Centos 7 Apache web server not using the new document root directory

MBiabanpour asked:

I have installed apache web server on my Centos 7, and I have enabled mod_ssl for it. But when I try to change its default document root to a new one (for example /home/user/public_html), it shows me a 403 Forbidden page. I think maybe it’s because of the permissions on the directory, but I don’t know what to do with it and how to change it. What should I do now? Any help is really appreciated.

My answer:

Don’t put document roots in user home directories. This is unsafe for a variety of reasons, and SELinux by default will not permit the web server to read files in user home directories. Use a directory that SELinux recognizes, such as /srv/www, create directories under that for each virtual host, and give them appropriate permissions and ACLs for the users that must access the content.

If for some reason you can’t follow good practices and must have the web server read content from user home directories, you can set the httpd_read_user_content boolean.

setsebool -P httpd_read_user_content 1

But note that, again for security, SELinux will never permit writing to user home directories, so web application functions that expect to write content (e.g. user uploads) will not work. Under another directory such as /srv/www, directories which must be writable can be given the type httpd_sys_rw_content_t.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.