49

I'm running ubuntu 13.04 64bit on my desktop, I installed Apache2, MySQL and PHP etc.

I wanted to have my web root in /home/afflicto/public_html instead of /var/www. So I went along with this guide:
http://www.maketecheasier.com/install-and-configure-apache-in-ubuntu/2011/03/09
(I did everything from "configuring different sites") as I like the solution more.

Here's what I did:
Installed Apache2, MySQL etc..
copied /etc/apache2/sites-avaliable/default to /etc/apache2/sites-available/afflicto. Then edited it, it now looks like the following:

/etc/apache2/sites-available/afflicto

<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /home/afflicto/public_html
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory /home/afflicto/public_html/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

I did sudo a2dissite default && sudo a2ensite afflicto && sudo service apache2 restart

I created a index.php and index.html in /home/afflicto/public_html/test/
when accessing localhost/test or localhost/test/index.html etc, I get 403 forbidden error.

What am I doing wrong?

update 1
I have set the owner of the public_html directory to www-data.
Also sudo chmod -R +x public_html && sudo chmod -R 777 public_html
Still same 403 error.

Here's the output of the apache error log:

[Sun Jul 14 06:10:32 2013] [error] [client 127.0.0.1] (13)Permission denied: access to / denied

[Sun Jul 14 06:10:32 2013] [error] [client 127.0.0.1] (13)Permission denied: access to /favicon.ico denied
starball
  • 20,030
  • 7
  • 43
  • 238
Petter Thowsen
  • 1,697
  • 1
  • 19
  • 24

7 Answers7

119

I was faced with this issue. But I didn't like the idea of changing the group of my home directory to www-data. This problem can simply be solved by modifying the configuration file for the virtualHost. Simply configure the Directory tag to include these

<Directory "your directory here">
   Order allow,deny
   Allow from all
   Require all granted
</Directory>

The Require all granted is a new feature I guess; having a default value of denied.

see this page for further info: http://httpd.apache.org/docs/current/mod/core.html#directory

Peter
  • 6,509
  • 4
  • 30
  • 34
  • 3
    Apparently Order and Allow are not required for 2.4? – 93196.93 Jan 22 '14 at 11:56
  • 8
    That `Require all granted` is gold. Thanks a lot! – Zoltán Mar 14 '14 at 21:36
  • 1
    Situations exist where `Require all granted` might still not solve the problem. Cases where the files are to be served from a user directory [which might be encrypted]. In which case you need to do a `chmod +x` on the user directory. I'm adding this comment because I encountered this error "access denied because search permissions are missing"; the chmod +x on my home dir helped out. I'm not sure if this is very safe but my home dir is encrypted. – Peter Jul 30 '14 at 11:57
  • Thank you, I was stuck with this error for half an hour before reading your solution! – Iazel Aug 21 '14 at 15:47
  • 2
    in my case I also needed to do this "chmod +x /home/(username)", http://www.andrewklau.com/permission-denied-because-search-permissions-are-missing-on-a-component-of-the-path/ – dennisbot Dec 04 '14 at 00:47
  • Options +Indexes should be added on apache 2.4.18+ if you want to show the folders – Charleston Sep 06 '16 at 20:07
  • thank you I only change Allow from all – redhet Aug 03 '23 at 23:04
25

Turns out I had to chmod not only /home/afflicto/public_html but also /home/afflicto/ directory as well.

Weird.

Giacomo1968
  • 25,759
  • 11
  • 71
  • 103
Petter Thowsen
  • 1,697
  • 1
  • 19
  • 24
  • 9
    Correct. The apache process must have access to every directory in the path. Additionally, the apache process requires that each directory have world-access or it won't serve the directory to the (outside) world. – dsh Jul 14 '13 at 04:28
  • 3
    Not weird at all. Your stated `DocumentRoot` is `/home/afflicto/public_html` so that needs to be accessible by Apache. – Giacomo1968 May 07 '14 at 01:06
  • @kingpong Sorry to hear about this, but I believe if you are having a new issue please post a new question. “keeps the apache's config reputation ABSOLUTELY TERRIBLE” Been using Apache for over two decades and it is not hard to understand. But again, if you are facing issues please just post a new question with details so the community can help you. As it stands, this comment just sounds like a whining complaint. – Giacomo1968 Sep 10 '22 at 19:05
1

These options worked for me:

 Options Indexes FollowSymLinks
 AllowOverride All   
 Require all granted
Preeti Joshi
  • 841
  • 1
  • 13
  • 20
1

Here's another answer intending to add a simpler explanation. Let's say you want to serve a file named "main" which is in the /var/www/testwebsite directory(the DocumentRoot of an already configured & enabled virtual host). Now assume we want the Apache web server to only have access to the "main" file and not other files(e.g. main might be an entry point to our web app), then it means that the apache web server has to be the owner of that file. so chown www-data:www-data /var/www/testwebsite/main must do it. (notice: www-data is both the name of the user and the name of the group that apache uses when interacting with other files(actually, on distributions other than Ubuntu, this might be a different name, in which case it can simply be looked up in the apache2.conf as well)). Also in case the "main" file doesn't have the permission to be read/executed, it must be granted to the apache's user and group: chmod 770 /var/www/testwebsite/main. This gives the user(www-data) and the group(www-data) who are owners of the file "main" these permissions: read/write/execute(4+2+1=7), and gives other users no permissions. Now that single file(main) can be run by the Apache while we can have any other strict level of restriction on all other files in the /var/www/testwebsite directory.

aderchox
  • 3,163
  • 2
  • 28
  • 37
1

I struggled with this exact issue for hours, and what finally solved it for me is adding a slash after the directory inside of apache2.conf.

<Directory /dir> -> <Directory /dir/>

Tikolu
  • 193
  • 2
  • 12
0

Add this to your server configuration

<Directory /home/afflicto/public_html>
   AllowOverride none
   Require all denied
</Directory>

If www-root:www-root does not have permission to access, it may not work. I got a very similar problem when setting up apache2, and this fixed it for me.

Hope it helps!

EnderSlayer7692
  • 31
  • 6
0

None of the above works, it should be a path problem in site.config or apache2.config, go to the folder and copy the address URL and paste, restart the apache, and check

GRS
  • 21
  • 5