I've hit a problem on Centos 6.5:
[Mon Dec 28 12:10:52 2012] [a] [client 127.0.0.1] (13) Permission denied: /srv/www/website/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
Basically, I was building a brand new server and trying to migrate all of my websites over into /srv/www folder instead of /var/www as it appears to be the future standard (there is a whole discussion about it so just google).
What I did:
1) added a new group (groupadd developers)
2) added users a (gid 501), root, apache, nobody to the above group (usermod -G develoeprs a && usermod -G develoeprs apache && usermod -G develoeprs root && usermod -G develoeprs nobody)
3) copied all folders & files into /srv/www
4) changed ownership of entire /srv/www to apache:developers (chown -R apache:developers /srv/www)
5) changed mode so /srv/www is group readable/writable/searchable (chmod -R 2775 /srv/www)
6) added 'umask 002' to the end of /etc/sysconfig/httpd so it runs in group writable mode
7) added virtual host(s) and to /etc/httpd/conf.d/vhosts.conf (service httpd configtest throws OK)
NameVirtualHost *:80
NameVirtualHost *:443
SSLStrictSNIVHostCheck off
<VirtualHost *:443>
ServerAdmin webmaster@domain.ext
DocumentRoot /srv/www/test
ServerName test.domain.com
ServerAlias test.domain
SSLEngine on
SSLCertificateFile /etc/httpd/certs/domain.com/server.crt
SSLCertificateKeyFile /etc/httpd/certs/domain.com/server.key
<Directory /srv/www/test>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
8) restarted the server 9) started httpd manually because it asks for SSL certificate password otherwise autostart fails (need to look into how to start it automatically after rebooting)
I am still getting the same above error message.
Then, I tried changing the home folder in /etc/passwd for apache user to /srv/www (server restart) but still no joy i.e. Permission denied. I even renamed the old /var/www folder and created a symlink in /var/www to /srv/www. Another attempt was to chown back to root:root, apache:apache and :developers group for both.
/srv/www/ [NOT WORKING]
drwxr-xr-x. 2 root root (cgi-bin, error, html,icons)
drwxrwsr-x. 5 apache developers (all other website folders)
-rwxrwsr-x. 1 apache developers (all files)
/srv/
drwxrwsr-x. 4 apache developers www
/var/www [WORKING]
drwxr-xr-x. 2 root root (cgi-bin, error, html,icons)
drwxrwxr-x. 3 apache developers (all other website folders)
-rwxrwxr-x. 1 apache developers (all website files)
Then, as soon as I copy my one of my website's folder into /var/www and point paths in /etc/httpd/conf.d/vhosts.conf it starts to work fine!
DOES ANYONE KNOW WHY IT'S NOT WORKING IN /SRV/WWW folder??
I finally got to the bottom of the problem. It's caused by SELinux policies overriding basic traditional discretionary access control (DAC) methods such as file permissions or access control lists (ACLs) normally used to control the file access of users!
$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
$ setenforce
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]
$ setenforce Permissive
$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
More info on SELinux at Centos. As soon as I switched to Permissive mode my /srv/ started working.
If you know what and why you are doing this then you can permanently disable SELinux in /etc/selinux/config by changing the following line:
SELINUX=enforcing
to
SELINUX=disabled
Restart your server and you should have it disabled permanently.
Note: When switching from Disabled to either Permissive or Enforcing mode, it is highly recommended that the system be rebooted and the filesystem relabeled.