I usually dump any html doc or any website in my public_html
folder. For example I have ExtJS dumped in public_html/extjs so I can see the docs in http://localhost/~shiplu/extjs/
For some days when I tried to access that url I was getting
[Thu Nov 07 21:50:39 2013] [crit] [client 127.0.0.1] (13)Permission denied: /home/shiplu/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
Replace ‘shiplu’ with your username to mach an error for your own. I have .htaccess
file in public_html
folder. I was wondering why apache was looking for it inside my home directory?
Then I discovered that I have 700 mode on my home directory (/home/shiplu
). So apache maps the path /extjs
to /home/shiplu/public_html/extjs
and look for .htaccess
file on every folder in the path way. While looking for /home/.htaccess
it found the file doesn’t exists. In the next step while reading /home/shiplu/.htaccess
, it couldn’t even determine files existence due to lack of permission.
The easy solve was to give read access to my home directory. But I want to give read access only to apache. Not to anything else. So I add apache in my group and give my group users to read access it. Why my group? because home directory of a user is usually owned by the users own group and the user himself.
To find your group name run `id` in the console.
$ id
uid=1000(shiplu) gid=1000(shiplu) groups=1000(shiplu),4(adm),20(dialout),24(cdrom),46(plugdev),105(lpadmin),112(netdev),115(admin),116(sambashare),129(scanner),143(kvm),144(libvirtd)
Here gid indicates my group name which is shiplu. Also to make sure you own your home directory run ls /home -l
total 20
drwxr-xr-x 50 hacker hacker 4096 Nov 7 20:20 hacker
drwxr-x--- 183 shiplu shiplu 16384 Nov 7 21:55 shiplu
See the two ‘shiplu’? The second one is the group name that owns the /home/shiplu
directory.
So give the owner group of /home/shiplu
read+execute access.
# chmod 750 /home/shiplu
And assign apache user to the shiplu group.
usermod -a -G shiplu www-data
www-data
is the username of apache user. Now restart apache. and it’ll be able to access.