Permission denied: /home/username/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

I usually dump any html doc or any website in my public_html folder.  For example I have ExtJS dumped in public_html/extjs so I can see the docs in http://localhost/~shiplu/extjs/

For some days when I tried to access that url I was getting

[Thu Nov 07 21:50:39 2013] [crit] [client 127.0.0.1] (13)Permission denied: /home/shiplu/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

Replace ‘shiplu’ with your username to mach an error for your own.  I have .htaccess file in public_html folder. I was wondering why apache was looking for it inside my home directory?

Then I discovered that I have 700 mode on my home directory (/home/shiplu). So apache maps the path /extjs to /home/shiplu/public_html/extjs and look for .htaccess file on every folder in the path way.  While looking for /home/.htaccess it found the file doesn’t exists. In the next step while reading /home/shiplu/.htaccess,  it couldn’t even determine files existence  due to lack of permission.

The easy solve was to give read access to my home directory.  But I want to give read access only to apache. Not to anything else.  So I add apache in my group and give my group users to read access it. Why my group? because home directory of a user is usually owned by the users own group and the user himself.

To find your group name run `id` in the console.


$ id
uid=1000(shiplu) gid=1000(shiplu) groups=1000(shiplu),4(adm),20(dialout),24(cdrom),46(plugdev),105(lpadmin),112(netdev),115(admin),116(sambashare),129(scanner),143(kvm),144(libvirtd)

Here gid indicates my group name which is shiplu.  Also to make sure you own your home directory  run ls /home -l


total 20
drwxr-xr-x  50 hacker  hacker   4096 Nov  7 20:20 hacker
drwxr-x--- 183 shiplu  shiplu  16384 Nov  7 21:55 shiplu

See the two ‘shiplu’? The second one is the group name that owns the /home/shiplu directory.

So give the owner group of /home/shiplu read+execute access.


# chmod  750 /home/shiplu

 

And assign apache user to the shiplu group.

usermod -a -G shiplu www-data

www-data is the username of apache user. Now restart apache. and it’ll be able to access.