1

Question: What ownership does Apache need so that it does not require execute permissions for the world on public_html (751)?

Background: When I changed the php.ini settings through cPanel, there was an error "Error: The EUID, 1005, does not own /home/my_user_name/public_html/.htaccess." I understood this because it was the .htaccess file was owned by root:root,

So, as a green SHELL user I changed the ownership of every file using chown -R my_user_name:my_user_name .[^.]*. Sweet, I could now save my php.ini through MultiPHP INI in cPanel.

That's when this pretty error appeared when trying to visit any page on my Drupal 8 site:

Forbidden You don't have permission to access / on this server. Server unable to read htaccess file, denying access to be safe

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Even after deleting, reuploading, and changing the ownership back to root:root, it didn't work.

The only thing that worked was changing public_html to 751 (instead of 750). Why does Apache need the execute permissions for the world? And which owner/group do I need to change it to fix it?

754 also didn’t work

Improve this question
8
  • Apache runs probably as the www-data user, at least if it is a debian-based system. If not, you can check the user with a ps uxa|grep httpd. This user need to have access. Alternatively, you can use the somehow forgotten mpm-itk to be able to specify a different user for any virtual hosts. Commented Apr 23, 2019 at 1:08
  • Thanks @peterh! I followed those exact steps and it fixed my problem :) Commented Apr 23, 2019 at 1:17
  • @womble Edited question. Commented Apr 23, 2019 at 1:17
  • My pleasure. Another important info: on directories, the "x" does not mean that it is executable, there is no sense, how to "execute" a directory. On directories, the "x" access flag means that you can enter it. Thus, an o+x means that everybody can enter it. You can also specify more detailed permissions with acls, man setfacl or man getfacl. Commented Apr 23, 2019 at 1:31
  • 1
    To test, what exactly can your apache do, best if you su him. su www-data -s /bin/bash is the command. Then you have a shell in the name of the apache. If you want to download any file with http, your apache need to be able to enter into its directory, and read that file. So, cd, ls, cat, and you will know, where is really the problem. Commented Apr 23, 2019 at 1:39

1 Answer 1

Reset to default
3

You need execute permission on a directory to access files inside.

Apache accesses files not as root, but as another user, either httpd or www or www-apache or apache... Depends in your setup.

If the directory owner is root and group is root without the world executable bit only root can access the files inside. Running chmod +x public_html should fix it.

Improve this answer
1
  • Thanks for your answer. Based off your answer, I was curious if this was more of an ownership issue than a permission issue. So I researched, came across this question and fixed the issue with chown my_user:nobody public_html. Does this make sense to you? Commented Apr 23, 2019 at 0:32

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.