selinux and run that command to fix it? Is there another approach to fix the issue? How do i know it is permission related?
– qwerty
Sep 13 '12 at 17:05
Please see my updated question.
– qwerty
Sep 13 '12 at 17:15
add a comment |
The /var/www directory should not be owned by www-data. Not as user, and not as group.
You should chmod -R ug+rwX,o-w,o+rX /var/www.
answered Nov 12 '12 at 21:21
bahamatbahamat
24.9k15090
add a comment |
In such case, you should always first check your error log. It should be in
/var/log/apache/ or /var/log/httpd/ or something similar by default.
I'm guessing that it's caused by Indexes option which controls if someone can list files on some directory from HTTP or not. Here's some more information about it.
answered Sep 13 '12 at 16:59
Krzysztof AdamskiKrzysztof Adamski
3,2481619
You're right, i checked the log and updated the question with the error message.
– qwerty
Sep 13 '12 at 17:13
I updated the question once again, i can't seem to cd into any subdirs from www-data either.
– qwerty
Sep 13 '12 at 17:15
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f48083%2fapache-403-forbidden-on-sub-folders%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Check the file permissions on the sub-directories. If you have selinux enabled run the following:
restorecon -Rv /var/www
answered Sep 13 '12 at 16:58
utopiaboundutopiabound
2,6891618
I keep hearing about selinux, but i don't think i have it enabled because i keep getting "command not found" when i run selinux commands. Can't i just run a script and set the correct permissions for all subfolders automatically?
– qwerty
Sep 13 '12 at 17:01
@qwerty The command given, will fix all the sub-directories correctly if you have selinux. if you don't have restorecon, I think you can safely ignore that step.
– utopiabound
Sep 13 '12 at 17:02
Oh okay. What do you mean by "ignore that step"? Could i install selinux and run that command to fix it? Is there another approach to fix the issue? How do i know it is permission related?
– qwerty
Sep 13 '12 at 17:05
Please see my updated question.
– qwerty
Sep 13 '12 at 17:15
add a comment |
Check the file permissions on the sub-directories. If you have selinux enabled run the following:
restorecon -Rv /var/www
answered Sep 13 '12 at 16:58
utopiaboundutopiabound
2,6891618
I keep hearing about selinux, but i don't think i have it enabled because i keep getting "command not found" when i run selinux commands. Can't i just run a script and set the correct permissions for all subfolders automatically?
– qwerty
Sep 13 '12 at 17:01
@qwerty The command given, will fix all the sub-directories correctly if you have selinux. if you don't have restorecon, I think you can safely ignore that step.
– utopiabound
Sep 13 '12 at 17:02
Oh okay. What do you mean by "ignore that step"? Could i install selinux and run that command to fix it? Is there another approach to fix the issue? How do i know it is permission related?
– qwerty
Sep 13 '12 at 17:05
Please see my updated question.
– qwerty
Sep 13 '12 at 17:15
add a comment |
Check the file permissions on the sub-directories. If you have selinux enabled run the following:
restorecon -Rv /var/www
answered Sep 13 '12 at 16:58
utopiaboundutopiabound
2,6891618
Check the file permissions on the sub-directories. If you have selinux enabled run the following:
restorecon -Rv /var/www
answered Sep 13 '12 at 16:58
utopiaboundutopiabound
2,6891618
answered Sep 13 '12 at 16:58
utopiaboundutopiabound
2,6891618
answered Sep 13 '12 at 16:58
utopiaboundutopiabound
2,6891618
answered Sep 13 '12 at 16:58
utopiaboundutopiabound
2,6891618
2,6891618
I keep hearing about selinux, but i don't think i have it enabled because i keep getting "command not found" when i run selinux commands. Can't i just run a script and set the correct permissions for all subfolders automatically?
– qwerty
Sep 13 '12 at 17:01
@qwerty The command given, will fix all the sub-directories correctly if you have selinux. if you don't have restorecon, I think you can safely ignore that step.
– utopiabound
Sep 13 '12 at 17:02
Oh okay. What do you mean by "ignore that step"? Could i install selinux and run that command to fix it? Is there another approach to fix the issue? How do i know it is permission related?
– qwerty
Sep 13 '12 at 17:05
Please see my updated question.
– qwerty
Sep 13 '12 at 17:15
add a comment |
I keep hearing about selinux, but i don't think i have it enabled because i keep getting "command not found" when i run selinux commands. Can't i just run a script and set the correct permissions for all subfolders automatically?
– qwerty
Sep 13 '12 at 17:01
@qwerty The command given, will fix all the sub-directories correctly if you have selinux. if you don't have restorecon, I think you can safely ignore that step.
– utopiabound
Sep 13 '12 at 17:02
Oh okay. What do you mean by "ignore that step"? Could i install selinux and run that command to fix it? Is there another approach to fix the issue? How do i know it is permission related?
– qwerty
Sep 13 '12 at 17:05
Please see my updated question.
– qwerty
Sep 13 '12 at 17:15
I keep hearing about selinux, but i don't think i have it enabled because i keep getting "command not found" when i run selinux commands. Can't i just run a script and set the correct permissions for all subfolders automatically?
– qwerty
Sep 13 '12 at 17:01
I keep hearing about selinux, but i don't think i have it enabled because i keep getting "command not found" when i run selinux commands. Can't i just run a script and set the correct permissions for all subfolders automatically?
– qwerty
Sep 13 '12 at 17:01
@qwerty The command given, will fix all the sub-directories correctly if you have selinux. if you don't have restorecon, I think you can safely ignore that step.
– utopiabound
Sep 13 '12 at 17:02
@qwerty The command given, will fix all the sub-directories correctly if you have selinux. if you don't have restorecon, I think you can safely ignore that step.
– utopiabound
Sep 13 '12 at 17:02
Oh okay. What do you mean by "ignore that step"? Could i install selinux and run that command to fix it? Is there another approach to fix the issue? How do i know it is permission related?
– qwerty
Sep 13 '12 at 17:05
Oh okay. What do you mean by "ignore that step"? Could i install selinux and run that command to fix it? Is there another approach to fix the issue? How do i know it is permission related?
– qwerty
Sep 13 '12 at 17:05
Please see my updated question.
– qwerty
Sep 13 '12 at 17:15
Please see my updated question.
– qwerty
Sep 13 '12 at 17:15
add a comment |
The /var/www directory should not be owned by www-data. Not as user, and not as group.
You should chmod -R ug+rwX,o-w,o+rX /var/www.
answered Nov 12 '12 at 21:21
bahamatbahamat
24.9k15090
add a comment |
The /var/www directory should not be owned by www-data. Not as user, and not as group.
You should chmod -R ug+rwX,o-w,o+rX /var/www.
answered Nov 12 '12 at 21:21
bahamatbahamat
24.9k15090
add a comment |
The /var/www directory should not be owned by www-data. Not as user, and not as group.
You should chmod -R ug+rwX,o-w,o+rX /var/www.
answered Nov 12 '12 at 21:21
bahamatbahamat
24.9k15090
The /var/www directory should not be owned by www-data. Not as user, and not as group.
You should chmod -R ug+rwX,o-w,o+rX /var/www.
answered Nov 12 '12 at 21:21
bahamatbahamat
24.9k15090
answered Nov 12 '12 at 21:21
bahamatbahamat
24.9k15090
answered Nov 12 '12 at 21:21
bahamatbahamat
24.9k15090
answered Nov 12 '12 at 21:21
bahamatbahamat
24.9k15090
24.9k15090
add a comment |
add a comment |
In such case, you should always first check your error log. It should be in
/var/log/apache/ or /var/log/httpd/ or something similar by default.
I'm guessing that it's caused by Indexes option which controls if someone can list files on some directory from HTTP or not. Here's some more information about it.
answered Sep 13 '12 at 16:59
Krzysztof AdamskiKrzysztof Adamski
3,2481619
You're right, i checked the log and updated the question with the error message.
– qwerty
Sep 13 '12 at 17:13
I updated the question once again, i can't seem to cd into any subdirs from www-data either.
– qwerty
Sep 13 '12 at 17:15
add a comment |
In such case, you should always first check your error log. It should be in
/var/log/apache/ or /var/log/httpd/ or something similar by default.
I'm guessing that it's caused by Indexes option which controls if someone can list files on some directory from HTTP or not. Here's some more information about it.
answered Sep 13 '12 at 16:59
Krzysztof AdamskiKrzysztof Adamski
3,2481619
You're right, i checked the log and updated the question with the error message.
– qwerty
Sep 13 '12 at 17:13
I updated the question once again, i can't seem to cd into any subdirs from www-data either.
– qwerty
Sep 13 '12 at 17:15
add a comment |
In such case, you should always first check your error log. It should be in
/var/log/apache/ or /var/log/httpd/ or something similar by default.
I'm guessing that it's caused by Indexes option which controls if someone can list files on some directory from HTTP or not. Here's some more information about it.
answered Sep 13 '12 at 16:59
Krzysztof AdamskiKrzysztof Adamski
3,2481619
In such case, you should always first check your error log. It should be in
/var/log/apache/ or /var/log/httpd/ or something similar by default.
I'm guessing that it's caused by Indexes option which controls if someone can list files on some directory from HTTP or not. Here's some more information about it.
answered Sep 13 '12 at 16:59
Krzysztof AdamskiKrzysztof Adamski
3,2481619
answered Sep 13 '12 at 16:59
Krzysztof AdamskiKrzysztof Adamski
3,2481619
answered Sep 13 '12 at 16:59
Krzysztof AdamskiKrzysztof Adamski
3,2481619
answered Sep 13 '12 at 16:59
Krzysztof AdamskiKrzysztof Adamski
3,2481619
3,2481619
You're right, i checked the log and updated the question with the error message.
– qwerty
Sep 13 '12 at 17:13
I updated the question once again, i can't seem to cd into any subdirs from www-data either.
– qwerty
Sep 13 '12 at 17:15
add a comment |
You're right, i checked the log and updated the question with the error message.
– qwerty
Sep 13 '12 at 17:13
I updated the question once again, i can't seem to cd into any subdirs from www-data either.
– qwerty
Sep 13 '12 at 17:15
You're right, i checked the log and updated the question with the error message.
– qwerty
Sep 13 '12 at 17:13
You're right, i checked the log and updated the question with the error message.
– qwerty
Sep 13 '12 at 17:13
I updated the question once again, i can't seem to cd into any subdirs from www-data either.
– qwerty
Sep 13 '12 at 17:15
I updated the question once again, i can't seem to cd into any subdirs from www-data either.
– qwerty
Sep 13 '12 at 17:15
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f48083%2fapache-403-forbidden-on-sub-folders%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
y2M,fB58
1
Just a note, by doing that, you're giving www-data all the rights on those folders. Generally it's a good idea to give as few rights as possible to that user to limit the impact of any vulnerability in the web server or the web application it serves. So chown root:root and chmod 644 (then, www-data has read access, and only root has write access).
– Stéphane Chazelas
Sep 13 '12 at 19:48
Have you properly set up your
sites-enabledandsites-availablefiles?– terdon♦
Sep 15 '12 at 11:34
@qwerty You are amazing. It took me hours to find this post. Why not add your own answer and accept it?
– Benjamin
Aug 21 '15 at 14:55