Hello,
I recently installed CentOS 6.4 64-Bit on my PC and I am trying to start httpd but I get the following error.
I installed httpd via yum and ran the following command
[code]#service httpd start
Starting httpd: httpd.worker: Could not open configuration file /etc/httpd/conf/httpd.conf: Permission denied[/code]
I enabled the httpd.worer in /etc/sysconfig/httpd file.
Any help please.
Thanks,
Noorul
Cannot start httpd - Perminssion Denied
Re: Cannot start httpd - Perminssion Denied
This looks to be permission problem. Can the user that is running httpd process access the /etc/httpd/conf/httpd.conf file? Check the permissions of this file.
Re: Cannot start httpd - Perminssion Denied
Post the output of
[code]
ls -laZ /etc/httpd/conf/httpd.conf
[/code]
[code]
ls -laZ /etc/httpd/conf/httpd.conf
[/code]
Re: Cannot start httpd - Perminssion Denied SOLVED
I had this exact problem on centos 5.10 - turns out selinux was on. Disabling selinux let httpd start up right.
Re: Cannot start httpd - Perminssion Denied
Disabling selinux is almost never the right answer. If it won't start with selinux enabled then something is configured wrong, most likely you have a mislabeled file or directory or you've attempted to use a non-standard docroot and have not set up rules using semanage to assign the correct labels to the files and directories in the new location.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Cannot start httpd - Perminssion Denied
Some fun reading on selinux (echoing TrevorH's admonition):
“Stop disabling SELinux!”: http://tag1consulting.com/blog/stop-disabling-selinux
I have run into a similar problem with apache and selinux before. As TrevorH mentions it is best not to disable it if security is any kind of a concern. SELinux is somewhat like iptables & other firewalls in that if you poke the correct holes everything should work fine.
To set SELinux to allow network web traffic:
Check if SELinux is on and enforcing: getenforce (type 'setenforce 1' if not)
Check your current httpd settings: getsebool -a | grep httpd
Set selinux to allow httpd access to network: setsebool -P httpd_can_network_connect 1
That last command should immediately allow httpd to network connect after it is set. Your problem looks like it's a little different than web traffic not being able to transmit, but you can google around for the correct value for httpd (like the one above) that you need to poke the hole for. You will need the httpd_can_network_connect value set to 1 in any case if running httpd with selinux enabled.
TrevorH also mentions the docroot, which I think is refering to selinux's default security contexts. In the process of trying to allow mysqld to binlog to a custom directory once, I had to learn how to create a custom selinux security context. My two options were A) change the security context of a custom directory location, or B) move files into an existing directory in the selinux's default security context. I chose A for that particular instance.
From my notes for my bin logging/selinux scenario:
A) How to change the selinux security context for a mysql related directory (you can extrapolate):
http://phe1129.wordpress.com/2012/04/02 ... n-selinux/ (uses the 'chcon' selinux command)
B) Some people just place the binlog directory under /var/lib/mysql to avoid the selinux security context problem in the first place: http://bugs.mysql.com/bug.php?id=65413
“Stop disabling SELinux!”: http://tag1consulting.com/blog/stop-disabling-selinux
I have run into a similar problem with apache and selinux before. As TrevorH mentions it is best not to disable it if security is any kind of a concern. SELinux is somewhat like iptables & other firewalls in that if you poke the correct holes everything should work fine.
To set SELinux to allow network web traffic:
Check if SELinux is on and enforcing: getenforce (type 'setenforce 1' if not)
Check your current httpd settings: getsebool -a | grep httpd
Set selinux to allow httpd access to network: setsebool -P httpd_can_network_connect 1
That last command should immediately allow httpd to network connect after it is set. Your problem looks like it's a little different than web traffic not being able to transmit, but you can google around for the correct value for httpd (like the one above) that you need to poke the hole for. You will need the httpd_can_network_connect value set to 1 in any case if running httpd with selinux enabled.
TrevorH also mentions the docroot, which I think is refering to selinux's default security contexts. In the process of trying to allow mysqld to binlog to a custom directory once, I had to learn how to create a custom selinux security context. My two options were A) change the security context of a custom directory location, or B) move files into an existing directory in the selinux's default security context. I chose A for that particular instance.
From my notes for my bin logging/selinux scenario:
A) How to change the selinux security context for a mysql related directory (you can extrapolate):
http://phe1129.wordpress.com/2012/04/02 ... n-selinux/ (uses the 'chcon' selinux command)
B) Some people just place the binlog directory under /var/lib/mysql to avoid the selinux security context problem in the first place: http://bugs.mysql.com/bug.php?id=65413