You don’t have permission to access / on this server

Posted on by John Nash

Ubuntu / MINT 2012-10-02

Aggravation installing websites under Apache2 and Ubuntu. Take existing web files already known to work. Copy the /etc/apache2/sites.available/default file and edit/rename it for each web site. Everything goes as expected

UNTIL I try to access http://localhost with the web browser. Then it always says “You don’t have permission to access / on this server”.

Changing the owner and group of the web files does not fix the problem. There is LOTS of web content out there that says you need to chmod the files. chown their owner to www-data. Set the permits to 644 or better 655. That may be true but it is not the main problem that causes this error.

To make matters much more frustrating, if you copy the web folder to the default web location, /var/www, everything works flawlessly.

And then I found the Apache2 log files and the error log had the line “(13) Permission Denied”. From the Apache2 on-line documentation on error 13:

(13) Permission Denied

Error 13 indicates a filesystem permissions problem. That is, Apache was denied access to a file or directory due to incorrect permissions. It does not, in general, imply a problem in the Apache configuration files. In order to serve files, Apache must have the proper permission granted by the operating system to access those files. In particular, the User or Group specified in httpd.conf must be able to read all files that will be served and search the directory containing those files, along with all parent directories up to the root of the filesystem. Typical permissions on a unix-like system for resources not owned by the User or Group specified in httpd.conf would be 644 -rw-r--r-- for ordinary files and 755 drwxr-x-r-x for directories or CGI scripts. You may also need to check extended permissions (such as SELinux permissions) on operating systems that support them.

Yes, I stopped when I read that: “all parent directories up to the root”. Why in the world would I be asked to let Apache2 read my whole file tree? But that was the problem, doing a chmod +X / fixed the error message. Now the real issue is how dangerous is this situation if Apache has the ability to browse my root directory, even if it cannot browse the directories it sees, this would give some interesting information to anyone who could persuade Apache2 to look for them.