Apache permission denied on Fedora 17 EC2 instance

Cerin asked:

I’m attempting to start Apache on a Fedora 17 EC2 instance via the standard:

sudo systemctl start httpd.service

but I’m getting the error “Job failed. See system journal and ‘systemctl status’ for details.”

Upon looking in /var/log/messages, I see:

Oct 15 20:03:44 ip-10-72-15-170 dbus-daemon[383]: dbus[383]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.98" (uid=1000 pid=19645 comm="systemctl start httpd.service ") interface="org.freedesktop.systemd1.Manager" member="StartUnit" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/usr/lib/systemd/systemd --log-level info --log-ta")
Oct 15 20:03:44 ip-10-72-15-170 dbus[383]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.98" (uid=1000 pid=19645 comm="systemctl start httpd.service ") interface="org.freedesktop.systemd1.Manager" member="StartUnit" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/usr/lib/systemd/systemd --log-level info --log-ta")
Oct 15 20:03:50 ip-10-72-15-170 httpd[19650]: httpd: Could not open configuration file /etc/httpd/conf/httpd.conf: Permission denied
Oct 15 20:03:50 ip-10-72-15-170 TIFIER=systemd[1]: httpd.service: control process exited, code=exited status=1
Oct 15 20:03:50 ip-10-72-15-170 TIFIER=systemd[1]: Unit httpd.service entered failed state.

However, I don’t understand why Apache can’t read its own conf file, since the permissions appear to be correct:

[ec2-user@ec2-host ~]$ ls -lah /etc/httpd/conf/httpd.conf
-rw-rw-r--. 1 apache apache 7.3K Oct 15 19:14 /etc/httpd/conf/httpd.conf

What’s going on here? How do I fix this permissions error?

My answer:


I just installed httpd on my Fedora 17 box to see what the problem might be.

So you’ve got two issues:

  1. The files are owned by root, not apache.
  2. You probably are getting hit by SELinux denials (you didn’t post anything from your /var/log/audit/audit.log though).

Your system should look like:

drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 /etc/httpd
drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 /etc/httpd/conf
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 /etc/httpd/conf/httpd.conf

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.