Permission denied because search permissions are missing on a component of the path and previous suggestions don't work

Charles Belov asked:

I’m getting the message:

Permission denied because search permissions are missing on a component of the path.

On a directory outside of the document root that I’ve aliased in httpd.conf, and have been stuck on how to get the permissions granted.

This post led me down some interesting paths, but no complete solution. Redhat Linux current version and Apache 2.4.

Here is my httpd.conf file:

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/var/www/html"

<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>

<Directory "/var/www/html">
    Options FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

<Directory "/home/[redacted]/ssd_pdf/">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

<IfModule alias_module>
    Alias /drawings/ /home/[username]/ssd_pdf/
</IfModule>

In my browser location bar, I request:

https://[domain]/drawings/[directory immediately under ssd_pdf]/[next directory down]/[file name].pdf

I get 403 Forbidden.

ssl_error_log shows the message:

[Fri Feb 09 19:30:12.712987 2018] [core:error] [pid 11512] (13)Permission denied: [client [my IP address]:18740] AH00035: access to /drawings/[directory immediately under ssd_pdf]/[next directory down]/[file name].pdf denied (filesystem path '/home/[/username]/ssd_pdf') because search permissions are missing on a component of the path

All files in [next directory down] have permissions -rw-rw-r--. and security context unconfined_u:object_r:httpd_sys_content_t:s0

All directories in [directory immediately under ssd_pdf] have permissions drwxrwxr-x. and context unconfined_u:object_r:httpd_sys_content_t:s0

All directories in ssd_pdf directory have permissions drwxrwxr-x. and context unconfined_u:object_r:httpd_sys_content_t:s0

ssd_pdf has permissions drwxrwxr-x. and context unconfined_u:object_r:httpd_sys_content_t:s0

The parent directory, which is the user's home directory and outside of the alias, expectedly has permissions drwx------. and context unconfined_u:object_r:user_home_dir_t:s0

Why am I getting the Forbidden error message?

My answer:


You said:

The parent directory, which is the user’s home directory and outside of the alias, expectedly has permissions drwx——. and context unconfined_u:object_r:user_home_dir_t:s0

Why you say that’s “outside of the alias” is not clear. It is clearly the aliased directory:

<IfModule alias_module>
    Alias /drawings/ /home/[username]/ssd_pdf/
</IfModule>

Thus, since that directory doesn’t have search permssions, Apache can’t descend into it.

You will need to set at minimum a+x (or 711) on this directory.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.